[Bug 44456] 64-bit Football Manager 2017 crashes due missing 'kernel32.dll ' -> 'kernelbase.dll' load-time dependency (Minwin/Win7+)

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Feb 3 07:29:04 CST 2018 

https://bugs.winehq.org/show_bug.cgi?id=44456

--- Comment #3 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

the easiest solution is to preload 'kernelbase.dll' by default on process init.

I'm not sure if it's worth to add a version check for Win7+ to decide to
preload it or not. It would be safe at least from the case when an app/game
checks for the presence of 'kernelbase.dll' (without explicit load dependency)
to validate against reported Windows version.

https://source.winehq.org/git/wine.git/blob/f9181daa1ddc2c10d3b6ddd4610bc1421cfd0f42:/dlls/ntdll/loader.c#l3324

--- snip ---
3324 void __wine_process_init(void)
3325 {
3326     static const WCHAR kernel32W[] =
{'k','e','r','n','e','l','3','2','.','d','l','l',0};
3327 
3328     WINE_MODREF *wm;
3329     NTSTATUS status;
3330     ANSI_STRING func_name;
3331     void (* DECLSPEC_NORETURN CDECL init_func)(void);
3332 
3333     main_exe_file = thread_init();
3334 
3335     /* retrieve current umask */
3336     FILE_umask = umask(0777);
3337     umask( FILE_umask );
3338 
3339     load_global_options();
3340 
3341     /* setup the load callback and create ntdll modref */
3342     wine_dll_set_callback( load_builtin_callback );
3343 
3344     if ((status = load_builtin_dll( NULL, kernel32W, 0, 0, &wm )) !=
STATUS_SUCCESS)
3345     {
3346         MESSAGE( "wine: could not load kernel32.dll, status %x\n", status
);
3347         exit(1);
3348     }
3349     RtlInitAnsiString( &func_name, "UnhandledExceptionFilter" );
3350     LdrGetProcedureAddress( wm->ldr.BaseAddress, &func_name, 0, (void
**)&unhandled_exception_filter );
3351 
3352     RtlInitAnsiString( &func_name, "__wine_kernel_init" );
3353     if ((status = LdrGetProcedureAddress( wm->ldr.BaseAddress, &func_name,
3354                                           0, (void **)&init_func )) !=
STATUS_SUCCESS)
3355     {
3356         MESSAGE( "wine: could not find __wine_kernel_init in kernel32.dll,
status %x\n", status );
3357         exit(1);
3358     }
3359     init_func();
3360 }
--- snip ---

I added it here and the wrapper ran successfully, spawning the real game
executable 'fm.exe'.

That one is hanging on entry which is bug 44438 (Denuvo "Anti-Tamper" x64
variant #2)

