[Bug 44235] EasyAntiCheat detects Wine as host platform/OS, causing failure to download correct EAC game client/driver modules ( avoid exporting 'wine_get_unix_file_name' by name)
wine-bugs at winehq.org
wine-bugs at winehq.org
Tue Jun 5 19:19:55 CDT 2018
https://bugs.winehq.org/show_bug.cgi?id=44235
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |download, obfuscation
Ever confirmed|0 |1
CC| |focht at gmx.net
Status|UNCONFIRMED |NEW
URL| |https://www.paladins.com/do
| |wnload
Summary|EasyAntiCheat downloads |EasyAntiCheat detects Wine
|incorrect platform |as host platform/OS,
|information on Wine and |causing failure to download
|games fail to run - wine64 |correct EAC game
|!= win64 |client/driver modules
| |(avoid exporting
| |'wine_get_unix_file_name'
| |by name)
Component|-unknown |kernel32
--- Comment #13 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming.
--- snip ---
$ find .wine -iname "*easyanti*"
.wine/drive_c/Program Files (x86)/EasyAntiCheat
.wine/drive_c/Program Files (x86)/EasyAntiCheat/EasyAntiCheat.exe
.wine/drive_c/Program Files (x86)/Hi-Rez
Studios/HiRezGames/paladins/Binaries/EasyAntiCheat
.wine/drive_c/Program Files (x86)/Hi-Rez
Studios/HiRezGames/paladins/Binaries/EasyAntiCheat/EasyAntiCheat_x86.dll
.wine/drive_c/Program Files (x86)/Hi-Rez
Studios/HiRezGames/paladins/Binaries/EasyAntiCheat/EasyAntiCheat_x64.dll
.wine/drive_c/Program Files (x86)/Hi-Rez
Studios/HiRezGames/paladins/Binaries/EasyAntiCheat/EasyAntiCheat_Setup.exe
--- snip ---
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Hi-Rez Studios
$ WINEDEBUG=+seh,+relay,+ntdll,+ntoskrnl wine ./HirezLauncherUI.exe product=402
game=400 >>log.txt 2>&1
...
0047:Ret PE DLL (proc=0x90c4d75,module=0x9080000
L"easyanticheat_x86.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
...
0047:Call KERNEL32.GetProcAddress(09080000,021d3ecc "CreateGameClient")
ret=00fd0a85
0047:Ret KERNEL32.GetProcAddress() retval=09099cd0 ret=00fd0a85
0047:Call KERNEL32.GetModuleHandleW(090ee828 L"kernel32.dll") ret=09099c0f
0047:Ret KERNEL32.GetModuleHandleW() retval=7b420000 ret=09099c0f
0047:Call KERNEL32.GetProcAddress(7b420000,090ee844 "wine_get_unix_file_name")
ret=09099c21
0047:Ret KERNEL32.GetProcAddress() retval=7b428c04 ret=09099c21
...
0047:Call msvcr110._vsnwprintf_s(0033e558,00000100,000000ff,021d408c
L"FEACClient being initialized",0033e768) ret=004e402c
...
005d:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4b56a0 ip=004b56a0
tid=005d
005d:trace:seh:raise_exception info[0]=00000000
005d:trace:seh:raise_exception info[1]=44359f2b
005d:trace:seh:raise_exception eax=04eb1c20 ebx=0920fe01 ecx=44359f2b
edx=00000000 esi=001d81b0 edi=001ec0a0
005d:trace:seh:raise_exception ebp=026e23d0 esp=0920f5fc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210206
005d:trace:seh:call_stack_handlers calling handler at 0x90e3d96 code=c0000005
flags=0
...
005d:Call msvcr110.?_wsopen@@YAHPB_WHHH at Z(03957760 L"C:/Program Files/Hi-Rez
Studios/HiRezGames/paladins/Binaries/Logs/system-2018-06-05.log",0000818a,00000010,00000180)
ret=036b86ce
...
005d:Call KERNEL32.OutputDebugStringA(0920d67c
"#-----------------#\r\n2018-06-05_21.18.02 - PID 70 - THR 93\r\n\r\nException
in [0] (SE): Access Violation at 0x00000000004B56A0\r\nBP: 0x00000000026E23D0 |
RetAddr: 0x0000000000000001 | IP: 0x00000000004B56A0 \r\nBP: 0x0000000001FC3C9C
| RetAddr: 0x00000000004DAD20 | IP: 0x0000000000000001 \r\nBP: "...)
ret=036d91ce
...
005d:Ret KERNEL32.OutputDebugStringA() retval=00000000 ret=036d91ce
...
--- snip ---
--- snip ---
...
