[Bug 42391] Multiple E-Banking applications by KOBIL Systems GmbH wrapped with BoxedApp protection scheme crash on startup (MigrosBank EBanking 8.2.x, Sparda Bank SecureApp 1.x)
wine-bugs at winehq.org
wine-bugs at winehq.org
Mon Apr 22 10:02:24 CDT 2019
https://bugs.winehq.org/show_bug.cgi?id=42391
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |DUPLICATE
Summary|SpardaSecureApp: crashes on |Multiple E-Banking
|startup |applications by KOBIL
| |Systems GmbH wrapped with
| |BoxedApp protection scheme
| |crash on startup
| |(MigrosBank EBanking 8.2.x,
| |Sparda Bank SecureApp 1.x)
Status|NEW |RESOLVED
Keywords| |obfuscation
Component|-unknown |ntdll
CC| |focht at gmx.net
--- Comment #5 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
there are a number of bugs related to BoxedApp protection scheme (native
API/WindowsOS loader compatibility).
* bug 22797 ("BoxedApp (native API application virtualization scheme) SDK
v3.3.x examples fail") -> meta-bug, was already partially de-duplicated in
https://bugs.winehq.org/show_bug.cgi?id=22797#c3
* bug 23451 ("VMWare Thinapps (packaged with version >4.5) and XenoCode wrapped
apps fail to run (differences in process creation sequence at native API
level)")
* bug 33236 ("Multiple application virtualization schemes rely on LdrLoadDll to
behave like native Windows loader (NtOpenFile, NtXXXSection) (VMWare ThinApp
4.x, BoxedApp)")
>From quick debugging session in Wow64 WINEPREFIX, I've identified a dozen of
old and new issues .. but none of them were related PEB/TEB/wow64 layout Dmitri
was talking about in comment #3 . The apps likely evolved/got updated hence the
original issue might not be reproducible anymore. That's why I try to snapshot
every installer at the time of bug report via Internet Archive/Wayback machine.
I've tested the old Wine version 2.1 this bug was reported against with the
current app versions. I immediately found missing native API
'ntdll.LdrRegisterDllNotification' being the first/blocker problem. The
protection calls it in TLS callback/startup code, causing a crash.
--- snip ---
Unhandled exception: page fault on read access to 0x00000000 in 32-bit code
(0x00000000).
Register dump:
CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
EIP:00000000 ESP:0033fda4 EBP:0033fe08 EFLAGS:00010202( R- -- I - - - )
EAX:00360000 EBX:7b639000 ECX:7487626c EDX:00000000
ESI:2004d25c EDI:20010000
...
Backtrace:
=>0 0x00000000 (0x0033fe08)
1 0x2003c18c in spardasecureapp (+0x3c18b) (0x0033fe1c)
2 0x20029437 in spardasecureapp (+0x29436) (0x0033fe60)
3 0x7b45ec9c call_process_entry+0xb() in kernel32 (0x0033fe78)
4 0x7b45fc2a start_process+0x59(peb=<couldn't compute location>)
[/home/focht/projects/wine/mainline-src-2.1/dlls/kernel32/process.c:1108] in
kernel32 (0x0033fea8)
5 0x7bc7db9c call_thread_func_wrapper+0xb() in ntdll (0x0033fec8)
6 0x7bc80909 call_thread_func+0xa8(entry=0x7b45fbd0, arg=0x7ffdf000,
frame=0x33ffc8)
[/home/focht/projects/wine/mainline-src-2.1/dlls/ntdll/signal_i386.c:2759] in
ntdll (0x0033ffa8)
7 0x7bc7db7a call_thread_entry_point+0x11() in ntdll (0x0033ffc8)
8 0x7bc529b7 start_process+0x16(kernel_start=0x7b45fbd0)
[/home/focht/projects/wine/mainline-src-2.1/dlls/ntdll/loader.c:3047] in ntdll
(0x0033ffe8)
9 0xf7d544bd wine_call_on_stack+0x1c() in libwine.so.1 (0x00000000)
10 0xf7d54620 wine_switch_to_stack+0x1f(func=0x7bc529a0, arg=0x7b45fbd0,
stack=0x340000)
[/home/focht/projects/wine/mainline-src-2.1/libs/wine/port.c:77] in
libwine.so.1 (0xffd9ec88)
11 0x7bc5854d LdrInitializeThunk+0x1ec(kernel_start=<couldn't compute
location>, unknown2=<couldn't compute location>, unknown3=<couldn't compute
location>, unknown4=<couldn't compute location>)
[/home/focht/projects/wine/mainline-src-2.1/dlls/ntdll/loader.c:3103] in ntdll
(0xffd9ecc8)
12 0x7b465c43 __wine_kernel_init+0xae2()
[/home/focht/projects/wine/mainline-src-2.1/dlls/kernel32/process.c:1302] in
kernel32 (0xffd9fbb8)
13 0x7bc6bc0e relay_call+0x39() in ntdll (0xffd9fbd8)
14 0x7b428235 in kernel32 (+0x18234) (0xffd9fc48)
15 0x7bc593dc __wine_process_init+0x1fb()
[/home/focht/projects/wine/mainline-src-2.1/dlls/ntdll/loader.c:3312] in ntdll
(0xffd9fc48)
16 0xf7d53ae8 wine_init+0x2a7(argc=0x2, argv=0xffda0184, error="",
error_size=0x400)
[/home/focht/projects/wine/mainline-src-2.1/libs/wine/loader.c:956] in
libwine.so.1 (0xffd9fc98)
17 0x7c000a3a main+0x79(argc=<is not available>, argv=<is not available>)
[/home/focht/projects/wine/mainline-src-2.1/loader/main.c:254] in <wine-loader>
(0xffda00d8)
18 0xf7b630d1 __libc_start_main+0xf0() in libc.so.6 (0x00000000)
0x00000000: -- no code accessible --
Modules:
Module Address Debug info Name (24 modules)
PE 20000000-200d8000 Export spardasecureapp
ELF 7b400000-7b7e1000 Dwarf kernel32<elf>
\-PE 7b410000-7b7e1000 \ kernel32
ELF 7bc00000-7bcf5000 Dwarf ntdll<elf>
\-PE 7bc10000-7bcf5000 \ ntdll
ELF 7c000000-7c004000 Dwarf <wine-loader>
...
ELF f7b49000-f7cec000 Dwarf libc.so.6
ELF f7cec000-f7d0b000 Deferred libpthread.so.0
ELF f7d4d000-f7f03000 Dwarf libwine.so.1
ELF f7f05000-f7f2e000 Deferred ld-linux.so.2
ELF f7f31000-f7f32000 Deferred [vdso].so
Threads:
process tid prio (all id:s are in hex)
...
00000032 SpardaSecureApp.exe
00000033 0
00000034 (D) C:\users\focht\Application
Data\Sparda\AST-Client\SpardaSecureApp.exe
00000035 0 <==
...
--- snip ---
Instead of recycling this bug for a new issue, resolving as dupe of bug 44585
unless Dmitri digs out an old app version which highlights the PEB/TEB/wow64
layout issue he was talking about.
I will create new tickets for other interesting issues which are reproducible
with current version of the apps.
$ sha1sum spardasecureapp_p.exe
d579216a3a61555c68a75636893216b8a4233737 spardasecureapp_p.exe
$ du -sh spardasecureapp_p.exe
9.6M spardasecureapp_p.exe
$ wine --version
wine-2.1-1-g999afbeed5
Regards
*** This bug has been marked as a duplicate of bug 44585 ***
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list