[Bug 41670] BattlEye launcher stuck at 'Starting BattlEye Service...' ( PUBG, Planetside2, H1Z1: King of the Kill, Tibia 11)

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Aug 18 10:10:23 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=41670

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|regression                  |obfuscation
            Summary|BattlEye service            |BattlEye launcher stuck at
                   |'BEService' fails to start  |'Starting BattlEye
                   |'BEDaisy' kernel service    |Service...' (PUBG,
                   |(Planetside2, H1Z1: King of |Planetside2, H1Z1: King of
                   |the Kill, Tibia 11)         |the Kill, Tibia 11)

--- Comment #37 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

revisiting, still present.

Client side:

--- snip ---
$ pwd
/home/focht/.wine/drive_c/users/focht/Local Settings/Application
Data/Tibia/packages/Tibia/bin

$ WINEDEBUG=+timestamp,+seh,+relay,+loaddll,+process,+ntoskrnl,+service wine
./client_launcher.exe >>log.txt 2>&1
...
12503.443:000f:trace:service:load_service_config Image path           =
L"\"C:\\Program Files\\Common Files\\BattlEye\\BEService.exe\""
12503.443:000f:trace:service:load_service_config Group                = (null)
12503.443:000f:trace:service:load_service_config Service account name =
L"LocalSystem"
12503.443:000f:trace:service:load_service_config Display name         =
L"BattlEye Service"
12503.443:000f:trace:service:load_service_config Service dependencies : (none)
12503.443:000f:trace:service:load_service_config Group dependencies   : (none)
...
12503.971:0009:Call KERNEL32.CreateFileW(0033efb8 L"C:\\Program Files\\Common
Files\\BattlEye\\BEService_tibia.exe",80000000,00000003,0033e8bc,00000003,00000080,00000000)
ret=00419292
12503.971:0009:Ret  KERNEL32.CreateFileW() retval=00000048 ret=00419292
...
12503.971:0009:Call advapi32.OpenSCManagerW(00000000,00000000,00000001)
ret=00466bd7
12503.971:0009:trace:service:SERV_OpenSCManagerW ((null),(null),0x00000001) 
...
12503.974:0009:trace:service:SERV_OpenSCManagerW returning 0x14ca58
12503.974:0009:Ret  advapi32.OpenSCManagerW() retval=0014ca58 ret=00466bd7
...
12503.974:0009:Call advapi32.OpenServiceW(0014ca58,004246bc
L"BEService",00000034) ret=004479a5
12503.974:0009:trace:service:SERV_OpenServiceW 0x14ca58 L"BEService" 0x00000034
...
12503.975:0009:Ret  advapi32.OpenServiceW() retval=0014ca98 ret=004479a5
...
12503.975:0009:Call KERNEL32.CreateFileW(0033f1c0 L"C:\\Program Files\\Common
Files\\BattlEye\\BEService.exe",80000000,00000001,00000000,00000003,00000000,00000000)
ret=0045753c