0049F48C 68 F461FA01 PUSH Paladins.01FA61F4
0049F491 68 E6000000 PUSH 0E6
; ASCII "d:\build\1.0\development\src\core\inc\AntiCheatArray.h"
0049F496 68 9098FA01 PUSH Paladins.01FA9890
; ASCII "i>=0 && (i<Num()||(i==0 && Num()==0))"
0049F49B 68 C898FA01 PUSH Paladins.01FA98C8
0049F4A0 E8 1B860000 CALL Paladins.004A7AC0
0049F4A5 83C4 10 ADD ESP,10
0049F4A8 8B0D 98BE2103 MOV ECX,DWORD PTR DS:[321BE98]
0049F4AE 64:A1 2C000000 MOV EAX,DWORD PTR FS:[2C]
0049F4B4 68 00100000 PUSH 1000
0049F4B9 8B0488 MOV EAX,DWORD PTR DS:[EAX+ECX*4]
0049F4BC 6A 00 PUSH 0
0049F4BE 8B88 F0010000 MOV ECX,DWORD PTR DS:[EAX+1F0]
0049F4C4 A1 6C3F7802 MOV EAX,DWORD PTR DS:[2783F6C]
0049F4C9 3388 E00B0000 XOR ECX,DWORD PTR DS:[EAX+BE0]
0049F4CF E8 CC610100 CALL Paladins.004B56A0
0049F4D4 85C0 TEST EAX,EAX
0049F4D6 0F85 AC000000 JNZ Paladins.0049F588
...
004B56A0 8B11 MOV EDX,DWORD PTR DS:[ECX] ; *boom*
004B56A2 8B41 04 MOV EAX,DWORD PTR DS:[ECX+4]
004B56A5 235424 04 AND EDX,DWORD PTR SS:[ESP+4]
004B56A9 234424 08 AND EAX,DWORD PTR SS:[ESP+8]
004B56AD 0BD0 OR EDX,EAX
004B56AF 74 08 JE SHORT Paladins.004B56B9
004B56B1 B8 01000000 MOV EAX,1
004B56B6 C2 0800 RETN 8
--- snip ---
--- snip ---
EAX 0778CB80
ECX A5FECD82
EDX 00000000
EBX 0943FE01
ESP 0943F5FC
EBP 026E23D0 Paladins.026E23D0
ESI 001ADF68
EDI 001C22B0 ASCII "File not found:
EasyAntiCheat\Cache\easyanticheat_wine_x86.eac"
EIP 004B56A0 Paladins.004B56A0
C 0 ES 002B 32bit 0(FFFFFFFF)
P 1 CS 0023 32bit 0(FFFFFFFF)
A 0 SS 002B 32bit 0(FFFFFFFF)
Z 0 DS 002B 32bit 0(FFFFFFFF)
S 1 FS 0063 32bit 7FFD8000(FFF)
T 0 GS 006B 32bit 0(0)
D 0
O 0 LastErr ERROR_PATH_NOT_FOUND (00000003)
EFL 00210286 (NO,NB,NE,A,S,PE,L,LE)
0943F7F8 001C22B0 ASCII "File not found:
EasyAntiCheat\Cache\easyanticheat_wine_x86.eac"
0943F7FC 0943F908 ASCII "[EAC Callback] Code 902. Message: 'File not found:
EasyAntiCheat\Cache\easyanticheat_wine_x86.eac'."
...
0943FA98 |0932D318 ASCII "Connect result: No error (0) Response Code: 404
Destination IP: xx.xx.xx.xx"
...
0943FAFC 001CC8B0 ASCII 3C,"html>
<head><title>404 Not Found</title></head>
<body bgco"
0943FB00 09444020 ASCII "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
"
...
0943FC4C |001B2630 ASCII
"https://download.eac-cdn.com/api/v1/games/{{gameid}}/client/{{system}}/download/?uuid={{uuid}}"
--- snip ---
--- snip ---
0931E842 00 00 77 69 6E 65 5F 67 ..wine_g
0931E84A 65 74 5F 75 6E 69 78 5F et_unix_
0931E852 66 69 6C 65 5F 6E 61 6D file_nam
0931E85A 65 00 73 00 68 00 65 00 e.s.h.e.
0931E862 6C 00 6C 00 33 00 32 00 l.l.3.2.
0931E86A 2E 00 64 00 6C 00 6C 00 ..d.l.l.
0931E872 00 00 53 48 47 65 74 46 ..SHGetF
0931E87A 6F 6C 64 65 72 50 61 74 olderPat
0931E882 68 57 00 00 00 00 5C 00 hW....\.
0931E88A 45 00 61 00 73 00 79 00 E.a.s.y.
0931E892 41 00 6E 00 74 00 69 00 A.n.t.i.
0931E89A 43 00 68 00 65 00 61 00 C.h.e.a.
0931E8A2 74 00 00 00 00 00 25 00 t.....%.
