[Bug 32786] Happy Foto Designer 5.4 crashes on startup, reporting 'invalid pointer operation'
wine-bugs at winehq.org
wine-bugs at winehq.org
Tue Sep 29 10:45:17 CDT 2015
https://bugs.winehq.org/show_bug.cgi?id=32786
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |download, obfuscation
Status|UNCONFIRMED |NEW
URL| |http://downloadsweb01.poi.d
| |e/HappyFoto/Windows/DE/Happ
| |yFoto-Designer.exe
CC| |focht at gmx.net
Component|-unknown |gdiplus
Summary|HappyFotoDesigner.exe does |Happy Foto Designer 5.4
|not start |crashes on startup,
| |reporting 'invalid pointer
| |operation'
Ever confirmed|0 |1
--- Comment #9 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
the original 'windowscodecs' problem is likely gone.
Unfortunately an old app version is no longer available for reproducing.
Anyway, the current version still exhibits a problem on startup, albeit
'gdiplus' related.
Rechristening the ticket.
Trace log with "loader" stage skipped (via command line args):
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/HappyFoto-Designer
$ WINEDEBUG=+tid,+seh,+loaddll,+gdiplus,+msgbox,+resource wine
./HappyFoto-Designer.exe o9i7 o9i7 >>log.txt 2>&1
...
0027:trace:gdiplus:graphics_from_image <-- 0x1ce02b0
0027:trace:gdiplus:GdipSetInterpolationMode (0x1ce02b0, 5)
0027:trace:gdiplus:GdipSetCompositingMode (0x1ce02b0, 1)
0027:trace:gdiplus:GdipDrawImageRectRectI (0x1ce02b0, 0x2061420, 0, 0, 15, 14,
101, 364, 15, 14, 2, (nil), (nil), (nil))
0027:trace:gdiplus:GdipDrawImagePointsRect (0x1ce02b0, 0x2061420, 0x33f600, 3,
101.000000, 364.000000, 15.000000, 14.000000, 2, (nil), (nil), (nil))
0027:trace:gdiplus:GdipDrawImagePointsRect (0.00,0.00) (15.00,0.00)
(0.00,14.00)
0027:trace:gdiplus:GdipScaleMatrix (0x33f2dc, 1.00, 1.00, 1)
0027:trace:gdiplus:GdipTransformMatrixPoints (0x33f2dc, 0x33f474, 4)
0027:trace:gdiplus:GdipDrawImagePointsRect (0,0) (15,0) (0,14) (15,14)
0027:trace:gdiplus:GdipDrawImagePointsRect src pixels: 101.000000,364.000000
15.000000x14.000000
0027:trace:gdiplus:GdipDrawImagePointsRect graphics: 96.00x96.00 dpi, fmt
0xe200b, scale 1.000000, image: 96.00x96.00 dpi, fmt 0x26200a, color 00000000
0027:trace:gdiplus:GdipGetImageBounds 0x20634f0 0x33f424 0x33f2dc
0027:trace:gdiplus:GdipGetImageBounds returning (0.000000, 0.000000)
(15.000000, 14.000000) unit type 2
0027:trace:gdiplus:GdipDrawImagePointsRect dst_area: (0,0)-(15,14)
0027:trace:gdiplus:GdipSetMatrixElements (0x33f3fc, 1.00, 0.00, 0.00, 1.00,
-101.00, -364.00)
0027:trace:gdiplus:GdipInvertMatrix (0x33f3fc)
0027:trace:gdiplus:GdipIsMatrixInvertible (0x33f3fc, 0x33f2c8)
0027:trace:gdiplus:GdipDrawImagePointsRect src_area: 15 x 14
0027:trace:gdiplus:GdipBitmapLockBits 0x2061420 0x33f414 5 0x26200a 0x33f3e4
0027:trace:gdiplus:GdipBitmapUnlockBits (0x2061420,0x33f3e4)
0027:trace:gdiplus:GdipGetRegionHRgn (0x205b3a0, (nil), 0x33f288)
0027:trace:gdiplus:GdipDeleteGraphics (0x1ce02b0)
0027:trace:gdiplus:GdipDeleteRegion 0x205b3a0
0027:trace:gdiplus:GdipGetImageWidth 0x20634f0 0x23197b0
0027:trace:gdiplus:GdipGetImageWidth returning 15
0027:trace:gdiplus:GdipGetImageHeight 0x20634f0 0x23197b4
0027:trace:gdiplus:GdipGetImageHeight returning 14
0027:trace:resource:FindResourceExW 0x400000 #000a L"RIBBONBLUE" 0000
0027:trace:resource:LdrFindResource_U module 0x400000 type #000a name
L"RIBBONBLUE" lang 0000 level 3
0027:trace:resource:find_entry_by_id root 0x131c000 dir 0x131c000 id 000a ret
0x131ce10
0027:trace:resource:find_entry_by_name root 0x131c000 dir 0x131ce10 name
L"RIBBONBLUE" ret 0x131fdb0
0027:trace:resource:find_entry_by_id root 0x131c000 dir 0x131fdb0 id 0000 not
found
0027:trace:resource:find_entry_by_id root 0x131c000 dir 0x131fdb0 id 0409 not
found
0027:trace:resource:find_entry_by_id root 0x131c000 dir 0x131fdb0 id 0009 not
found
0027:trace:resource:LoadResource 0x400000 0x1322cd0
0027:trace:gdiplus:GdipDisposeImage 0x2061420
0027:trace:seh:raise_exception code=eedfade flags=1 addr=0x7b845d61 ip=7b845d61
tid=0027
0027:trace:seh:raise_exception info[0]=0070ff93
0027:trace:seh:raise_exception info[1]=01d999f8
0027:trace:seh:raise_exception info[2]=0070ff93
0027:trace:seh:raise_exception info[3]=0070ff93
0027:trace:seh:raise_exception info[4]=00000000
0027:trace:seh:raise_exception info[5]=0033f720
0027:trace:seh:raise_exception info[6]=0033f708
0027:trace:seh:raise_exception eax=7b832afd ebx=0070ff93 ecx=0000001c
edx=0033f684 esi=0070ff93 edi=00000000
0027:trace:seh:raise_exception ebp=0033f6c8 esp=0033f664 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00000287
...
