[Bug 32678] HQ Photo Resizer 5.x fails to start, reports corrupted or inaccessible Sandbox (XenoCode Postbuild 2009)('NtSetInformationFile' class 'FileRenameInformation' support missing)

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Jul 29 15:30:22 CDT 2015 

https://bugs.winehq.org/show_bug.cgi?id=32678

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |obfuscation
             Status|UNCONFIRMED                 |RESOLVED
                 CC|                            |focht at gmx.net
          Component|-unknown                    |ntdll
         Resolution|---                         |DUPLICATE
            Summary|HQ Photo Resizer: Fails to  |HQ Photo Resizer 5.x fails
                   |start                       |to start, reports corrupted
                   |                            |or inaccessible Sandbox
                   |                            |(XenoCode Postbuild
                   |                            |2009)('NtSetInformationFile
                   |                            |' class
                   |                            |'FileRenameInformation'
                   |                            |support missing)

--- Comment #6 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

dupe of bug 30399

--- snip ---
-=[ ProtectionID v0.6.6.7 DECEMBER]=-
(c) 2003-2015 CDKiLLER & TippeX
Build 24/12/14-22:48:13
Ready...
Scanning -> C:\Program Files\High Quality Photo Resizer\Resizer.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 1578503 (0181607h)
Byte(s)
Compilation TimeStamp : 0x52076A55 -> Sun 11th Aug 2013 10:41:25 (GMT)
[TimeStamp] 0x52076A55 -> Sun 11th Aug 2013 10:41:25 (GMT) | PE Header | - |
Offset: 0x00000088 | VA: 0x00400088 | -
-> File has 1549831 (017A607h) bytes of appended data starting at offset 07000h
[File Heuristics] -> Flag #1 : 00000000000001001000000000000100 (0x00048004)
[Entrypoint Section Entropy] : 6.37 (section #0) ".text   " | Size : 0x3A4E
(14926) byte(s)
[DllCharacteristics] -> Flag : (0x8000) -> TSA
[SectionCount] 6 (0x6) | ImageSize 0x6C000 (442368) byte(s)
[VersionInfo] Company Name : Naturpic Software
[VersionInfo] Product Name : High Quality Photo Resizer
[VersionInfo] Product Version : 5.05
[VersionInfo] File Version : 5.05
[VersionInfo] Original FileName : Resizer.exe
[VersionInfo] Internal Name : Resizer
[VersionInfo] Legal Copyrights : Copyright (C) 2006-2013 Naturpic Software. All
rights Reserved.
[!] XenoCode Postbuild 2009 detected !
[CdKeySerial] found "Invalid code" @ VA: 0x00001E70 / Offset: 0x00001270
- Scan Took : 0.327 Second(s) [000000147h (327) tick(s)] [558 of 573 scan(s)
done]
--- snip ---

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/High Quality Photo Resizer

$ WINEDEBUG=+tid,+seh,+relay wine ./Resizer.exe >>log.txt 2>&1
...
003c:Call ntdll.RtlInitUnicodeString(0032f2b8,00651ed8
L"\\??\\C:\\users\\focht\\Local Settings\\Application
Data\\Spoon\\Sandbox\\High Quality Photo Resizer\\5.05") ret=003687e0
003c:Ret  ntdll.RtlInitUnicodeString() retval=0032f2b8 ret=003687e0
003c:Call
ntdll.NtOpenFile(0032f25c,00100000,0032f278,0032f2a8,00000007,00000021)
ret=00368846
003c:Ret  ntdll.NtOpenFile() retval=00000000 ret=00368846
003c:Call ntdll.NtClose(00000070) ret=003875d7
003c:Ret  ntdll.NtClose() retval=00000000 ret=003875d7
003c:Call
ntdll.NtSetInformationFile(00000074,0032f358,0053d360,000000ec,0000000a)
ret=00368ae8
003c:fixme:ntdll:NtSetInformationFile Unsupported class (10)
003c:Ret  ntdll.NtSetInformationFile() retval=c0000002 ret=00368ae8
...
003c:Call ntdll.RtlInitUnicodeString(0032f350,00651c08
L"\\??\\C:\\users\\focht\\Local Settings\\Application
Data\\Spoon\\Sandbox\\High Quality Photo Resizer\\5.05\\xsandbox.bin.__tmp__")
ret=00368b37
003c:Ret  ntdll.RtlInitUnicodeString() retval=0032f350 ret=00368b37
003c:Call
ntdll.NtOpenFile(0032f324,00110100,0032f338,0032f314,00000007,00000020)
ret=0036946f
003c:Ret  ntdll.NtOpenFile() retval=00000000 ret=0036946f
003c:Call
ntdll.NtSetInformationFile(00000070,0032f31c,0032f2e8,00000028,00000004)
ret=003694ab
003c:Ret  ntdll.NtSetInformationFile() retval=00000000 ret=003694ab
003c:Call
ntdll.NtSetInformationFile(00000070,0032f31c,0032f337,00000001,0000000d)
ret=003694c4
003c:fixme:ntdll:NtSetInformationFile Unsupported class (13)
003c:Ret  ntdll.NtSetInformationFile() retval=c0000002 ret=003694c4
003c:Call ntdll.NtClose(00000070) ret=003875d7
003c:Ret  ntdll.NtClose() retval=00000000 ret=003875d7
...
003c:Call user32.MessageBoxW(00000000,00651a18 L"The sandbox at
\\??\\C:\\users\\focht\\Local Settings\\Application Data\\Spoon\\Sandbox\\High
Quality Photo Resizer\\5.05 is corrupt or inaccessible.  Please check the
location and try again.",0064d678 L"High Quality Photo Resizer",00000010)
ret=003bcb13 
...
003c:Ret  user32.MessageBoxW() retval=00000001 ret=003bcb13
...
003c:Call KERNEL32.TerminateProcess(ffffffff,ffffffff) ret=003a7efd
--- snip ---

Tidbit (+debugstr/debugger):

--- snip ---
ERROR: 0xC0000002, VMAPICALL(VmMoveFile(_hFile, _sFullPath))
ERROR: 0xD0000002, In call: pStmSandboxFile->Commit()
ERROR: 0x8007FF04, In call:
CSandbox::InitializeSandbox(CProcessSettings::VmFlagSet(eDeleteSandbox),
fCheckSandboxSpace, cMinSandboxSpaceAvail)
ERROR: 0x8007FF04, In call: g_vm.EssentialInit( hEntry, hBootstrapFileMapping,
cbFileSize, cbOffsetPayload, pbProcessBlock, pbApplicationBlock)
--- snip ---

$ sha1sum prsetup.zip 
f35b3607d80d1e810af370d7d6cc8e8ba00f342f  prsetup.zip

$ du -sh prsetup.zip
2.8M    prsetup.zip

$ wine --version
wine-1.7.48

Regards

*** This bug has been marked as a duplicate of bug 30399 ***

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list