[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys')

wine-bugs at winehq.org wine-bugs at winehq.org
Sat Feb 10 07:05:44 CST 2018 

https://bugs.winehq.org/show_bug.cgi?id=37355

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Depends on|23033                       |
            Summary|Tages Protection v5.x needs |Multiple software
                   |ntoskrnl                    |protection schemes need
                   |'MmMapLockedPagesSpecifyCac |ntoskrnl
                   |he' implementation          |'MmMapLockedPagesSpecifyCac
                   |                            |he' implementation (Tages
                   |                            |Protection v5.x,
                   |                            |BattleEye's 'bedaisy.sys')
           Keywords|                            |patch

--- Comment #8 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

refining summary.

Also needed by 'BEDaisy.sys' kernel driver, part of Battleye.
Small client to reproduce: http://static.tibia.com/download/Tibia_Setup.exe

Tidbit: The kernel driver is heavily obfuscated.

--- snip ---
...
0048:trace:ntoskrnl:IoCreateDriver (L"\\Driver\\BEDaisy", 0x7effb1c0)
...
0048:trace:winedevice:load_driver loading driver L"C:\\Program Files\\Common
Files\\BattlEye\\BEDaisy.sys"
...
0048:trace:loaddll:load_builtin_dll Loaded L"C:\\windows\\system32\\fltmgr.sys"
at 0xf75d0000: builtin
0048:trace:loaddll:load_builtin_dll Loaded L"C:\\windows\\system32\\hal.dll" at
0xf7330000: builtin
0048:trace:loaddll:load_native_dll Loaded L"C:\\Program Files\\Common
Files\\BattlEye\\BEDaisy.sys" at 0x780000: native
...
0048:Ret  KERNEL32.LoadLibraryW() retval=00780000 ret=7effaa60
...
0048:trace:winedevice:load_driver_module L"C:\\Program Files\\Common
Files\\BattlEye\\BEDaisy.sys": relocating from 0x400000 to 0x780000
...
0048:Call driver init 0x7fdf6e
(obj=0x11cb70,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\BEDaisy")
0048:Call
ntoskrnl.exe.IoAllocateMdl(00780000,00040409,00000000,00000000,00000000)
ret=0080bf37
0048:trace:ntoskrnl:IoAllocateMdl (0x780000, 263177, 0, 0, (nil))
0048:Call ntdll.RtlAllocateHeap(00110000,00000008,00000120) ret=7ece03cc
0048:Ret  ntdll.RtlAllocateHeap() retval=0011cd28 ret=7ece03cc
0048:Ret  ntoskrnl.exe.IoAllocateMdl() retval=0011cd28 ret=0080bf37
0048:Call ntoskrnl.exe.MmProbeAndLockPages(0011cd28,00000000,00000001)
ret=0080bf37
0048:fixme:ntoskrnl:MmProbeAndLockPages (0x11cd28, 0, 1): stub
0048:Ret  ntoskrnl.exe.MmProbeAndLockPages() retval=0000003f ret=0080bf37
0048:Call
ntoskrnl.exe.MmMapLockedPagesSpecifyCache(0011cd28,00000000,00000000,00000001,00000000,00000000)
ret=0080bf37
0048:fixme:ntoskrnl:MmMapLockedPagesSpecifyCache (0x11cd28, 0, 0, 0x1, 0, 0):
stub
0048:Ret  ntoskrnl.exe.MmMapLockedPagesSpecifyCache() retval=00000000
ret=0080bf37
0048:trace:seh:raise_exception code=c0000005 flags=0 addr=0x809c6a ip=00809c6a
tid=0048
0048:trace:seh:raise_exception  info[0]=00000001
0048:trace:seh:raise_exception  info[1]=00001000
0048:trace:seh:raise_exception  eax=007fbae9 ebx=00000001 ecx=00000000
edx=007fba80 esi=0080117d edi=00001000
0048:trace:seh:raise_exception  ebp=0065f464 esp=0065f35c cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010203
0048:trace:seh:call_vectored_handlers calling handler at 0x7ecddf85
code=c0000005 flags=0
0048:trace:seh:call_vectored_handlers handler at 0x7ecddf85 returned 0
0048:trace:seh:call_stack_handlers calling handler at 0x7bcaf67c code=c0000005
flags=0 
...
--- snip ---

NOTE: There is a problem (regression?) with service state/transition handling
causing the kernel driver service not started by helper service. When the
window "Starting Battleye service..." shows up, you need to issue 'wine net
stop BEService' command from another console and wait a bit. The app will
detect this and restart the helper service which in turn will start the kernel
service.

$ sha1sum Tibia_Setup.exe 
50951008ccc402cc32407bfc56a88da873e3e9bd  Tibia_Setup.exe

$ du -sh Tibia_Setup.exe 
5.2M    Tibia_Setup.exe

$ wine --version
wine-3.1-193-g354fa7eb79

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list