[Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup ( JoWood X-Prot v1.5.9.49 protection scheme)

wine-bugs at winehq.org wine-bugs at winehq.org
Mon Jun 5 13:49:54 CDT 2017 

https://bugs.winehq.org/show_bug.cgi?id=41469

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |obfuscation
            Summary|'Ski Racing 2005 featuring  |'Ski Racing 2005 featuring
                   |Hermann Maier' crashes on   |Hermann Maier' crashes on
                   |startup                     |startup (JoWood X-Prot
                   |                            |v1.5.9.49 protection
                   |                            |scheme)
                 CC|                            |focht at gmx.net

--- Comment #21 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

confirming, crashes for me too.

It's most likely an issue with the software protection scheme used here.

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/JoWooD/Ski Racing 2005 Demo

$ WINEDEBUG=+tid,+seh,+relay wine ./SR2005_Demo.exe >>log.txt 2>&1
...
0039:Starting process L"C:\\Program Files\\JoWooD\\Ski Racing 2005
Demo\\SR2005_Demo.exe" (entryproc=0x69d080)
0039:Call KERNEL32.VirtualProtect(0033f564,000008c0,00000040,0069d056)
ret=0069dd30
0039:Ret  KERNEL32.VirtualProtect() retval=00000001 ret=0069dd30
0039:trace:seh:raise_exception code=c000001d flags=0 addr=0x69f927 ip=0069f927
tid=0039
0039:trace:seh:raise_exception  eax=73a70193 ebx=0033feb0 ecx=00063a00
edx=12345678 esi=0069e857 edi=006a0323
0039:trace:seh:raise_exception  ebp=002177bb esp=0033fdfc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
0039:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=c000001d
flags=0
0039:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0
0039:trace:seh:raise_exception code=80000004 flags=0 addr=0x69f839 ip=0069f839
tid=0039
0039:trace:seh:raise_exception  eax=4855d311 ebx=0033feb0 ecx=000639ff
edx=7f272775 esi=0069e857 edi=006a0323
0039:trace:seh:raise_exception  ebp=4243484b esp=0033fdfc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010206
0039:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=80000004
flags=0
0039:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0
0039:trace:seh:raise_exception code=c000001d flags=0 addr=0x69f927 ip=0069f927
tid=0039
0039:trace:seh:raise_exception  eax=06ec8094 ebx=0033feb0 ecx=00063800
edx=7f272775 esi=0069e857 edi=006a0323
0039:trace:seh:raise_exception  ebp=002177bb esp=0033fdfc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
0039:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=c000001d
flags=0
0039:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0
... 
0039:trace:seh:raise_exception code=80000004 flags=0 addr=0x69f839 ip=0069f839
tid=0039
0039:trace:seh:raise_exception  eax=0f28d5f8 ebx=0033feb0 ecx=000001ff
edx=5dcdea49 esi=0069e857 edi=006a0323
0039:trace:seh:raise_exception  ebp=4243484b esp=0033fdfc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0039:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=80000004
flags=0
0039:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0
0039:trace:seh:raise_exception code=80000004 flags=0 addr=0x6a0d75 ip=006a0d75
tid=0039
0039:trace:seh:raise_exception  eax=e60ff5fe ebx=0033feb0 ecx=00000000
edx=5dcdea49 esi=0069e857 edi=006a0323
0039:trace:seh:raise_exception  ebp=002177bb esp=0033fdfc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00000246
0039:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=80000004
flags=0
0039:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0
0039:trace:seh:raise_exception code=c0000005 flags=0 addr=0x6a1200 ip=006a1200
tid=0039
0039:trace:seh:raise_exception  info[0]=00000001
0039:trace:seh:raise_exception  info[1]=a71233f8
0039:trace:seh:raise_exception  eax=00000090 ebx=0033feb0 ecx=00000090
edx=ffeb8d88 esi=0069e857 edi=006a1200
0039:trace:seh:raise_exception  ebp=002177bb esp=0033fe24 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0039:trace:seh:call_stack_handlers calling handler at 0x7bcadc69 code=c0000005
flags=0
0039:Call KERNEL32.UnhandledExceptionFilter(0033f924) ret=7bcadca4
wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200
(thread 0039), starting debugger...
...
Backtrace:
=>0 0x006a1200 in sr2005_demo (+0x2a1200) (0x002177bb)
0x006a1200: rorb    %cl,0xa6f0bc3d(%ebp)

