[Bug 44704] Screenhero 0.14.x installer crashes after PE digital signature validation failure (message id 0x800b0109, CERT_E_UNTRUSTEDROOT not found)
wine-bugs at winehq.org
wine-bugs at winehq.org
Sat Mar 10 13:25:30 CST 2018
https://bugs.winehq.org/show_bug.cgi?id=44704
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |Installer
Summary|Screenhero installer runs |Screenhero 0.14.x installer
|into crash window (Access |crashes after PE digital
|Violation) |signature validation
| |failure (message id
| |0x800b0109,
| |CERT_E_UNTRUSTEDROOT not
| |found)
CC| |focht at gmx.net
--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
confirming.
The installer requires (install blockers):
* .NET Framework 4.0
* Windows 7 setting
--- snip ---
$ WINEDEBUG=+seh,+relay,+crypt,+wintrust wine ./Screenhero014-Latest-setup.exe
>>log.txt 2>&1
...
0058:Call shell32.ShellExecuteExW(00bef2bc) ret=004a6182
...
0058:Call KERNEL32.CreateProcessW(00000000,00bedf7c
L"\"Z:\\home\\focht\\Downloads\\Screenhero014-Latest-setup.exe\" /i
\"C:\\users\\focht\\Application Data\\Screenhero, Inc\\Screenhero
0.14.3000\\install\\Screenhero-0.14.3000-setup.msi\" /L*V
\"C:\\users\\focht\\Application Data\\Screenhero, Inc.\\screenhero-setup.log\"
EXECUTEACTION=\"INSTALL\"
SECOND"...,00000000,00000000,00000000,00000410,00000000,00000000,00beda50,00beda40)
ret=7e7f68d4
...
0061:Call KERNEL32.__wine_kernel_init() ret=7bc6b4c9
0058:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7e7f68d4
...
0058:Ret shell32.ShellExecuteExW() retval=00000001 ret=004a6182
...
0061:Call msi.MsiEnableLogW(00001f9f,005a70d8 L"C:\\users\\focht\\Application
Data\\Screenhero, Inc.\\screenhero-setup.log",00000000) ret=004a7c8a
...
0061:Call msi.MsiOpenPackageW(005a6ff0 L"C:\\users\\focht\\Application
Data\\Screenhero, Inc\\Screenhero
0.14.3000\\install\\Screenhero-0.14.3000-setup.msi",0033f67c) ret=004a84e8
...
0061:Ret msi.MsiOpenPackageW() retval=00000000 ret=004a84e8
...
0061:Call msi.MsiGetFileSignatureInformationW(005acb58
L"Z:\\home\\focht\\Downloads\\Screenhero014-Latest-setup.exe",00000001,0033f0a0,00000000,00000000)
ret=004a5429
...
0061:trace:wintrust:WINTRUST_GetSignedMsgFromPEFile (0x1875f8 0x168cf0 0
0x33ed30 0x187c10)
...
0061:Call imagehlp.ImageGetCertificateData(00000088,00000000,00189818,0033ebbc)
ret=7cd889fa
...
0061:Ret imagehlp.ImageGetCertificateData() retval=00000001 ret=7cd889fa
...
0061:trace:crypt:check_and_store_certs Added 148 root certificates
...
