[Bug 44439] Whatsapp 0.2.8082 Squirrel.Windows-based (.NET 4.x) installer fails with "System.ArgumentException: WriteEntryTo or OpenEntryStream can only be called once."

wine-bugs at winehq.org wine-bugs at winehq.org
Mon Jan 29 16:23:31 CST 2018 

https://bugs.winehq.org/show_bug.cgi?id=44439

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Whatsapp installer newest   |Whatsapp 0.2.8082
                   |version fails:              |Squirrel.Windows-based
                   |System.ArgumentException:   |(.NET 4.x) installer fails
                   |WriteEntryTo or             |with
                   |OpenEntryStream can only be |"System.ArgumentException:
                   |called once.                |WriteEntryTo or
                   |                            |OpenEntryStream can only be
                   |                            |called once."
                 CC|                            |focht at gmx.net

--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello Louis,

is the attached log from latest Wine-Staging or Wine 3.0+ with
https://github.com/wine-compholio/wine-staging/tree/master/patches/advapi32-Token_Integrity_Level
patchset applied?

I found another way to made it kinda work without the Wine-Staging patches.

For determining the app installer version just dump the version information
resources from the binary.

--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> Z:\home\focht\Downloads\WhatsAppSetup.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 130807568 (07CBF710h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x59485E53 -> Mon 19th Jun 2017 23:29:23 (GMT)
[TimeStamp] 0x59485E53 -> Mon 19th Jun 2017 23:29:23 (GMT) | PE Header | - |
Offset: 0x00000118 | VA: 0x00400118 | -
[TimeStamp] 0x59485E53 -> Mon 19th Jun 2017 23:29:23 (GMT) | DebugDirectory | -
| Offset: 0x00024764 | VA: 0x00425564 | -
[TimeStamp] 0x59485E53 -> Mon 19th Jun 2017 23:29:23 (GMT) | DebugDirectory | -
| Offset: 0x00024780 | VA: 0x00425580 | -
[TimeStamp] 0x59485E53 -> Mon 19th Jun 2017 23:29:23 (GMT) | DebugDirectory | -
| Offset: 0x0002479C | VA: 0x0042559C | -
[TimeStamp] 0x59485E53 -> Mon 19th Jun 2017 23:29:23 (GMT) | DebugDirectory | -
| Offset: 0x000247B8 | VA: 0x004255B8 | -
-> File Appears to be Digitally Signed @ Offset 07CBEA00h, size : 0D10h / 03344
byte(s)
[LoadConfig] Struct determined as v8 (Expected size 140 | Actual size 64)
[!] Executable uses SEH Tables (/SAFESEH) (55 calculated 29 recorded... 24
invalid addresses)
[!]    * table may be compressed / encrypted *
[LoadConfig] CodeIntegrity -> Flags 0x0 | Catalog 0x0 (0) | Catalog Offset 0x0
| Reserved 0x0
[LoadConfig] GuardAddressTakenIatEntryTable 0x42A000 | Count 0x42A008 (4366344)
[LoadConfig] GuardLongJumpTargetTable 0x428EAC | Count 0x41D278 (4313720)
[LoadConfig] HybridMetadataPointer 0x0 | DynamicValueRelocTable 0x300000
[LoadConfig] FailFastIndirectProc 0x0 | FailFastPointer 0x0
[LoadConfig] UnknownZero1 0x0
[File Heuristics] -> Flag #1 : 00000100000001001101000000000100 (0x0404D004)
[Entrypoint Section Entropy] : 6.67 (section #0) ".text   " | Size : 0x1BCCE
(113870) byte(s)
[DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA
[SectionCount] 6 (0x6) | ImageSize 0x7CC3000 (130822144) byte(s)
[VersionInfo] Company Name : WhatsApp
[VersionInfo] Product Name : WhatsApp
[VersionInfo] Product Version : 0.2.8082
[VersionInfo] File Description : WhatsApp
[VersionInfo] File Version : 0.2.8082
[VersionInfo] Original FileName : Setup.exe
[VersionInfo] Internal Name : Setup.exe
[VersionInfo] Legal Copyrights : Copyright © 2018 WhatsApp
[ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | ADVAPI32.dll |
SHELL32.dll | ole32.dll | OLEAUT32.dll | urlmon.dll | SHLWAPI.dll |
COMCTL32.dll
[Debug Info] (record 1 of 4) (file offset 0x24760)
Characteristics : 0x0 | TimeDateStamp : 0x59485E53 (Mon 19th Jun 2017 23:29:23
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x66 (102)
AddressOfRawData : 0x25C84 | PointerToRawData : 0x24E84
CvSig : 0x53445352 | SigGuid 4C4059C0-45BB-4618-A7F8CB88858643DA
Age : 0x1 (1) | Pdb :
C:\Users\paulb\code\Squirrel\squirrel.windows\src\Setup\bin\Release\Setup.pdb
[Debug Info] (record 2 of 4) (file offset 0x2477C)
Characteristics : 0x0 | TimeDateStamp : 0x59485E53 (Mon 19th Jun 2017 23:29:23
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 12 (0xC) -> Undocumented | Size : 0x14 (20)
AddressOfRawData : 0x25CEC | PointerToRawData : 0x24EEC
[Debug Info] (record 3 of 4) (file offset 0x24798)
Characteristics : 0x0 | TimeDateStamp : 0x59485E53 (Mon 19th Jun 2017 23:29:23
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 13 (0xD) -> Undocumented | Size : 0x3A4 (932)
AddressOfRawData : 0x25D00 | PointerToRawData : 0x24F00
[Debug Info] (record 4 of 4) (file offset 0x247B4)
Characteristics : 0x0 | TimeDateStamp : 0x59485E53 (Mon 19th Jun 2017 23:29:23
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 14 (0xE) -> Undocumented | Size : 0x0 (0)
AddressOfRawData : 0x0 | PointerToRawData : 0x0
--- snip ---

