[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys', MRAC Anti-Cheat)
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri Apr 19 10:49:01 CDT 2019
https://bugs.winehq.org/show_bug.cgi?id=37355
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Multiple software |Multiple software
|protection schemes need |protection schemes need
|ntoskrnl |ntoskrnl
|'MmMapLockedPagesSpecifyCac |'MmMapLockedPagesSpecifyCac
|he' implementation (Tages |he' implementation (Tages
|Protection v5.x, |Protection v5.x,
|BattleEye's 'bedaisy.sys') |BattleEye's 'bedaisy.sys',
| |MRAC Anti-Cheat)
--- Comment #33 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
revisiting and adding another protection/anti-cheat scheme:
MRAC Anti-Cheat (My.Com Warface) -> continued from bug 47047
Download:
https://web.archive.org/web/20190331063634/http://static.gc.my.com/WarfaceMycomLoader.exe#0.7927247509897362
With that part(s) fixed, the driver passes the init sequence and processes IRPs
from client (MRAC service) ioctls.
--- snip ---
$ WINEDEBUG=+seh,+loaddll,+process,+ntoskrnl wine ./GameCenter.exe
...
0031:trace:ntoskrnl:load_driver loading driver
L"C:\\windows\\System32\\drivers\\mracdrv.sys"
0031:Call KERNEL32.LoadLibraryW(00032010
L"C:\\windows\\System32\\drivers\\mracdrv.sys") ret=7f12f8b0bc4c
...
0031:Ret KERNEL32.LoadLibraryW() retval=140000000 ret=7f12f8b0bc4c
...
0031:Call driver init 0x140098005
(obj=0x31c70,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\mracdrv")
...
0031:Call ntoskrnl.exe.ExAllocatePoolWithTag(00000000,00002000,4943414d)
ret=140ab5668
0031:Call ntdll.RtlAllocateHeap(00010000,00000000,00002000) ret=7f12f8b0b158
0031:trace:heap:RtlAllocateHeap (0x10000,70000062,00002000): returning 0x48ba0
0031:Ret ntdll.RtlAllocateHeap() retval=00048ba0 ret=7f12f8b0b158
0031:trace:ntoskrnl:ExAllocatePoolWithTag 8192 pool 0 -> 0x48ba0
0031:Ret ntoskrnl.exe.ExAllocatePoolWithTag() retval=00048ba0 ret=140ab5668
...
0031:Call ntoskrnl.exe.MmGetPhysicalAddress(00049000) ret=1403a839c
0031:fixme:ntoskrnl:MmGetPhysicalAddress stub: 0x49000
0031:Ret ntoskrnl.exe.MmGetPhysicalAddress() retval=00049000 ret=1403a839c
...
0031:Call
ntoskrnl.exe.IoAllocateMdl(00049000,00001000,00000000,00000000,00000000)
ret=140f3d8e4
0031:trace:ntoskrnl:IoAllocateMdl (0x49000, 4096, 0, 0, (nil))
0031:Call ntdll.RtlAllocateHeap(00010000,00000008,00000034) ret=7f12f8b0e514
0031:trace:heap:RtlAllocateHeap (0x10000,7000006a,00000034): returning 0x4abc0
0031:Ret ntdll.RtlAllocateHeap() retval=0004abc0 ret=7f12f8b0e514
0031:Ret ntoskrnl.exe.IoAllocateMdl() retval=0004abc0 ret=140f3d8e4
...
0031:Call ntoskrnl.exe.MmProbeAndLockPages(0004abc0,00000000,00000000)
ret=1403e3800
0031:fixme:ntoskrnl:MmProbeAndLockPages (0x4abc0, 0, 0): stub
0031:Ret ntoskrnl.exe.MmProbeAndLockPages() retval=0000003e ret=1403e3800
...
0031:Call
ntoskrnl.exe.MmMapLockedPagesSpecifyCache(0004abc0,00000000,00000001,00000000,00000000,00000010)
ret=140a50460
0031:fixme:ntoskrnl:MmMapLockedPagesSpecifyCache (0x4abc0, 0, 1, (nil), 0, 16):
stub
0031:Ret ntoskrnl.exe.MmMapLockedPagesSpecifyCache() retval=00049000
ret=140a50460
...
<repeats for more sets of buffers/MDLs>
...
0031:Ret driver init 0x140098005
(obj=0x31c70,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\mracdrv")
retval=00000000
...
--- snip ---
$ sha1sum WarfaceMycomLoader_805e0da40d16630c2fe73ed12399cb48_.exe
b07e87a029d6697ad823dc03fdbf297c406a91b9
WarfaceMycomLoader_805e0da40d16630c2fe73ed12399cb48_.exe
$ du -sh WarfaceMycomLoader_805e0da40d16630c2fe73ed12399cb48_.exe
6.8M WarfaceMycomLoader_805e0da40d16630c2fe73ed12399cb48_.exe
$ wine --version
wine-4.6-61-g085e58878f
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list