0931E8AA 69 00 00 00 00 00 65 61 i.....ea
0931E8B2 73 79 61 6E 74 69 63 68 syantich
0931E8BA 65 61 74 5F 00 00 78 38 eat_..x8
0931E8C2 36 00 77 69 6E 36 34 00 6.win64.
0931E8CA 00 00 78 36 34 00 77 6F ..x64.wo
0931E8D2 77 36 34 5F 78 36 34 00 w64_x64.
0931E8DA 00 00 77 69 6E 36 34 5F ..win64_
0931E8E2 77 6F 77 36 34 00 78 36 wow64.x6
0931E8EA 34 5F 77 6F 77 36 34 00 4_wow64.
0931E8F2 00 00 77 69 6E 65 5F 78 ..wine_x
0931E8FA 38 36 00 00 00 00 77 69 86....wi
0931E902 6E 65 36 34 00 00 77 69 ne64..wi
0931E90A 6E 65 5F 78 36 34 00 00 ne_x64..
0931E912 00 00 49 4E 56 41 4C 49 ..INVALI
0931E91A 44 5F 53 59 53 54 45 4D D_SYSTEM
0931E922 00 00 2E 65 61 63 00 00 ...eac..
--- snip ---
--- snip ---
092C9C00 PUSH ESI
092C9C01 PUSH EDI
092C9C02 PUSH easyanti.0931E828 ; UNICODE "kernel32.dll"
092C9C07 MOV EDI,ECX
092C9C09 CALL DWORD PTR DS:[<&KERNEL32.GetModuleHandleW>]
092C9C0F MOV ESI,DWORD PTR DS:[<&KERNEL32.GetProcAddress>]
092C9C15 TEST EAX,EAX
092C9C17 JE SHORT easyanti.092C9C46
092C9C19 PUSH easyanti.0931E844 ; ASCII "wine_get_unix_file_name"
092C9C1E PUSH EAX
092C9C1F CALL ESI
092C9C21 TEST EAX,EAX
092C9C23 JE SHORT easyanti.092C9C46
092C9C25 PUSH 120
092C9C2A CALL easyanti.092F248A
092C9C2F ADD ESP,4
092C9C32 TEST EAX,EAX
092C9C34 JE SHORT easyanti.092C9C41
092C9C36 PUSH ECX
092C9C37 MOV ECX,EAX
092C9C39 CALL easyanti.092CA3F0
092C9C3E POP EDI
092C9C3F POP ESI
092C9C40 RETN
092C9C41 POP EDI
092C9C42 XOR EAX,EAX
092C9C44 POP ESI
092C9C45 RETN
092C9C46 PUSH EDI
092C9C47 PUSH 0EAC
092C9C4C CALL ESI
092C9C4E MOV ESI,EAX
092C9C50 TEST ESI,ESI
092C9C52 JNZ SHORT easyanti.092C9C6E
092C9C54 CALL DWORD PTR DS:[<&KERNEL32.GetCommandLineW>]
092C9C5A MOV ECX,EAX
092C9C5C CALL easyanti.092BA7A0
--- snip ---
One way to fix this but possibly breaking one way of detecting Wine is to
export 'wine_get_unix_file_name()' by ordinal using '-noname' in the .spec file
(using non-Windows allocated ordinal). I've tested this method and the client
EAC module is properly downloaded.
--- snip ---
$ find .wine -iname loader.log
.wine/drive_c/Program Files/Hi-Rez
Studios/HiRezGames/paladins/Binaries/Win32/loader.log
.wine/drive_c/users/focht/Application Data/EasyAntiCheat/112/loader.log
--- snip ---
--- snip ---
[2018.06.06-01.01.12] Loader initialized.
[2018.06.06-01.01.12] [Connection] Connecting to URL:
https://download.eac-cdn.com/api/v1/games/112/client/win32/download/?uuid=04e26bc4-d54e-2a70-6b86-466def91c858
[2018.06.06-01.01.12] Download Progress: 0%.
[2018.06.06-01.01.12] [Connection] [Connection Verbose] Shuffling 6 addresses
[2018.06.06-01.01.12] [Connection] [Connection Verbose] Trying
83.136.255.42...
[2018.06.06-01.01.12] [Connection] [Connection Verbose] TCP_NODELAY set
...
2018.06.06-01.01.12] Download Progress: 100%.
[2018.06.06-01.01.12] [Connection] [Connection Verbose] Connection #0 to host
download.eac-cdn.com left intact
--- snip ---
Anyway, apps shouldn't rely on the presence of Wine-specific API exports using
'GetProcAddress()' at all.
There is a failure loading the kernel driver later, but that's a different
issue.
$ sha1sum InstallPaladins.exe
f8d83d88635c0b94655cc301cb0e190d80b9cd77 InstallPaladins.exe
$ du -sh InstallPaladins.exe
72M InstallPaladins.exe
$ wine --version
wine-3.9-165-g11e3cf091d
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list