12503.975:0009:Ret  KERNEL32.CreateFileW() retval=00000050 ret=0045753c
...
12504.024:0009:Call advapi32.StartServiceW(0014ca98,00000000,00000000)
ret=0043bf4a
12504.024:0009:trace:service:StartServiceW 0x14ca98 0 (nil)
...
12504.031:0031:trace:process:__wine_kernel_init starting process
name=L"C:\\Program Files\\Common Files\\BattlEye\\BEService.exe"
argv[0]=L"C:\\Program Files\\Common Files\\BattlEye\\BEService.exe"
12504.034:0031:trace:loaddll:load_native_dll Loaded L"C:\\Program Files\\Common
Files\\BattlEye\\BEService.exe" at 0x400000: native
12504.034:0014:trace:process:create_process_impl started process pid 0030 tid
0031
...
12504.506:0009:Ret  advapi32.StartServiceW() retval=00000001 ret=0043bf4a
12504.506:0009:Call advapi32.QueryServiceStatus(0014ca98,0033eb1c) ret=00478817
12504.506:0009:trace:service:QueryServiceStatus 0x14ca98 0x33eb1c
12504.506:0009:trace:service:QueryServiceStatusEx 0x14ca98 0 0x33e958 36
0x33e954 
...
12504.507:0009:Ret  advapi32.QueryServiceStatus() retval=00000001 ret=00478817
12504.507:0009:Call KERNEL32.CreateFileW(0033eb38
L"\\\\.\\pipe\\BattlEye",c0000000,00000000,00000000,00000003,00000000,00000000)
ret=0043bf11
12504.507:0009:Ret  KERNEL32.CreateFileW() retval=00000068 ret=0043bf11
12504.507:0009:Call
KERNEL32.SetNamedPipeHandleState(00000068,0033ea1c,00000000,00000000)
ret=0042f5a5
12504.507:0009:Ret  KERNEL32.SetNamedPipeHandleState() retval=00000001
ret=0042f5a5
12504.507:0009:Call KERNEL32.GetNativeSystemInfo(0033eab4) ret=004336f4
12504.507:0009:Ret  KERNEL32.GetNativeSystemInfo() retval=00000000 ret=004336f4
12504.507:0009:Call
KERNEL32.WriteFile(00000068,0033ebb8,000000e3,0033ea08,00000000) ret=004568db
12504.507:0009:Ret  KERNEL32.WriteFile() retval=00000001 ret=004568db
12504.507:0009:Call
KERNEL32.ReadFile(00000068,0033ebb8,00000400,0033ea08,00000000) ret=0043ac10
12554.742:0009:Ret  KERNEL32.ReadFile() retval=00000000 ret=0043ac10
12554.742:0009:Call KERNEL32.CloseHandle(00000068) ret=004646b3
12554.742:0009:Ret  KERNEL32.CloseHandle() retval=00000001 ret=004646b3
12554.742:0009:Call KERNEL32.Sleep(00000064) ret=004396bf
12554.842:0009:Ret  KERNEL32.Sleep() retval=00000000 ret=004396bf
12554.842:0009:Call advapi32.QueryServiceStatus(0014ca98,0033eb1c) ret=00478817
12554.842:0009:trace:service:QueryServiceStatus 0x14ca98 0x33eb1c
12554.842:0009:trace:service:QueryServiceStatusEx 0x14ca98 0 0x33e958 36
0x33e954 
...
12554.845:0009:Ret  advapi32.QueryServiceStatus() retval=00000001 ret=00478817
12554.845:0009:Call KERNEL32.Sleep(00000064) ret=004396bf
12554.945:0009:Ret  KERNEL32.Sleep() retval=00000000 ret=004396bf
...
--- snip ---

