[Bug 37540] VCDS v12/v14 crashes on startup (Enigma Protector v4.0 DRM scheme incompatible with use of position independent code (PIC) in Wine dlls)

wine-bugs at winehq.org wine-bugs at winehq.org
Fri May 22 03:22:14 CDT 2015


https://bugs.winehq.org/show_bug.cgi?id=37540

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |obfuscation
             Status|UNCONFIRMED                 |NEW
                 CC|                            |focht at gmx.net
            Summary|VCDS crashes                |VCDS v12/v14 crashes on
                   |                            |startup (Enigma Protector
                   |                            |v4.0 DRM scheme
                   |                            |incompatible with use of
                   |                            |position independent code
                   |                            |(PIC) in Wine dlls)
     Ever confirmed|0                           |1

--- Comment #6 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming.

The app is wrapped with Enigma Protector v4.0 DRM scheme.

--- snip ---
-=[ ProtectionID v0.6.6.7 DECEMBER]=-
(c) 2003-2015 CDKiLLER & TippeX
Build 24/12/14-22:48:13
Ready...
Scanning -> C:\Ross-Tech\VCDS\VCDS.EXE
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 2449664 (0256100h)
Byte(s)
Compilation TimeStamp : 0x54FEFA42 -> Tue 10th Mar 2015 14:05:54 (GMT)
[TimeStamp] 0x54FEFA42 -> Tue 10th Mar 2015 14:05:54 (GMT) | PE Header | - |
Offset: 0x00000110 | VA: 0x00400110 | -
-> File Appears to be Digitally Signed @ Offset 0253E00h, size : 02300h / 08960
byte(s)
[File Heuristics] -> Flag #1 : 00000000000001001100000100100110 (0x0004C126)
[Entrypoint Section Entropy] : 8.00 (section #0) "        " | Size : 0x62A00
(403968) byte(s)
[DllCharacteristics] -> Flag : (0x8000) -> TSA
[SectionCount] 7 (0x7) | ImageSize 0x4BED000 (79613952) byte(s)
[Export] 0% of function(s) (0 of 1) are in file | 0 are forwarded | 0 code | 0
data | 0 uninit data | 0 unknown | 
[VersionInfo] Company Name : Ross-Tech. LLC
[VersionInfo] Product Name : VCDS
[VersionInfo] Product Version : 1410.2
[VersionInfo] File Description : VCDS
[VersionInfo] File Version : 1410.2
[VersionInfo] Original FileName : VCDS.EXE
[VersionInfo] Internal Name : VCDS
[VersionInfo] Version Comments : VAG-COM Diagnostic System
[VersionInfo] Legal Copyrights : Copyright (C) 2000-2015 Ross-Tech LLC/Uwe Ross
[!] Enigma Protector v4.0 Build 2015/03/10 14:13:52 detected !
[!] Protected with a Company license (2)
[i] File Analyser Deception feature usage
[i] fake signature: Microsoft Visual C++
- Scan Took : 0.888 Second(s) [000000378h (888) tick(s)] [499 of 573 scan(s)
done]
--- snip ---

Unfortunately the way this DRM crap works is incompatible with Wine.

The protector code makes a full copy of relevant win32 API entries and uses
indirect calls to those copied chunks, bypassing IAT.
This can't work with PIC code where all GOT items require the constant offset
to GOT to stay intact.

Likely a dupe of already existing bugs, such as bug 22600 or bugs from other
DRM schemes doing the same thing.

IMHO a WONTFIX (or dupe of a WONTFIX).

$ sha1sum VCDS-Release-14.10.2-Installer.exe 
fc14448c0b229407bae2f97ae2fbeef879875ffe  VCDS-Release-14.10.2-Installer.exe

$ du -sh VCDS-Release-14.10.2-Installer.exe 
24M    VCDS-Release-14.10.2-Installer.exe

$ wine --version
wine-1.7.43-105-g9586d3b

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.



More information about the wine-bugs mailing list