The app installer uses Squirrel.Windows .NET component which is Open-Source.

https://github.com/Squirrel/Squirrel.Windows

The code that checks for user elevation is here:

https://github.com/Squirrel/Squirrel.Windows/blob/master/src/Setup/winmain.cpp#L49

--- snip ---
...
    bool weAreUACElevated = CUpdateRunner::AreWeUACElevated() == S_OK;
    bool attemptingToRerun = (cmdLine.Find(L"--rerunningWithoutUAC") >= 0);

    if (weAreUACElevated && attemptingToRerun) {
        CUpdateRunner::DisplayErrorMessage(CString(L"Please re-run this
installer as a normal user instead of \"Run as Administrator\"."), NULL);
        exitCode = E_FAIL;
        goto out;
        }
....

    // If we're UAC-elevated, we shouldn't be because it will give us
permissions
    // problems later. Just silently rerun ourselves.
    if (weAreUACElevated) {
        wchar_t buf[4096];
        HMODULE hMod = GetModuleHandle(NULL);
        GetModuleFileNameW(hMod, buf, 4096);
        wcscat(lpCmdLine, L" --rerunningWithoutUAC");

        CUpdateRunner::ShellExecuteFromExplorer(buf, lpCmdLine);
        exitCode = 0;
        goto out;
    }

    exitCode = CUpdateRunner::ExtractUpdaterAndRun(lpCmdLine, false);

...
--- snip ---

It shows even running the app with '--rerunningWithoutUAC' command line
parameter it won't work unless vanilla Wine partially implements bug 40613

CUpdateRunner::AreWeUACElevated() -> needs to be tricked.

--- snip ---
...
0033:Call advapi32.OpenProcessToken(ffffffff,00000008,0033de28) ret=0040622d
0033:Ret  advapi32.OpenProcessToken() retval=00000001 ret=0040622d
0033:Call
advapi32.GetTokenInformation(00000070,00000012,0033de30,00000004,0033de2c)
ret=0040625c
0033:fixme:ntdll:NtQueryInformationToken QueryInformationToken( ...,
TokenElevationType, ...) semi-stub
0033:Ret  advapi32.GetTokenInformation() retval=00000001 ret=0040625c
0033:Call KERNEL32.CloseHandle(00000070) ret=00406278
0033:Ret  KERNEL32.CloseHandle() retval=00000001 ret=00406278
0033:Call KERNEL32.lstrlenW(00424e38 L"Please re-run this installer as a normal
user instead of \"Run as Administrator\".") ret=00402267
0033:Ret  KERNEL32.lstrlenW() retval=00000050 ret=00402267 
...
--- snip ---

To verify with vanilla Wine 3.x without Wine-Staging patches I scripted
'winedbg' in gdb proxy mode with a one-liner to circumvent that UAC check.
It essentially hot-patches the bootstrapper at runtime. From first glance it
seems the UAC/elevation implementation part is not that relevant (except for
initial check).

--- snip ---
$ echo "set *((unsigned char *)0x0040625e) = 0xeb" | winedbg --gdb
./WhatsAppSetup.exe --rerunningWithoutUAC
--- snip ---

NOTE: The opcode location will likely change with newer installer versions,
it's just made for v0.2.8082. I could provide a script which identifies and
hot-patches the sequence more reliable for future installer versions.

With that magic in place the installer succeeds, it shows some splash screen
with animation which disappears after some time.
There is some cpu-eating process 'WhatsApp.exe' later on initial app autostart
- which is a different issue.

It seems the app itself makes use of "Electron" Open-Source
framework/technology which comes later handy for further analysis.

https://github.com/electron/electron

--- quote ---
The Electron framework lets you write cross-platform desktop applications using
JavaScript, HTML and CSS. It is based on Node.js and Chromium and is used by
the Atom editor and many other apps.
--- quote ---

Anyway, I've tried to match your console output with mine and likely found the
sequence in between but it went further.
I think the issue you encounter might be actually not present in Wine 3.x. or
maybe the Wine-Staging 2.21 patchset has some side-effect when applied to Wine
3.x

Do you have a full install at the time of the error?

--- snip ---
$ pwd
/home/focht/.wine/drive_c/users/focht/Local Settings/Application Data/WhatsApp

$ du -sh .
343M    .

$ tree --charset=ANSI -L 2 .
.
|-- app-0.2.8082
|   |-- blink_image_resources_200_percent.pak
|   |-- content_resources_200_percent.pak
|   |-- content_shell.pak
|   |-- d3dcompiler_47.dll
|   |-- ffmpeg.dll
|   |-- icudtl.dat
|   |-- libEGL.dll
|   |-- libGLESv2.dll
|   |-- LICENSE
|   |-- locales
|   |-- natives_blob.bin
|   |-- node.dll
|   |-- pdf_viewer_resources.pak
|   |-- resources
|   |-- snapshot_blob.bin
|   |-- squirrel.exe
|   |-- SquirrelSetup.log
|   |-- ui_resources_200_percent.pak
|   |-- views_resources_200_percent.pak
|   `-- WhatsApp.exe
|-- app.ico
|-- packages
|   |-- RELEASES
|   |-- SquirrelTemp
|   `-- WhatsApp-0.2.8082-full.nupkg
|-- Update.exe
`-- WhatsApp.exe

5 directories, 23 files
--- snip ---

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list