BE Service side:

--- snip ---
...
12504.505:0034:Starting thread proc 0x7e5b526b (arg=0x14c900)
12504.505:0034:trace:service:service_thread 0x14c900
12504.505:0034:Call advapi32.RegisterServiceCtrlHandlerA(004365ba "",0041a500)
ret=0044d448
12504.505:0034:trace:service:RegisterServiceCtrlHandlerExW L"" 0x7e5ba731
0x41a500
12504.505:0034:Ret  advapi32.RegisterServiceCtrlHandlerA() retval=0014ca20
ret=0044d448
12504.505:0034:Call advapi32.SetServiceStatus(0014ca20,0043da60) ret=0056ea97
12504.505:0034:trace:service:SetServiceStatus 0x14ca20 10 4 1 0 0 0 0 
...
12504.506:0034:Ret  advapi32.SetServiceStatus() retval=00000001 ret=0056ea97
12504.506:0034:Call KERNEL32.CreateNamedPipeA(00f1fe38
"\\\\.\\pipe\\BattlEye",40040003,00000006,00000002,00000400,00000400,00000000,00000000)
ret=005ff52a
12504.506:0034:Ret  KERNEL32.CreateNamedPipeA() retval=0000005c ret=005ff52a
12504.506:0034:Call KERNEL32.CreateNamedPipeA(00f1fe38
"\\\\.\\pipe\\BattlEye",40040003,00000006,00000002,00000400,00000400,00000000,00000000)
ret=0063e40c
12504.506:0034:Ret  KERNEL32.CreateNamedPipeA() retval=00000060 ret=0063e40c
12504.506:0034:Call
advapi32.GetSecurityInfo(0000005c,00000006,00000004,00000000,00000000,00f16798,00000000,00f16768)
ret=0069a031
12504.506:0034:Ret  advapi32.GetSecurityInfo() retval=00000000 ret=0069a031
12504.506:0034:Call
advapi32.AllocateAndInitializeSid(00f174ac,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00f1685c)
ret=00445687
12504.506:0034:Ret  advapi32.AllocateAndInitializeSid() retval=00000001
ret=00445687
12504.506:0034:Call
advapi32.SetEntriesInAclA(00000001,00f16608,00000000,00f16858) ret=004f18c6
12504.506:0034:Ret  advapi32.SetEntriesInAclA() retval=00000000 ret=004f18c6
12504.506:0034:Call
advapi32.SetSecurityInfo(0000005c,00000006,00000004,00000000,00000000,0014eca8,00000000)
ret=0066bc20
12504.506:0034:Ret  advapi32.SetSecurityInfo() retval=00000000 ret=0066bc20
...
12504.506:0034:Call
advapi32.GetSecurityInfo(00000060,00000006,00000004,00000000,00000000,00f16798,00000000,00f16768)
ret=0069a031
12504.506:0034:Ret  advapi32.GetSecurityInfo() retval=00000000 ret=0069a031
12504.506:0034:Call
advapi32.AllocateAndInitializeSid(00f174ac,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00f1685c)
ret=00445687
12504.506:0034:Ret  advapi32.AllocateAndInitializeSid() retval=00000001
ret=00445687
12504.506:0034:Call
advapi32.SetEntriesInAclA(00000001,00f16608,0014ebac,00f16858) ret=004f18c6
12504.506:0034:Ret  advapi32.SetEntriesInAclA() retval=00000000 ret=004f18c6
12504.506:0034:Call
advapi32.SetSecurityInfo(00000060,00000006,00000004,00000000,00000000,0014ecd0,00000000)
ret=0066bc20
12504.506:0034:Ret  advapi32.SetSecurityInfo() retval=00000000 ret=0066bc20
...
12504.507:0034:Call ws2_32.WSAStartup(00000202,00f16bac) ret=005e69f7
12504.507:0034:Ret  ws2_32.WSAStartup() retval=00000000 ret=005e69f7 
12504.507:0034:Call ws2_32.socket(00000002,00000002,00000011) ret=004b902d
...
12504.507:0034:Call
ntdll.wine_server_handle_to_fd(00000064,00000000,00f15e3c,00000000)
ret=7e5100e3
12504.507:0034:Ret  ntdll.wine_server_handle_to_fd() retval=00000000
ret=7e5100e3