Modules:
Module    Address            Debug info    Name (14 modules)
PE      400000-  76c000    Export          sr2005_demo
ELF    7b400000-7b7f0000    Deferred        kernel32<elf>
  \-PE    7b420000-7b7f0000    \               kernel32
ELF    7bc00000-7bd0a000    Deferred        ntdll<elf>
  \-PE    7bc30000-7bd0a000    \               ntdll
ELF    7c000000-7c004000    Deferred        <wine-loader>
ELF    7ef88000-7efd6000    Deferred        libm.so.6
ELF    f73f3000-f73f8000    Deferred        libdl.so.2
ELF    f73f8000-f75c4000    Deferred        libc.so.6
ELF    f75c4000-f75e1000    Deferred        libpthread.so.0
ELF    f75e2000-f75f0000    Deferred        libnss_files.so.2
ELF    f760b000-f77c2000    Dwarf           libwine.so.1
ELF    f77c3000-f77e6000    Deferred        ld-linux.so.2
ELF    f77e8000-f77e9000    Deferred        [vdso].so
Threads:
process  tid      prio (all id:s are in hex)
...
00000038 (D) C:\Program Files\JoWooD\Ski Racing 2005 Demo\SR2005_Demo.exe
    00000039    0 <==
--- snip ---

Protection ID scan:

--- snip ---
-=[ ProtectionID v0.6.8.5 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/16-13:09:21
Ready...
Scanning -> C:\Program Files\JoWooD\Ski Racing 2005 Demo\SR2005_Demo.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 2068480 (01F9000h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x000030BB -> Thu 01st Jan 1970 03:27:55 (GMT)
[!] Warning - FileAlignment seems wrong.. is 0x00001000, calculated 0x00000400
[TimeStamp] 0x000030BB -> Thu 01st Jan 1970 03:27:55 (GMT) | PE Header | - |
Offset: 0x00000108 | VA: 0x00400108 | -
[File Heuristics] -> Flag #1 : 00000000000000001100000000110011 (0x0000C033)
[Entrypoint Section Entropy] : 8.00 (section #3) ".dcrtext" | Size : 0x67000
(421888) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 8 (0x8) | ImageSize 0x36C000 (3588096) byte(s)
[ModuleReport] [IAT] Modules -> kernel32.dll
[!] JoWood X-Prot v1.5.9.49 detected !
- Scan Took : 0.439 Second(s) [0000001B7h (439) tick(s)] [506 of 580 scan(s)
done]
--- snip --- 

The large number of single step (hwbp) and invalid instruction exceptions in
the trace log are normal (except the last one), they are part of section
decrypt mechanism.
It decrypts the first part in (top down) and when doing the next part it
encounters invalid opcodes in the decrypt continuation which ought to be
decrypted during first part.

The screenshot from Windows VM (comment #18) also points to same area.
There are some reports on Internet claiming this game is incompatible with
newer Windows versions (Vista+).
It should run on Windows XP though (originally stated by vendor).

It would be interesting to see Louis' (comment #2) machine specs where this
game is reported to run on.
Which distro, gcc version, Wine version (vanilla), flags used to build...

$ sha1sum SkiRacing2005-Demo-Setup1.exe 
d7684789b7de45fb909fc11846f5a1f24fd7d7cc  SkiRacing2005-Demo-Setup1.exe

$ du -sh SkiRacing2005-Demo-Setup1.exe 
42M    SkiRacing2005-Demo-Setup1.exe

$ wine --version
wine-2.9-147-ge5733e7cd4

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list