[Bug 30847] 2009Decoder v2.0.0.21 crashes on startup (noexec filesystem)

wine-bugs at winehq.org wine-bugs at winehq.org
Tue Nov 10 06:53:25 CST 2015 

https://bugs.winehq.org/show_bug.cgi?id=30847

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |INVALID
            Summary|2009 Decoder: crashes when  |2009Decoder v2.0.0.21
                   |being started               |crashes on startup (noexec
                   |                            |filesystem)

--- Comment #3 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

your backtrace shows it directly crashes at the first instruction in app entry
point:

--- snip ---
Unhandled exception: page fault on read access to 0x004810d3 in 32-bit code
(0x004810d3).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:004810d3 ESP:0032fe74 EBP:0032fe88 EFLAGS:00010212(  R- --  I   -A- - )
 EAX:00000000 EBX:7b894ff4 ECX:0032fef0 EDX:0032fef0
 ESI:7ffdf000 EDI:004810d3
...
Backtrace:
=>0 0x004810d3 EntryPoint() in 2009decoder (0x0032fe88)
  1 0x7b85af4f in kernel32 (+0x4af4e) (0x0032fec8)
  2 0x7bc71da0 call_thread_func_wrapper+0xb() in ntdll (0x0032fed8)
  3 0x7bc7485d call_thread_func+0x7c() in ntdll (0x0032ffa8)
  4 0x7bc71d7e RtlRaiseException+0x21() in ntdll (0x0032ffc8)
  5 0x7bc49f4e call_dll_entry_point+0x61d() in ntdll (0x0032ffe8)
0x004810d3 EntryPoint in 2009decoder: call    0x0048baef
Modules:
Module    Address            Debug info    Name (108 modules)
PE      400000-  a56000    Export          2009decoder
ELF    7b800000-7ba15000    Dwarf           kernel32<elf>
  \-PE    7b810000-7ba15000    \               kernel32
ELF    7bc00000-7bcc3000    Dwarf           ntdll<elf>
  \-PE    7bc10000-7bcc3000    \               ntdll
...
Threads:
process  tid      prio (all id:s are in hex)
00000008 (D) E:\2009Decoder_2.0.0.15\2009Decoder.exe
    00000009    0 <==
--- snip ---

Entry point disassembly:

--- snip ---
004810D3   E8 17AA0000      CALL 2009Deco.0048BAEF
004810D8   E9 17FEFFFF      JMP 2009Deco.00480EF4
004810DD   55               PUSH EBP
004810DE   8BEC             MOV EBP,ESP
004810E0   56               PUSH ESI
004810E1   8B75 14          MOV ESI,DWORD PTR SS:[EBP+14]
004810E4   57               PUSH EDI
004810E5   33FF             XOR EDI,EDI
004810E7   3BF7             CMP ESI,EDI
004810E9   75 04            JNZ SHORT 2009Deco.004810EF
004810EB   33C0             XOR EAX,EAX
...
--- snip ---

ProtectionID scan:

--- snip ---
-=[ ProtectionID v0.6.6.7 DECEMBER]=-
(c) 2003-2015 CDKiLLER & TippeX
Build 24/12/14-22:48:13
Ready...
Scanning -> Z:\home\focht\Downloads\OTRDecoder_2.0.0.21\2009Decoder.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 6619136 (0650000h)
Byte(s)
Compilation TimeStamp : 0x4E550422 -> Wed 24th Aug 2011 14:01:06 (GMT)
[TimeStamp] 0x4E550422 -> Wed 24th Aug 2011 14:01:06 (GMT) | PE Header | - |
Offset: 0x00000108 | VA: 0x00400108 | -
[!] Executable uses SEH Tables (/SAFESEH) (1552 calculated 1552 recorded... 0
invalid addresses) 
[File Heuristics] -> Flag #1 : 00000000000000001000000000000000 (0x00008000)
[Entrypoint Section Entropy] : 6.50 (section #0) ".text   " | Size : 0x2CB9D8
(2931160) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 4 (0x4) | ImageSize 0x656000 (6643712) byte(s)
[VersionInfo] Company Name : © onlinetvrecorder.com
[VersionInfo] Product Name : OTR Decoder
[VersionInfo] Product Version : 2.0.0.21
[VersionInfo] File Description : Decoder for decoding of otrkey and omrkey
files 
[VersionInfo] File Version : 2.0.0.21
[VersionInfo] Original FileName : 2009Decoder.exe
[VersionInfo] Internal Name : OTR Decoder
[VersionInfo] Legal Copyrights : Copyright © 2006 - 2011.  All rights reserved.
[CompilerDetect] -> Visual C++ 8.0 (Visual Studio 2005)
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 1.242 Second(s) [0000006DEh (1758) tick(s)] [499 of 573 scan(s)
done]
--- snip ---

There is some discrepancy here.

Your backtrace tells: 2009Decoder_2.0.0.15
You provide 'OTRDecoder_2.0.0.21.zip' which obviously contains OTRDecoder
v2.0.0.21

Anyway, the executable looks fine. No loader trickery.

But this is suspicious: 'E:\2009Decoder_2.0.0.15\2009Decoder.exe'

Since you didn't provide any information where your drive 'E:' is mapped to I
must assume it was mounted with 'noexec' option which of course explains the
crash in entry point.

This is a big NO-NO. Don't do this.

$ sha1sum OTRDecoder_2.0.0.21.zip
1a074da453da1a329513ac491f752db4ddc3b7d2  OTRDecoder_2.0.0.21.zip

$ du -sh OTRDecoder_2.0.0.21.zip
2.0M    OTRDecoder_2.0.0.21.zip

$ wine --version
wine-1.7.54-212-gf97ac58

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list