12504.507:0034:Call ntdll.wine_server_release_fd(00000064,00000011)
ret=7e510117
12504.507:0034:Ret  ntdll.wine_server_release_fd() retval=00000000 ret=7e510117
12504.507:0034:Ret  ws2_32.socket() retval=00000064 ret=004b902d
12504.507:0034:Call ws2_32.ioctlsocket(00000064,8004667e,00f16764) ret=0068c6b4
12504.507:0034:Ret  ws2_32.ioctlsocket() retval=00000000 ret=0068c6b4
12504.507:0034:Call advapi32.OpenProcessToken(ffffffff,00000020,00f1680c)
ret=0045a077
12504.507:0034:Ret  advapi32.OpenProcessToken() retval=00000001 ret=0045a077
12504.507:0034:Call advapi32.LookupPrivilegeValueA(00000000,004358d4,00f16650)
ret=00575df2
12504.507:0034:Ret  advapi32.LookupPrivilegeValueA() retval=00000001
ret=00575df2
12504.507:0034:Call
advapi32.AdjustTokenPrivileges(00000068,00000000,00f1743c,00000000,00000000,00000000)
ret=005d2292
12504.507:0034:Ret  advapi32.AdjustTokenPrivileges() retval=00000001
ret=005d2292
12504.507:0034:Call KERNEL32.CloseHandle(00000068) ret=0064254a
12504.507:0034:Ret  KERNEL32.CloseHandle() retval=00000001 ret=0064254a
12504.507:0034:Call KERNEL32.GetTickCount() ret=00665b17
12504.507:0034:Ret  KERNEL32.GetTickCount() retval=00becdbb ret=00665b17
12504.507:0034:Call KERNEL32.GetLastError() ret=00421189
12504.507:0034:Ret  KERNEL32.GetLastError() retval=00000000 ret=00421189
12504.507:0034:Call ntdll.RtlAllocateHeap(00110000,00000008,00000364)
ret=0041ffbc
12504.507:0034:Ret  ntdll.RtlAllocateHeap() retval=0014ec58 ret=0041ffbc
12504.510:0034:Call KERNEL32.ConnectNamedPipe(0000005c,0043ca30) ret=00579ed8
12504.510:0034:Ret  KERNEL32.ConnectNamedPipe() retval=00000000 ret=00579ed8
12504.510:0034:Call KERNEL32.GetLastError() ret=0045526b
12504.510:0034:Ret  KERNEL32.GetLastError() retval=000003e5 ret=0045526b
12504.510:0034:Call KERNEL32.CreateFileA(00f1fde4
"\\\\.\\BlackBone",80000000,00000003,00000000,00000003,00000000,00000000)
ret=00632229
12504.510:0034:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=00632229
12504.510:0034:Call KERNEL32.Sleep(00000064) ret=006b9498
12504.610:0034:Ret  KERNEL32.Sleep() retval=00000000 ret=006b9498
12504.611:0034:Call KERNEL32.CreateFileA(00f1fde4
"\\\\.\\BlackBone",80000000,00000003,00000000,00000003,00000000,00000000)
ret=00632229
12504.611:0034:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=00632229
12504.611:0034:Call KERNEL32.Sleep(00000064) ret=006b9498
12504.711:0034:Ret  KERNEL32.Sleep() retval=00000000 ret=006b9498
12504.712:0034:Call KERNEL32.CreateFileA(00f1fde4
"\\\\.\\BlackBone",80000000,00000003,00000000,00000003,00000000,00000000)
ret=00632229
12504.712:0034:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=00632229
12504.712:0034:Call KERNEL32.Sleep(00000064) ret=006b9498
12504.812:0034:Ret  KERNEL32.Sleep() retval=00000000 ret=006b9498
12504.812:0034:Call KERNEL32.CreateFileA(00f1fde4
"\\\\.\\BlackBone",80000000,00000003,00000000,00000003,00000000,00000000)
ret=00632229
12504.812:0034:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=00632229
12504.813:0034:Call KERNEL32.Sleep(00000064) ret=006b9498
12504.913:0034:Ret  KERNEL32.Sleep() retval=00000000 ret=006b9498 
...
<repeats>
--- snip ---

