[Bug 44912] Tibia client reports 'Failed to launch game', needs ' ntdll.RtlCreateUserProcess' implementation

wine-bugs at winehq.org wine-bugs at winehq.org
Sun May 27 23:31:26 CDT 2018 

https://bugs.winehq.org/show_bug.cgi?id=44912

--- Comment #3 from dereklesho52 at Gmail.com ---
(In reply to Anastasius Focht from comment #0)
> Hello folks,
> 
> besides the traditional 'KERNEL32.CreateProcessW()' API it also uses native
> API to create process(es).
> 
> --- snip ---
> $ pwd
> /home/focht/winetest/drive_c/users/focht/Local Settings/Application
> Data/Tibia/packages/Tibia/bin
> 
> $ WINEDEBUG=+seh,+relay,+ntoskrnl,+ntdll wine ./client.exe >>log.txt 2>&1
> ...
> 003d:Call KERNEL32.CreateProcessW(00000000,001c8630
> L"\"C:\\users\\focht\\Local Settings\\Application
> Data\\Tibia\\packages\\Tibia\\bin\\client_launcher.exe\"
> ",00000000,00000000,00000000,00000410,00000000,01d7c6b8
> L"C:/users/focht/Local Settings/Application
> Data/Tibia/packages/Tibia/bin",0033cf2c,0033cf1c) ret=0047235f 
> ...
> 0044:Call KERNEL32.__wine_kernel_init() ret=7bc6d171 
> ...
> 003d:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=0047235f 
> ...
> 0044:Call KERNEL32.CreateProcessW(00000000,0033d6cc
> L"\"C:\\users\\focht\\Local Settings\\Application
> Data\\Tibia\\packages\\Tibia\\bin\\client_launcher.exe\"
> 3",00000000,00000000,00000000,00000410,00000000,00000000,0033d1a0,0033d190)
> ret=7e72e854 
> ...
> 0044:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=7e72e854 
> ...
> 0044:Call ntdll.RtlInitUnicodeString(0033e75c,00162030
> L"\"C:\\users\\focht\\Local Settings\\Application
> Data\\Tibia\\packages\\Tibia\\bin\\client_launcher.exe\" 6 ") ret=0045e9fe
> 0044:Ret  ntdll.RtlInitUnicodeString() retval=0033e75c ret=0045e9fe 
> ...
> 0044:Call
> ntdll.RtlCreateProcessParameters(0033e770,0033e764,00000000,00000000,
> 0033e75c,00000000,00000000,00000000,00000000,00000000) ret=004519b8
> ...
> 0044:Ret  ntdll.RtlCreateProcessParameters() retval=00000000 ret=004519b8
> ...
> 0044:Call
> ntdll.RtlCreateUserProcess(0033e764,00000040,00390000,00000000,00000000,
> 00000000,00000000,00000000,00000000,0033e780) ret=0046fb4d
> 0044:fixme:ntdll:RtlCreateUserProcess (0x33e764 64 0x390000 (nil) (nil)
> (nil) 0 (nil) (nil) 0x33e780): stub
> 0044:Ret  ntdll.RtlCreateUserProcess() retval=c0000002 ret=0046fb4d
> ...
> 0048:Call KERNEL32.GetStringTypeW(00000001,00162fe8 L"00:52:30: Launching
> game...\r\n00:52:30: Failed to launch game.\r\n",00000001,005bf46a)
> ret=7dde5042 
> --- snip ---
> 
> Wine currently has the process creation sequence not implemented at native
> API level (albeit it uses some native API calls). It would require a bit
> redesign/moving code (dlls/kernel32/process.c:create_process, ...) around
> but into places that would make Wine more compatible with Windows with
> regards to process creation (although the heavy lifting is done in Windows
> kernel).
> 
> * ntdll.NtCreateProcess
> * ntdll.RtlCreateUserProcess
> ...
> 
> Also related: bug 23451 ("VMWare Thinapps (packaged with version >4.5) and
> XenoCode wrapped apps fail to run (differences in process creation sequence
> at native API level)")
> 
> $ sha1sum Tibia_Setup.exe 
> 50951008ccc402cc32407bfc56a88da873e3e9bd  Tibia_Setup.exe
> 
> $ du -sh Tibia_Setup.exe 
> 5.2M    Tibia_Setup.exe
> 
> $ wine --version
> wine-3.5-107-gf4573adb0f
> 
> Regards

I am almost done getting create_process to work inside ntdll, just a few bugs
to clear up.  In the mean time, I have been researching the functionality of
RtlCreateUserProcess.

According to
https://malwaretips.com/threads/ntcreateuserprocess-api-hook-process-monitoring-c.75759/

In windows Vista and up, RtlCreateUserProcess simply maps to
NtCreateUserProcess, so when researching, that might be useful to find more
information.

Also, according to
http://www.rohitab.com/discuss/topic/40191-ntcreateuserprocess/

"On Windows Vista and later, the CreateProcessInternalW function uses the
NtCreateUserProcess function to create the new process."

Although it will probably suffice to have both NtCreateUserProcess and
CreateProcessInternalW call create_process.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list