[Bug 43567] Vietcong - game crashes during radiocalls

wine-bugs at winehq.org wine-bugs at winehq.org
Thu Dec 27 17:44:55 CST 2018 

https://bugs.winehq.org/show_bug.cgi?id=43567

Paul Gofman <gofmanp at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gofmanp at gmail.com

--- Comment #2 from Paul Gofman <gofmanp at gmail.com> ---
Created attachment 63119
  --> https://bugs.winehq.org/attachment.cgi?id=63119
Preserve ecx in GetTickCount

I tested this on demo version. The game goes for some obscure system call
trickery at certain moment. Below are two fragments of relevant disassembly
from winedbg with my comments starting with ';'.

--------
; the following trickery in game.dll should effectively result into
kernel32.GetTickCount() call

0x0060b8ca in game: xorl    %edi,%edi
0x0060b8cc in game: movl    $0x60b8e4,%ecx
; return address in ecx
0x0060b8d1 in game: movl    $0x4,%eax
0x0060b8d6 in game: addl    $12705608,%eax
0x0060b8db in game: movl    0x0(%eax),%eax
0x0060b8dd in game: subl    $1480757628,%eax
; eax is 0x0040522c here
0x0060b8e2 in game: jmp    *%eax
; ecx holds this address
0x0060b8e4 in game: movl    %eax,0xfffffffc(%ebp)
0x0060b8e7 in game: movl    0xfffffffc(%ebp),%eax

....

; Here we get through 'jmp *%eax' above
0x0040522c in vietcong: pushl    %edx
0x0040522d in vietcong: call    *0x410110 -> 0x7b44b700 GetTickCount in
kernel32
; application expects ecx to stay unchanged
0x00405233 in vietcong: popl    %edx
0x00405234 in vietcong: subl    $0x17c34111,%edx
0x0040523a in vietcong: jnz    0x0040524e in vietcong
0x0040523c in vietcong: subl    $0x7af7327,%esi
0x00405242 in vietcong: jnz    0x0040524e in vietcong
0x00405244 in vietcong: subl    $0x3af4623f,%edi
0x0040524a in vietcong: jnz    0x0040524e in vietcong
0x0040524c in vietcong: xorl    %eax,%eax
0x0040524e in vietcong: jmp    *%ecx
; if ecx changed in GetTickCount, jumps to the garbage address
--------------

So this works on Windows versions where GetTickCount does not change ecx, and
fails otherwise. I have attached an ugly patch which fixes the crash during
radio call (at least the first one in the beginning of the mission in demo
which I used).

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list