The service creates two named pipe instances '\\\\.\\pipe\\BattlEye' in message
mode and sets the pipe security. After some other startup initialization tasks,
the service thread calls 'ConnectNamedPipe()' to wait for clients to connect.
The call returns 'ERROR_IO_PENDING' because the client already managed to open
and write to the named pipe. Check the timestamps of the relevant API calls
from both snippets.
Instead of calling 'GetOverlappedResult()', the service thread just endlessly
loops trying to open '\\\\.\\BlackBone', with small delays in between.
BlackBone is some hacking framework/lib
(https://github.com/DarthTon/Blackbone), also used for cheating. The failure to
open the driver symlink is expected.

The client just sits in a loop, querying the service status. If the service is
terminated manually by issuing 'wine net stop BEService' from another terminal,
the client starts another client instance with parameter '3' which does a full
service reinstall.

--- snip ---
...
12565.049:0009:Call KERNEL32.CreateProcessW(00000000,0033d6dc
L"\"C:\\users\\focht\\Local Settings\\Application
Data\\Tibia\\packages\\Tibia\\bin\\client_launcher.exe\"
3",00000000,00000000,00000000,00000410,00000000,00000000,0033d1b0,0033d1a0)
ret=7e3f2af4 
...
12565.049:0009:trace:process:create_process_impl starting
L"C:\\users\\focht\\Local Settings\\Application
Data\\Tibia\\packages\\Tibia\\bin\\client_launcher.exe" as Win32 binary
(400000-4bf000, arch 014c) 
...
12565.057:003d:trace:loaddll:load_native_dll Loaded L"C:\\users\\focht\\Local
Settings\\Application Data\\Tibia\\packages\\Tibia\\bin\\client_launcher.exe"
at 0x400000: native
12565.058:0009:trace:process:create_process_impl started process pid 003c tid
003d
...
12565.149:003d:Starting process L"C:\\users\\focht\\Local Settings\\Application
Data\\Tibia\\packages\\Tibia\\bin\\client_launcher.exe" (entryproc=0x47d6dc) 
...
12565.160:003d:Call advapi32.OpenServiceW(0014c620,004246bc
L"BEService",00010020) ret=00441e58 
...
12565.164:003d:Call KERNEL32.DeleteFileW(0033f1c2 L"C:\\Program Files\\Common
Files\\BattlEye\\BEService.exe") ret=00450c96
12565.165:003d:Ret  KERNEL32.DeleteFileW() retval=00000001 ret=00450c96
12565.165:003d:Call KERNEL32.CopyFileW(0033efb8 L"C:\\users\\focht\\Local
Settings\\Application
Data\\Tibia\\packages\\Tibia\\bin\\BattlEye\\BEService.exe",0033f1c2
L"C:\\Program Files\\Common Files\\BattlEye\\BEService.exe",00000000)
ret=004506bb 
...
12565.170:003d:Call advapi32.CreateServiceW(0014c620,004246bc
L"BEService",00424c3c L"BattlEye
Service",00060010,00000010,00000003,00000001,0033f1c0 L"\"C:\\Program
Files\\Common
Files\\BattlEye\\BEService.exe\"",00000000,00000000,00000000,00000000,00000000)
ret=0044809e
12565.170:003d:trace:service:CreateServiceW 0x14c620 L"BEService" L"BattlEye
Service" 
...
12565.171:0038:trace:service:svcctl_CreateServiceW (L"BEService", L"BattlEye
Service", 0x60010, L"\"C:\\Program Files\\Common
Files\\BattlEye\\BEService.exe\"")
...
12565.173:0039:Call KERNEL32.CreateProcessW(00000000,0011c760 L"\"C:\\Program
Files\\Common
Files\\BattlEye\\BEService.exe\"",00000000,00000000,00000000,00000400,00450000,00000000,00eef8ec,00eef930)
ret=7efe4bb0
12565.173:0039:trace:process:create_process_impl app (null) cmdline
L"\"C:\\Program Files\\Common Files\\BattlEye\\BEService.exe\"" 
...
12565.186:0039:trace:process:create_process_impl started process pid 003f tid
0040 
...
12565.647:0040:trace:service:service_run_main_thread Starting 1 services
running as process 63 
...
12565.661:003d:Call KERNEL32.ExitProcess(00000000) ret=0040fd66
...
12565.662:0009:Ret  KERNEL32.WaitForSingleObject() retval=00000000 ret=0046bc44
12565.662:0009:Call KERNEL32.GetExitCodeProcess(00000074,0033ea20) ret=004359ea
12565.662:0009:Ret  KERNEL32.GetExitCodeProcess() retval=00000001 ret=004359ea
12565.662:0009:Call advapi32.OpenServiceW(00172870,004246bc
L"BEService",00000024) ret=0044ea0d
12565.662:0009:trace:service:SERV_OpenServiceW 0x172870 L"BEService" 0x00000024 
...
12565.669:002f:Call KERNEL32.GetStringTypeW(00000001,0016b04c L"13:03:10:
Installing BattlEye Service...\r\n13:03:11: Successfully installed BattlEye
Service.\r\n",00000001,005bf46a) ret=7db550c1
12565.669:002f:Ret  KERNEL32.GetStringTypeW() retval=00000001 ret=7db550c1 
...
--- snip ---

The second time it succeeds. Same service startup sequence again:

