[Bug 15999] Anycount 5.0 does not run (Themida v1.8.1.0 protection scheme)

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Apr 22 08:03:33 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=15999

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Anycount 5.0 does not run   |Anycount 5.0 does not run
                   |(Themida protected)         |(Themida v1.8.1.0
                   |                            |protection scheme)
           Hardware|Other                       |x86-64
           Keywords|                            |obfuscation

--- Comment #11 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

revisiting.

Just refreshing some old information, the overall status is still 'WONTFIX'.

--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> C:\Program Files (x86)\AnyCount 5.0\AnyCount.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 3688960 (0384A00h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x2A425E19 -> Fri 19th Jun 1992 22:22:17 (GMT)
[TimeStamp] 0x2A425E19 -> Fri 19th Jun 1992 22:22:17 (GMT) | PE Header | - |
Offset: 0x00000108 | VA: 0x00400108 | -
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000000000001001100000100000001 (0x0004C101)
[Entrypoint Section Entropy] : 7.76 (section #3) "irtue   " | Size : 0x139E00
(1285632) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 4 (0x4) | ImageSize 0x8D6000 (9265152) byte(s)
[Export] 100% of function(s) (1 of 1) are in file | 0 are forwarded | 0 code |
1 data | 0 uninit data | 0 unknown | 
[VersionInfo] Company Name : Advanced International Translations
[VersionInfo] Product Name : AnyCount
[VersionInfo] Product Version : 5.0.0.548
[VersionInfo] File Description : AnyCount
[VersionInfo] File Version : 5.0.0.548
[VersionInfo] Original FileName : AnyCount.exe
[VersionInfo] Internal Name : AnyCount
[VersionInfo] Legal Trademarks : Advanced International Translations
[VersionInfo] Legal Copyrights : Advanced International Translations
[ModuleReport] [IAT] Modules -> KERNEL32.dll | COMCTL32.dll
[!] Themida v1.0.0.0 - v1.8.1.0 detected !
[!] EmbedPE detected
[CompilerDetect] -> Borland Delphi (unknown version) - 60% probability
- Scan Took : 0.903 Second(s) [000000387h (903) tick(s)] [506 of 580 scan(s)
done]
--- snip ---

>From debugger dump after unwrapping (the "1.8" part).

--- snip ---
00C3F276  38 01 00 00 04 00 00 00  8.......
00C3F27E  31 2E 38 00 00 00 00 00  1.8.....
00C3F286  00 00 00 00 00 00 00 00  ........
00C3F28E  00 00 00 00 00 00 00 00  ........
00C3F296  00 00 00 00 00 00 00 00  ........
00C3F29E  45 78 63 65 70 74 69 6F  Exceptio
00C3F2A6  6E 20 49 6E 66 6F 72 6D  n Inform
00C3F2AE  61 74 69 6F 6E 00 50 6C  ation.Pl
00C3F2B6  65 61 73 65 2C 20 73 65  ease, se
--- snip ---

https://www.oreans.com/ThemidaAllWhatsNew.php

--- quote ---
Themida [1.8.1.0] (12-Sep-2006)
[+]
    Added support with .NET XenoCode applications
[+]
    Added support for DLLs with shared PE sections for API-Hooking
[+]
    Support to load dependant DLLs when registering a protected DLL from a
external directory
[+]
    Displaying CodeReplace macros virtualization while protecting application
[+]
    Displaying Virtual API-Wrapper status while protecting application
[!]
    Fixed compatibility issue with anti-Monitor under Windows Vista x64
[!]
    Fixed compatibility issue emulating some instructions with mutable CISC
processors
[!]
    Fixed problem with corrupted project files
[!]
    Fixed compatibility issue with high percent of dynamic opcodes in mutable
CISC processors
[!]
    XBundler: Fixed compatibility with GetPrivateProfile in UNICODE systems

Themida [1.8.0.0] (05-Sep-2006)
[+]
    Added CPU customization for virtual machine
[+]
    Added new mutable RISC-128 processor (virtual machine)
[+]
    Added new mutable CISC processor (virtual machine)
[+]
    Multiprocessor option for CISC virtual machine
[+]
    Added stats (complexity, size, speed) for selected processor
[+]
    Added hour glass icon in splash screen if displaying splash by number of
seconds
[+]
    Exact displaying time of splash screen (independently of computer speed)
[+]
    Added compatibility with new API-Hooking in Kaspersky antivirus (from
update 01-Sep-06)
[!]
    Fixed compatibility issue with anti-debugger technique under Windows NT 4.0
[!]
    Fixed exception compressing already compressed resources for some
applications 
--- quote ---

Fixes relevant for Wine went few versions later:

--- snip ---
Themida [1.8.4.0] (06-Nov-2006)
[+]
    Added compatibility with Wine
[+]
    Added anti File Patching option (Protection Options panel)
[+]
    Added support to protect applications with invalid relocations directory
[+]
    Added internal option to stop merging sections (SecureEngineConfig.ini)
[!]
    Fixed compatibility issue protecting APIs in applications with side-by-side
assemblies
[!]
    Fixed memory leak unloading protected DLLs when Resources compression was
enabled
[!]
    Correct displaying of different UNICODE character sets in User Interface
[!]
    Fixed compatibility with null TLS array for some protected ActiveX controls
[!]
    XBundler: Fixed interaction with .NET assemblies protection in some
applications 
--- snip ---

and

--- snip ---
Themida [1.8.9.0] (28-Mar-2007)
[+]
    XBundler: Improved UNICODE support in CreateFileW
[!]
    Fixed random bug which produced invalid PE headers for some applications
[!]
    Wine: Fixed compatibility issue with antidebug under Wine
[!]
    Wine: Fixed compatibility issue with API-Wrapper under Wine for some
applications 
--- snip ---

and

--- snip ---
Themida [1.9.3.0] (02-Aug-2007)
[+]
    Added support for VS2007 applications
[+]
    Added File Patching option to support signed files
[+]
    Added support to protect DLLs with empty relocation table
[+]
    Improved compatibility with some .NET applicatins under Vista
[!]
    Fixed compatibility wrapping ICMP.IcmpCreateFile
[!]
    Fixed compatibility in some applicatons with API-Wrapper enabled and
running under Wine
[!]
    .NET: fixed compatibility issue loading libraries as image resource
[!]
    Fixed compatibility with some DLLs protected with Code Virtualizer +
Themida/WinLicense
[!]
    Minor bugs fixed 
--- snip ---

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list