[Bug 45998] New: 64-bit FACEIT Anti-cheat client claims " Your system is out of date, you are missing important Windows updates!" ( needs 'wintrust.CryptCATAdminAcquireContext2' stub)
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Oct 15 14:17:19 CDT 2018
https://bugs.winehq.org/show_bug.cgi?id=45998
Bug ID: 45998
Summary: 64-bit FACEIT Anti-cheat client claims "Your system is
out of date, you are missing important Windows
updates!" (needs
'wintrust.CryptCATAdminAcquireContext2' stub)
Product: Wine
Version: 3.18
Hardware: x86-64
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: wintrust
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Distribution: ---
Hello folks,
as it says.
Download: https://anticheat-client.faceit.com/FACEITInstaller_64.exe
--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/FACEIT AC
$ WINEDEBUG=+seh,+relay wine ./faceitclient.exe >>log.txt 2>&1
...
002c:Call KERNEL32.LoadLibraryA(141215440 "wintrust.dll") ret=1400b1653
002c:Ret KERNEL32.LoadLibraryA() retval=7fd071b90000 ret=1400b1653
002c:Call KERNEL32.GetProcAddress(7fd071b90000,141215450
"CryptCATAdminAcquireContext2") ret=1400b1670
002c:Ret KERNEL32.GetProcAddress() retval=00000000 ret=1400b1670
002c:Call KERNEL32.FreeLibrary(7fd071b90000) ret=1400b167c
002c:Ret KERNEL32.FreeLibrary() retval=00000001 ret=1400b167c
002c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000050) ret=1411adc3c
002c:Ret ntdll.RtlAllocateHeap() retval=000b09e0 ret=1411adc3c
002c:Call user32.MessageBoxA(00000000,000b09e0 "Your system is out of date, you
are missing important Windows updates!",00000000,00000010) ret=1400edd5d
...
--- snip ---
Microsoft Docs:
https://docs.microsoft.com/en-us/windows/desktop/api/mscat/nf-mscat-cryptcatadminacquirecontext2
--- quote ---
The CryptCATAdminAcquireContext2 function acquires a handle to a catalog
administrator context for a given hash algorithm and hash policy.
You can use this handle in subsequent calls to the following functions:
CryptCATAdminAddCatalog
CryptCATAdminEnumCatalogFromHash
CryptCATAdminRemoveCatalog
This function has no associated import library. You must use the LoadLibrary
and GetProcAddress functions to dynamically link to Wintrust.dll.
Syntax
BOOL CryptCATAdminAcquireContext2(
HCATADMIN *phCatAdmin,
const GUID *pgSubsystem,
PCWSTR pwszHashAlgorithm,
PCCERT_STRONG_SIGN_PARA pStrongHashPolicy,
DWORD dwFlags
);
--- quote ---
It's Windows 8+ API.
With a FIXME stub that prints parameters, returning FALSE:
--- snip ---
...
0064:Call KERNEL32.LoadLibraryA(141215440 "wintrust.dll") ret=1400b1653
0064:Ret KERNEL32.LoadLibraryA() retval=7f9b71860000 ret=1400b1653
0064:Call KERNEL32.GetProcAddress(7f9b71860000,141215450
"CryptCATAdminAcquireContext2") ret=1400b1670
0064:Ret KERNEL32.GetProcAddress() retval=7f9b718680d0 ret=1400b1670
0064:Call KERNEL32.FreeLibrary(7f9b71860000) ret=1400b167c
0064:Ret KERNEL32.FreeLibrary() retval=00000001 ret=1400b167c
--- snip ---
I didn't see any call to the stub, so one might get away even with
auto-generated unimplemented stub.
The client executable has some anti-debug trickery and custom obfuscation
scheme. Crashes later due to other insufficiencies though.
$ sha1sum FACEITInstaller_64.exe
ed8f8c2f6ec2d113bed882faa9d8b8a7a3b56a3c FACEITInstaller_64.exe
$ du -sh FACEITInstaller_64.exe
85M FACEITInstaller_64.exe
$ wine --version
wine-3.18
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list