--- snip ---
12565.650:0043:Ret  advapi32.SetServiceStatus() retval=00000001 ret=0056ea97
12565.650:0043:Call KERNEL32.CreateNamedPipeA(00f1fe38
"\\\\.\\pipe\\BattlEye",40040003,00000006,00000002,00000400,00000400,00000000,00000000)
ret=005ff52a
12565.650:0043:Ret  KERNEL32.CreateNamedPipeA() retval=0000005c ret=005ff52a
12565.650:0043:Call KERNEL32.CreateNamedPipeA(00f1fe38
"\\\\.\\pipe\\BattlEye",40040003,00000006,00000002,00000400,00000400,00000000,00000000)
ret=0063e40c
12565.650:0043:Ret  KERNEL32.CreateNamedPipeA() retval=00000060 ret=0063e40c
12565.650:0043:Call
advapi32.GetSecurityInfo(0000005c,00000006,00000004,00000000,00000000,00f16798,00000000,00f16768)
ret=0069a031
12565.650:0043:Ret  advapi32.GetSecurityInfo() retval=00000000 ret=0069a031
12565.650:0043:Call
advapi32.AllocateAndInitializeSid(00f174ac,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00f1685c)
ret=00445687
12565.650:0043:Ret  advapi32.AllocateAndInitializeSid() retval=00000001
ret=00445687
12565.650:0043:Call
advapi32.SetEntriesInAclA(00000001,00f16608,00000000,00f16858) ret=004f18c6
12565.650:0043:Ret  advapi32.SetEntriesInAclA() retval=00000000 ret=004f18c6
12565.650:0043:Call
advapi32.SetSecurityInfo(0000005c,00000006,00000004,00000000,00000000,0014eca8,00000000)
ret=0066bc20
12565.651:0043:Ret  advapi32.SetSecurityInfo() retval=00000000 ret=0066bc20
...
12565.651:0043:Call
advapi32.GetSecurityInfo(00000060,00000006,00000004,00000000,00000000,00f16798,00000000,00f16768)
ret=0069a031
12565.651:0043:Ret  advapi32.GetSecurityInfo() retval=00000000 ret=0069a031
12565.651:0043:Call
advapi32.AllocateAndInitializeSid(00f174ac,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00f1685c)
ret=00445687
12565.651:0043:Ret  advapi32.AllocateAndInitializeSid() retval=00000001
ret=00445687
12565.651:0043:Call
advapi32.SetEntriesInAclA(00000001,00f16608,0014ebac,00f16858) ret=004f18c6
12565.651:0043:Ret  advapi32.SetEntriesInAclA() retval=00000000 ret=004f18c6
12565.651:0043:Call
advapi32.SetSecurityInfo(00000060,00000006,00000004,00000000,00000000,0014ecd0,00000000)
ret=0066bc20
12565.651:0043:Ret  advapi32.SetSecurityInfo() retval=00000000 ret=0066bc20
...
12565.651:0043:Call ws2_32.WSAStartup(00000202,00f16bac) ret=005e69f7
12565.651:0043:Ret  ws2_32.WSAStartup() retval=00000000 ret=005e69f7
12565.651:0043:Call ws2_32.socket(00000002,00000002,00000011) ret=004b902d
...
12565.651:0043:Call
ntdll.wine_server_handle_to_fd(00000064,00000000,00f15e3c,00000000)
ret=7e5100e3
12565.651:0043:Ret  ntdll.wine_server_handle_to_fd() retval=00000000
ret=7e5100e3
12565.651:0043:Call ntdll.wine_server_release_fd(00000064,00000011)
ret=7e510117
12565.651:0043:Ret  ntdll.wine_server_release_fd() retval=00000000 ret=7e510117
12565.651:0043:Ret  ws2_32.socket() retval=00000064 ret=004b902d
12565.651:0043:Call ws2_32.ioctlsocket(00000064,8004667e,00f16764) ret=0068c6b4
12565.651:0043:Ret  ws2_32.ioctlsocket() retval=00000000 ret=0068c6b4
12565.651:0043:Call advapi32.OpenProcessToken(ffffffff,00000020,00f1680c)
ret=0045a077
12565.651:0043:Ret  advapi32.OpenProcessToken() retval=00000001 ret=0045a077
12565.651:0043:Call advapi32.LookupPrivilegeValueA(00000000,004358d4,00f16650)
ret=00575df2