0061:trace:crypt:CertVerifyCertificateChainPolicy returning 1 (800b0109)
0061:Ret crypt32.CertVerifyCertificateChainPolicy() retval=00000001
ret=7cd920e1
0061:trace:wintrust:SoftpubAuthenticode returning 1 (800b0109)
0061:Ret wintrust.SoftpubAuthenticode() retval=00000001 ret=7cd92eba
0061:trace:wintrust:WINTRUST_DefaultVerify returning 800b0109
0061:trace:wintrust:WinVerifyTrust returning 800b0109
0061:Ret wintrust.WinVerifyTrustEx() retval=800b0109 ret=7ce684db
0061:Call wintrust.WinVerifyTrustEx(ffffffff,7cf4736c,0033efa4) ret=7ce685cc
0061:trace:wintrust:WinVerifyTrust (0xffffffff,
{00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0x33efa4)
0061:trace:wintrust:dump_wintrust_data 0x33efa4
0061:trace:wintrust:dump_wintrust_data cbStruct: 52
0061:trace:wintrust:dump_wintrust_data pPolicyCallbackData: (nil)
0061:trace:wintrust:dump_wintrust_data pSIPClientData: (nil)
0061:trace:wintrust:dump_wintrust_data dwUIChoice: 2
0061:trace:wintrust:dump_wintrust_data fdwRevocationChecks: 00000001
0061:trace:wintrust:dump_wintrust_data dwUnionChoice: 1
0061:trace:wintrust:dump_file_info 0x33ef94
0061:trace:wintrust:dump_file_info cbStruct: 16
0061:trace:wintrust:dump_file_info pcwszFilePath:
L"Z:\\home\\focht\\Downloads\\Screenhero014-Latest-setup.exe"
0061:trace:wintrust:dump_file_info hFile: 0x88
0061:trace:wintrust:dump_file_info pgKnownSubject: (null)
0061:trace:wintrust:dump_wintrust_data dwStateAction: 2
0061:trace:wintrust:dump_wintrust_data hWVTStateData: 0x168cb8
0061:trace:wintrust:dump_wintrust_data pwszURLReference: (null)
0061:trace:wintrust:dump_wintrust_data dwProvFlags: 00000000
0061:trace:wintrust:dump_wintrust_data dwUIContext: 1
0061:trace:wintrust:WINTRUST_DefaultClose (0xffffffff,
{00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0x33efa4)
...
0061:trace:wintrust:WINTRUST_DefaultClose returning 00000000
0061:trace:wintrust:WinVerifyTrust returning 00000000
0061:Ret wintrust.WinVerifyTrustEx() retval=00000000 ret=7ce685cc
0061:Ret msi.MsiGetFileSignatureInformationW() retval=800b0109 ret=004a5429
0061:Call
KERNEL32.FormatMessageW(00001300,00000000,800b0109,00000400,0033f048,00000000,00000000)
ret=004a6951
0061:Ret KERNEL32.FormatMessageW() retval=00000000 ret=004a6951
0061:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4c04be ip=004c04be
tid=0061
0061:trace:seh:raise_exception info[0]=00000000
0061:trace:seh:raise_exception info[1]=00000000
0061:trace:seh:raise_exception eax=00000000 ebx=00000000 ecx=0033f0b0
edx=0000013d esi=0033f0b0 edi=0033f0b0
0061:trace:seh:raise_exception ebp=0033f018 esp=0033f018 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010206
...
--- snip ---
ProtectionID scan:
--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> Z:\home\focht\Downloads\Screenhero014-Latest-setup.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 29436312 (01C12998h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x5321B4DE -> Thu 13th Mar 2014 13:38:38 (GMT)
[TimeStamp] 0x5321B4DE -> Thu 13th Mar 2014 13:38:38 (GMT) | PE Header | - |
Offset: 0x00000100 | VA: 0x00400100 | -
[TimeStamp] 0x5321B4DE -> Thu 13th Mar 2014 13:38:38 (GMT) | DebugDirectory | -
| Offset: 0x000F8854 | VA: 0x004F9854 | -
-> File Appears to be Digitally Signed @ Offset 01C10D98h, size : 01C00h /
07168 byte(s)
-> File has 27769752 (01A7BB98h) bytes of appended data starting at offset
0195200h
[LoadConfig] Struct determined as v8 (Expected size 140 | Actual size 64)
[!] Executable uses SEH Tables (/SAFESEH) (1411 calculated 1411 recorded... 0
invalid addresses)
[LoadConfig] CodeIntegrity -> Flags 0x1 | Catalog 0x0 (0) | Catalog Offset
0x425C3A44 | Reserved 0x636E6172
[LoadConfig] GuardAddressTakenIatEntryTable 0x5C494168 | Count 0x5C6E6977
(1550739831)
[LoadConfig] GuardLongJumpTargetTable 0x656C6552 | Count 0x5C657361
(1550152545)
[LoadConfig] HybridMetadataPointer 0x62757473 | DynamicValueRelocTable
0x38785C73
[LoadConfig] FailFastIndirectProc 0x78455C36 | FailFastPointer 0x6E726574
[LoadConfig] UnknownZero1 0x69556C61
[File Heuristics] -> Flag #1 : 00000100000001001101000000000100 (0x0404D004)
[Entrypoint Section Entropy] : 6.63 (section #0) ".text " | Size : 0xF7A5E
(1014366) byte(s)
[DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA
[SectionCount] 5 (0x5) | ImageSize 0x19E000 (1695744) byte(s)
[VersionInfo] Company Name : Screenhero. Inc.
