[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys')

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Feb 28 19:18:28 CST 2018 

https://bugs.winehq.org/show_bug.cgi?id=37355

--- Comment #12 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

'Secret Files: Tunguska' game demo from bug 39500 has same problem (Tages
Protection v5.x).

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Deep Silver/Secret Files Tunguska Demo

$ WINEDEBUG=+seh,+relay,+ntoskrnl,+hal wine ./Tunguska.exe >>log.txt 2>&1
...
0009:Call KERNEL32.CreateFileA(0034a8ac
"\\\\.\\atksgt",c0000000,00000000,00000000,00000003,40000000,00000000)
ret=009c7f6e
0009:Ret  KERNEL32.CreateFileA() retval=00000040 ret=009c7f6e
0009:Call
KERNEL32.DeviceIoControl(00000040,0022e40b,0034a9d0,00000005,00000000,00000000,0034a9cc,00000000)
ret=009c7fbc
0017:Ret  KERNEL32.WaitForMultipleObjectsEx() retval=00000001 ret=7eccbcec 
...
0017:trace:ntoskrnl:dispatch_ioctl ioctl 22e40b device 0x120a98 file 0x11c9c0
in_size 5 out_size 0
0017:trace:ntoskrnl:IoBuildDeviceIoControlRequest 22e40b, 0x120a98, 0x11b948,
5, (nil), 0, 0, (nil), (nil)
0017:trace:ntoskrnl:IoAllocateIrp 1, 0
0017:Call ntdll.RtlAllocateHeap(00110000,00000000,00000094) ret=7ecce269
0017:Ret  ntdll.RtlAllocateHeap() retval=0011ccd0 ret=7ecce269
0017:trace:ntoskrnl:ExAllocatePoolWithTag 148 pool 0 -> 0x11ccd0
0017:trace:ntoskrnl:IoInitializeIrp 0x11ccd0, 148, 1
0017:Call ntdll.NtGetTickCount() ret=7ecceb82
0017:Ret  ntdll.NtGetTickCount() retval=0051e61a ret=7ecceb82
0017:Call driver dispatch 0x7bfc40 (device=0x120a98,irp=0x11ccd0)
0017:Call
ntoskrnl.exe.IoAllocateMdl(0011b948,00000005,00000000,00000000,00000000)
ret=0078038f
0017:trace:ntoskrnl:IoAllocateMdl (0x11b948, 5, 0, 0, (nil))
0017:Call ntdll.RtlAllocateHeap(00110000,00000008,00000020) ret=7eccc39c
0017:Ret  ntdll.RtlAllocateHeap() retval=0011cab0 ret=7eccc39c
0017:Ret  ntoskrnl.exe.IoAllocateMdl() retval=0011cab0 ret=0078038f
0017:Call ntoskrnl.exe.MmProbeAndLockPages(0011cab0,00000001,00000001)
ret=007803ae
0017:fixme:ntoskrnl:MmProbeAndLockPages (0x11cab0, 1, 1): stub
0017:Ret  ntoskrnl.exe.MmProbeAndLockPages() retval=0000003f ret=007803ae
0017:Call
ntoskrnl.exe.MmMapLockedPagesSpecifyCache(0011cab0,00000000,00000001,00000000,00000000,00000020)
ret=007bfe27
0017:fixme:ntoskrnl:MmMapLockedPagesSpecifyCache (0x11cab0, 0, 1, (nil), 0,
32): stub
0017:Ret  ntoskrnl.exe.MmMapLockedPagesSpecifyCache() retval=00000000
ret=007bfe27
0017:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bfe27 ip=007bfe27
tid=0017
0017:trace:seh:raise_exception  info[0]=00000001
0017:trace:seh:raise_exception  info[1]=00000000
0017:trace:seh:raise_exception  eax=00000000 ebx=00000005 ecx=0054fc08
edx=00552f54 esi=00000000 edi=0011cab0
0017:trace:seh:raise_exception  ebp=0054fc18 esp=0054fbbc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0017:trace:seh:call_vectored_handlers calling handler at 0x7ecc9f55
code=c0000005 flags=0 
--- snip ---

Disassembly shows access to starting (virtual) address of the mapped pages:

--- snip ---
...
007BFE16  PUSH 20
007BFE18  PUSH 0
007BFE1A  PUSH 0
007BFE1C  PUSH 1
007BFE1E  PUSH 0
007BFE20  PUSH EDI
007BFE21  CALL DWORD PTR DS:[<&ntoskrnl.MmMapLockedPagesSpecifyCache>]
007BFE27  MOV WORD PTR DS:[EAX],5       ; *boom*
007BFE2C  MOV WORD PTR DS:[EAX+2],5
007BFE32  MOV BYTE PTR DS:[EAX+4],1
007BFE36  PUSH EDI
007BFE37  CALL DWORD PTR DS:[<&ntoskrnl.MmUnlockPages>]
007BFE3D  PUSH EDI
007BFE3E  CALL DWORD PTR DS:[<&ntoskrnl.IoFreeMdl>]
007BFE44  MOV EDX,DWORD PTR SS:[EBP+C]
007BFE47  MOV DWORD PTR DS:[EDX+1C],0
007BFE4E  JMP atksgt.007C0333
...
--- snip ---

MSDN:
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/wdm/nf-wdm-mmmaplockedpagesspecifycache

There is a Wine-Staging patchset for ntoskrnl.exe MmMapLockedPages and
MmUnmapLockedPages:

https://github.com/wine-staging/wine-staging/blob/master/patches/ntoskrnl-Stubs/0009-ntoskrnl.exe-Implement-MmMapLockedPages-and-MmUnmapL.patch

The variants that allow to specify cache attributes can benefit from them or
the other way around (should maybe go to Wine-Staging first).
In general these stubs should be separated by topic to be tracked by individual
tickets. 

$ sha1sum secretfilestunguskademo.exe 
dud081e71f3c0e6f01ed85185afaf938fe43031df6  secretfilestunguskademo.exe

$ du -sh secretfilestunguskademo.exe 
575M    secretfilestunguskademo.exe

$ wine --version
wine-3.2-293-g0a72708126

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list