12565.651:0043:Ret  advapi32.LookupPrivilegeValueA() retval=00000001
ret=00575df2
12565.651:0043:Call
advapi32.AdjustTokenPrivileges(00000068,00000000,00f1743c,00000000,00000000,00000000)
ret=005d2292
12565.651:0043:Ret  advapi32.AdjustTokenPrivileges() retval=00000001
ret=005d2292
12565.651:0043:Call KERNEL32.CloseHandle(00000068) ret=0064254a
12565.651:0043:Ret  KERNEL32.CloseHandle() retval=00000001 ret=0064254a
12565.651:0043:Call KERNEL32.GetTickCount() ret=00665b17
12565.651:0043:Ret  KERNEL32.GetTickCount() retval=00bfbc93 ret=00665b17
12565.651:0043:Call KERNEL32.GetLastError() ret=00421189
12565.651:0043:Ret  KERNEL32.GetLastError() retval=00000000 ret=00421189
12565.651:0043:Call ntdll.RtlAllocateHeap(00110000,00000008,00000364)
ret=0041ffbc
12565.651:0043:Ret  ntdll.RtlAllocateHeap() retval=0014ec58 ret=0041ffbc
12565.655:0043:Call KERNEL32.ConnectNamedPipe(0000005c,0043ca30) ret=00579ed8
12565.655:0043:Ret  KERNEL32.ConnectNamedPipe() retval=00000000 ret=00579ed8
12565.655:0043:Call KERNEL32.GetLastError() ret=0045526b
12565.655:0043:Ret  KERNEL32.GetLastError() retval=000003e5 ret=0045526b
12565.655:0043:Call KERNEL32.CreateFileA(00f1fde4
"\\\\.\\BlackBone",80000000,00000003,00000000,00000003,00000000,00000000)
ret=00632229
12565.655:0043:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=00632229
12565.655:0043:Call KERNEL32.Sleep(00000064) ret=006b9498
12565.755:0043:Ret  KERNEL32.Sleep() retval=00000000 ret=006b9498
12565.755:0043:Call
KERNEL32.GetOverlappedResult(0000005c,0043ca30,00f16ba0,00000000) ret=00463d46
12565.755:0043:Ret  KERNEL32.GetOverlappedResult() retval=00000001 ret=00463d46
12565.756:0043:Call
KERNEL32.ReadFile(0000005c,0043d258,00000400,00f16ba0,0043ca30) ret=004a3dd5
12565.756:0043:Ret  KERNEL32.ReadFile() retval=00000001 ret=004a3dd5
12565.756:0043:Call KERNEL32.GetModuleFileNameW(00000000,00f19e38,000001f5)
ret=00583164
12565.756:0043:Ret  KERNEL32.GetModuleFileNameW() retval=00000034 ret=00583164
...
12565.761:0043:Call advapi32.CreateServiceW(0014f238,00f1fd98
L"BEDaisy",00f1fd98 L"BEDaisy",00010034,00000001,00000003,00000001,00f19a38
L"C:\\Program Files\\Common
Files\\BattlEye\\BEDaisy.sys",00000000,00000000,00000000,00000000,00000000)
ret=00489100
12565.761:0043:trace:service:CreateServiceW 0x14f238 L"BEDaisy" L"BEDaisy"
...
--- snip ---

The same service binary is started again but the code path executed after
'ConnectNamedPipe()' fails with 'ERROR_IO_PENDING' is a bit different.
Unfortunately the service binary is protected (obfuscated/virtualized) with
VMProtect 2.x or 3.x. which makes it time consuming to figure out the problem
domain:

* bug in Wine (API insufficiencies)
* bug in VMP virtual machine code (incompatibility with Wine)
* bug in app code, before virtualization (not a Wine bug, works by chance on
Windows)

For now use the following workaround when 'BattlEye Launcher' dialog window
shows 'Starting BattlEye Service...':

--- snip ---
$ wine net stop BEService
--- snip ---

$ sha1sum Tibia_Setup.exe 
14eaffd5c5026d06427b417d643a65786edc5e73  Tibia_Setup.exe

$ du -sh Tibia_Setup.exe 
5.4M    Tibia_Setup.exe

$ wine --version
wine-3.14

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list