[Bug 44617] Multiple Blizzard games need Win7+ ' user32.GetWindowDisplayAffinity' and 'user32.SetWindowDisplayAffinity' stubs (Diablo III v2. 6. 1. 49286+)

[wine-bugs at winehq.org]

https://bugs.winehq.org/show_bug.cgi?id=44617

--- Comment #4 from Anastasius Focht <focht at gmx.net> ---
Hello,

--- quote ---
Is it possible to enhance wines debug output so that future games that use this
kind of hidden imports get them automatically translated to cleartext?
--- quote ---

I'm not sure if I can further "ELI5" my comment #0

These type of apps/games/malware implement their own custom imports resolver.
The win32/64 API function resolving is done on the application side with no
visible API calls - it's walking/processing of in-memory data structures
(tables/lists).
Even if you would be able to trap memory accesses to the export table (outside
of Wine's scope) .. you wouldn't even know which API the code is trying to
lookup in case of Wine missing APIs (= reads until the end of list). One could
certainly trace the access and record the "index" of the API the hash was
generated for and later translate it back to real API in case of match ... but
that requires debugging and deep understanding of the code, along with some
fancy tracing. There is no way Wine could be of help here.

To make things more difficult it doesn't decrypt the encrypted (obfuscated)
module/API name strings to compare "cleartext" against data from the loader
linked lists/export tables. Instead it encrypts all the names and compares
against precomputed encrypted ones. That's a much more effective way to hide
all your doing - one is essentially forced to debug to see what's going on.

In short: No.

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.