0027:trace:msgbox:MSGBOX_OnInit L"Ung\00fcltige Zeigeroperation"
--- snip ---
'winetricks -q gdiplus' works around.
>From brief look it seems the app is really deep into gdiplus for whatever
reasons.
At the point of the Delphi exception being raised I see that 'GdipFree' entry
point was hooked and subsequently called due to Wine 'GdipDisposeImage'
implementation:
Source:
https://source.winehq.org/git/wine.git/blob/f78a6dd15c85f374a841427d7edce7427e5bbb87:/dlls/gdiplus/image.c#l2160
--- snip ---
2160 GpStatus WINGDIPAPI GdipDisposeImage(GpImage *image)
2161 {
2162 GpStatus status;
2163
2164 TRACE("%p\n", image);
2165
2166 status = free_image_data(image);
2167 if (status != Ok) return status;
2168 image->type = ~0;
2169 GdipFree(image);
2170
2171 return Ok;
2172 }
--- snip ---
'gdiplus.GdipDisposeImage' -> 'gdiplus.GdipFree' -> app hook -> looks at bytes
preceeding the memory chunk (-4 bytes -> heap magic) -> throw.
My guess would be the app relies on internal implementation details of MS
'gdiplus' API to work properly.
ProtectionID scan for documentation:
--- snip ---
-=[ ProtectionID v0.6.6.7 DECEMBER]=-
(c) 2003-2015 CDKiLLER & TippeX
Build 24/12/14-22:48:13
Ready...
Scanning -> C:\Program Files\HappyFoto-Designer\HappyFoto-Designer.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 17882208 (0110DC60h)
Byte(s)
Compilation TimeStamp : 0x5559B1EC -> Mon 18th May 2015 09:33:32 (GMT)
[TimeStamp] 0x5559B1EC -> Mon 18th May 2015 09:33:32 (GMT) | PE Header | - |
Offset: 0x00000108 | VA: 0x00400108 | -
-> File Appears to be Digitally Signed @ Offset 0110C600h, size : 01660h /
05728 byte(s)
[File Heuristics] -> Flag #1 : 00000000000001001100000000100101 (0x0004C025)
[Entrypoint Section Entropy] : 6.36 (section #1) ".itext " | Size : 0xB47C
(46204) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 9 (0x9) | ImageSize 0x111D000 (17944576) byte(s)
[VersionInfo] Company Name : IP Labs GmbH
[VersionInfo] Product Version : 5
[VersionInfo] File Description : Happy Foto Designer
[VersionInfo] File Version : 5.4.8.1
[VersionInfo] Internal Name : IP Labs PhotoGenie
[VersionInfo] Version Comments : Developed 2015 by ip.labs GmbH. Bonn
(www.iplabs.de)
[VersionInfo] Legal Copyrights : Copyright (C) 2015 by ip.labs GmbH
[CdKeySerial] found "Unregistered" @ VA: 0x0015F33D / Offset: 0x0015E73D
[CdKeySerial] found "SerialNumber" @ VA: 0x004D4F5D / Offset: 0x004D435D
[CdKeySerial] found "Invalid code" @ VA: 0x00EB92CA / Offset: 0x00EB78CA
[CdKeySerial] found "Invalid code" @ VA: 0x00EB9317 / Offset: 0x00EB7917
[CdKeySerial] found "Invalid code" @ VA: 0x00EC5BBB / Offset: 0x00EC41BB
[CdKeySerial] found "Invalid code" @ VA: 0x00EC5BEE / Offset: 0x00EC41EE
[CdKeySerial] found "Serial Number" @ VA: 0x0108AE8A / Offset: 0x0107B08A
[CdKeySerial] found "Serial Number" @ VA: 0x0108B639 / Offset: 0x0107B839
[CompilerDetect] -> Borland Delphi (unknown version) - 99% probability
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 4.766 Second(s) [00000108Ah (4234) tick(s)] [499 of 573 scan(s)
done]
--- snip ---
$ sha1sum HappyFoto-Designer.exe
a2e45c0bb64c4329f7f8ab4e879c93c63113775c HappyFoto-Designer.exe
$ du -sh HappyFoto-Designer.exe
302M HappyFoto-Designer.exe
$ wine --version
wine-1.7.51-201-g60d1d6f
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list