--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> Z:\home\focht\Downloads\wine64\drive_c\Games\Football Manager
2017\fm.exe
File Type : 64-Bit Exe (Subsystem : Win GUI / 2), Size : 135495168 (08137E00h)
Byte(s) | Machine: 0x8664 (AMD64)
[!] Warning -> File needs higher OS (Current OS : 05.01, Requires OS: 06.00)
[!] Warning : File is 64 Bit, this os is NOT
Compilation TimeStamp : 0x58BEFC7B -> Tue 07th Mar 2017 18:31:23 (GMT)
[TimeStamp] 0x58BEFC7B -> Tue 07th Mar 2017 18:31:23 (GMT) | PE Header | - |
Offset: 0x00000000:000000E0 | VA: 0x00000001:400000E0 | -
[TimeStamp] 0x58BEFC7B -> Tue 07th Mar 2017 18:31:23 (GMT) | DebugDirectory | -
| Offset: 0x00000000:040048C4 | VA: 0x00000001:46E4C2C4 | -
[TimeStamp] 0x58BEFC7B -> Tue 07th Mar 2017 18:31:23 (GMT) | DebugDirectory | -
| Offset: 0x00000000:040048E0 | VA: 0x00000001:46E4C2E0 | -
[!] Executable uses TLS callbacks (1 total... 0 invalid addresses)
[LoadConfig] Struct determined as v3 (Expected size 148 | Actual size 148)
[LoadConfig] CFG (/Guard) - Handler @ 0x1:42DCAFF8
[LoadConfig] CFG Table @ 0x0:00000000 | 0x00 (00) entries
[LoadConfig] CFG Flags : 0x100
[LoadConfig] CFG Data Present, yet setting is not present in the
DllCharacteristics.. patched out?
[File Heuristics] -> Flag #1 : 00000100000001001100001000100001 (0x0404C221)
[Entrypoint Section Entropy] : 4.87 (section #8) ".data   " | Size : 0x15D
(349) byte(s)
[DllCharacteristics] -> Flag : (0x8120) -> HEVA | DEP | TSA
[SectionCount] 12 (0xC) | ImageSize 0xAF80000 (184025088) byte(s)
[VersionInfo] Company Name : Sports Interactive
[VersionInfo] Product Name : Football Manager 2017
[VersionInfo] Product Version : 17.3.1f939048
[VersionInfo] File Description : Football Manager 2017 17.3.1f939048 (update)
[VersionInfo] File Version : 17.3.1f939048
[VersionInfo] Original FileName : FM2017
[VersionInfo] Internal Name : Football Manager 2017
[VersionInfo] Legal Copyrights : (c)Sports InteractiveLtd 2016
[ModuleReport] [IAT] Modules -> ADVAPI32.dll | COMDLG32.dll | CRYPT32.dll |
GDI32.dll | IMM32.dll | KERNEL32.dll | OpenAL32.dll | POWRPROF.dll | RPCRT4.dll
| SHELL32.dll | SHLWAPI.dll | USER32.dll | VERSION.dll | WININET.dll |
WINMM.dll | WS2_32.dll | WTSAPI32.dll | d3d9.dll | d3dx9_43.dll | icuin57.dll |
icuuc57.dll | kernel32.dll | ole32.dll | pdh.dll | steam_api64.dll |
twitchsdk_x64_release.dll | vpxmt.dll
[Debug Info] (record 1 of 2) (file offset 0x40048C0)
Characteristics : 0x0 | TimeDateStamp : 0x58BEFC7B (Tue 07th Mar 2017 18:31:23
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x78 (120) 
AddressOfRawData : 0x6E4C2F8 | PointerToRawData : 0x40048F8
CvSig : 0x53445352 | SigGuid 7598FF24-AD46-4829-8113BD73EE65189E
Age : 0x2 (2) | Pdb : fm.pdb
[Debug Info] (record 2 of 2) (file offset 0x40048DC)
Characteristics : 0x0 | TimeDateStamp : 0x58BEFC7B (Tue 07th Mar 2017 18:31:23
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 12 (0xC) -> Undocumented | Size : 0x14 (20) 
AddressOfRawData : 0x6E4C370 | PointerToRawData : 0x407D770
[Raw/Hidden Debug Record] (File Offset 0x8FA5E4)
CvSig : 0x53445352 | SigGuid 898D5156-BBA5-4B3A-B2D5E26D31629C5C
Age : 0x1 (1) | Pdb :
E:\perforce_data\dev\projects\games\fm\branches\fm2017\update\game\builds\vs2015\x64\final
protected\application\unprotected.pdb
[!] Steam api usage detected
[!] Denuvo "Anti-Tamper" x64 variant #2 detected
[CdKeySerial] found "Invalid code" @ VA: 0x0327B078 / Offset: 0x004B1678
[CdKeySerial] found "Unregistered" @ VA: 0x03282070 / Offset: 0x004B8670
[CdKeySerial] found "Unregistered" @ VA: 0x03282108 / Offset: 0x004B8708
[CdKeySerial] found "Serial Number" @ VA: 0x032B7EFF / Offset: 0x004EE4FF
[CdKeySerial] found "SerialNumber" @ VA: 0x0334C7BE / Offset: 0x00582DBE
[CdKeySerial] found "Unregistered" @ VA: 0x03381E08 / Offset: 0x005B8408
[CdKeySerial] found "Unregistered" @ VA: 0x03381FD0 / Offset: 0x005B85D0
[CdKeySerial] found "Invalid code" @ VA: 0x03463328 / Offset: 0x00699928
[CdKeySerial] found "Invalid code" @ VA: 0x03463370 / Offset: 0x00699970
[CdKeySerial] found "Serial Number" @ VA: 0x034B9B98 / Offset: 0x006F0198
[CdKeySerial] found "Serial Number" @ VA: 0x03517128 / Offset: 0x0074D728
[CdKeySerial] found "SerialNumber" @ VA: 0x035176F8 / Offset: 0x0074DCF8
[CdKeySerial] found "Serial Number" @ VA: 0x03518BA5 / Offset: 0x0074F1A5
[CompilerDetect] -> Borland Delphi (unknown version) - 20% probability
- Scan Took : 18.292 Second(s) [000004914h (18708) tick(s)] [180 of 580 scan(s)
done]
--- snip ---

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list