[VersionInfo] Product Name : Screenhero
[VersionInfo] Product Version : 0.14.3000
[VersionInfo] File Description : This installer database contains the logic and
data required to install Screenhero.
[VersionInfo] File Version : 0.14.3000
[VersionInfo] Original FileName : Screenhero-0.14.3000-setup.exe
[VersionInfo] Internal Name : Screenhero-0.14.3000-setup
[VersionInfo] Legal Copyrights : Copyright (C) 2014 Screenhero. Inc.
[ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | GDI32.dll |
ADVAPI32.dll | SHELL32.dll | ole32.dll | OLEAUT32.dll | dbghelp.dll |
SHLWAPI.dll | COMCTL32.dll | MSIMG32.dll | VERSION.dll | NETAPI32.dll |
COMDLG32.dll
[ModuleReport] [DelayImport] Modules -> msi.dll | gdiplus.dll | UxTheme.dll |
WININET.dll | dwmapi.dll
[Debug Info] (record 1 of 1) (file offset 0xF8850)
Characteristics : 0x0 | TimeDateStamp : 0x5321B4DE (Thu 13th Mar 2014 13:38:38
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x49 (73)
AddressOfRawData : 0x114540 | PointerToRawData : 0x113540
CvSig : 0x53445352 | SigGuid 1309F411-C7D7-4635-9AD68613C1162104
Age : 0x1 (1) | Pdb : D:\BranchAI\win\Release\stubs\x86\ExternalUi.pdb
[-= Installer =-] Advanced Installer Module !
[CompilerDetect] -> Visual C++ 9.0 (Visual Studio 2008)
- Scan Took : 0.752 Second(s) [0000002F0h (752) tick(s)] [566 of 580 scan(s)
done]
...
--- snip ---
Using Sigcheck v2.60 tool:
https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
--- snip ---
$ wine ./sigcheck.exe -a -i ./Screenhero014-Latest-setup.exe
Sigcheck v2.60 - File version and signature viewer
Copyright (C) 2004-2017 Mark Russinovich
Sysinternals - www.sysinternals.com
...
Z:\home\focht\Downloads\Screenhero014-Latest-setup.exe:
Verified: Error -2146762487 (0x800b0109)
Link date: 2:38 PM 3/13/2014
Signing date: 6:21 PM 3/10/2018
Publisher: n/a
Company: Screenhero, Inc.
Description: This installer database contains the logic and data
required to install Screenhero.
Product: Screenhero
Prod version: 0.14.3000
File version: 0.14.3000
MachineType: 32-bit
Binary Version: 0.14.3000.0
Original Name: Screenhero-0.14.3000-setup.exe
Internal Name: Screenhero-0.14.3000-setup
Copyright: Copyright (C) 2014 Screenhero, Inc.
Comments: n/a
Entropy: 7.945
--- snip ---
I guess the signature validation succeeds on Windows?
Might be interesting to see the output with 'Sigcheck' tool on the installer
from Windows.
Anyway, there are two bugs: the signature verification should succeed and the
missing message id.
$ sha1sum Screenhero014-Latest-setup.exe
ae1f5edb400bf7dd93a6730d272d8c1655302ae9 Screenhero014-Latest-setup.exe
$ du -sh Screenhero014-Latest-setup.exe
29M Screenhero014-Latest-setup.exe
$ wine --version
wine-3.3-128-gdfde119538
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list