[Bug 4666] Many games bundled with HackShield anti-cheat system abort on startup with Hackshield error 108 (copy of system dlls, native vs. Wine placeholder)
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri Mar 8 15:03:11 CST 2019
https://bugs.winehq.org/show_bug.cgi?id=4666
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS|other |Linux
Hardware|Other |x86-64
Keywords| |download
URL|http://inixsoft.nefficient. |https://maplelegends.com/do
|co.kr/inixsoft/KalOnlineEng |wnload
|/KalOnlineSetupEng060214.ex |
|e |
--- Comment #59 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
revisiting, obviously still present.
I'm adjusting the download link to some working one -> Maple Story/Legends
NOTE: installer needs 'winetricks -q mfc42' (isskin.dll)
--- snip ---
$ pwd
/home/focht/.wine/drive_c/MapleLegends
$ WINEDEBUG=+seh,+loaddll,+module,+relay wine ./MapleLegends.exe >>log.txt 2>&1
...
002c:Call KERNEL32.GetModuleHandleA(009640ec "ws2_32.dll") ret=00b73097
002c:trace:module:LdrGetDllHandle L"ws2_32.dll" -> 0x7e150000 (load path
L"C:\\MapleLegends;C:\\windows\\system32;C:\\windows\\system;C:\\windows;.;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem")
002c:Ret KERNEL32.GetModuleHandleA() retval=7e150000 ret=00b73097
002c:Call KERNEL32.GetSystemDirectoryA(0033f504,00000104) ret=00b6b3ad
002c:Ret KERNEL32.GetSystemDirectoryA() retval=00000013 ret=00b6b3ad
002c:Call KERNEL32.GetTempPathA(00000104,0033f608) ret=00b6b3d5
002c:Ret KERNEL32.GetTempPathA() retval=00000014 ret=00b6b3d5
002c:Call KERNEL32.GetTempFileNameA(0033f608
"C:\\users\\focht\\Temp\\",009640e4 "nst",00000000,0033f608) ret=00b6b3df
002c:Ret KERNEL32.GetTempFileNameA() retval=00007f2e ret=00b6b3df
002c:Call KERNEL32.CopyFileA(0033f504
"C:\\windows\\system32\\ws2_32.dll",0033f608
"C:\\users\\focht\\Temp\\nst7f2e.tmp",00000000) ret=00b6b3e9
002c:Ret KERNEL32.CopyFileA() retval=00000001 ret=00b6b3e9
002c:Call KERNEL32.CreateFileA(0033f608
"C:\\users\\focht\\Temp\\nst7f2e.tmp",c0000000,00000003,00000000,00000003,00000080,00000000)
ret=00b6b3f3
002c:Ret KERNEL32.CreateFileA() retval=00000098 ret=00b6b3f3
002c:Call KERNEL32.ReadFile(00000098,0033f70c,00000040,0033f74c,00000000)
ret=00b6b3fd
002c:Ret KERNEL32.ReadFile() retval=00000001 ret=00b6b3fd
002c:Call KERNEL32.SetFilePointer(00000098,00000060,00000000,00000000)
ret=00b6b407
002c:Ret KERNEL32.SetFilePointer() retval=00000060 ret=00b6b407
002c:Call KERNEL32.ReadFile(00000098,0033f308,000000f8,0033f74c,00000000)
ret=00b6b411
002c:Ret KERNEL32.ReadFile() retval=00000001 ret=00b6b411
002c:Call KERNEL32.CloseHandle(00000098) ret=00b6b42f
002c:Ret KERNEL32.CloseHandle() retval=00000001 ret=00b6b42f
002c:Call KERNEL32.LoadLibraryExA(0033f608
"C:\\users\\focht\\Temp\\nst7f2e.tmp",00000000,00000008) ret=00b6b439
002c:trace:module:load_dll looking for L"C:\\users\\focht\\Temp\\nst7f2e.tmp"
in
L"C:\\users\\focht\\Temp;C:\\windows\\system32;C:\\windows\\system;C:\\windows;.;C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem"
002c:trace:module:map_image mapped PE file at 0x14b0000-0x14b4000
002c:trace:module:map_image mapping section .text at 0x14b1000 off 200 size 5
virt 1000 flags 60000020
002c:trace:module:map_image clearing 0x14b1200 - 0x14b2000
002c:trace:module:map_image mapping section .reloc at 0x14b2000 off 400 size 8
virt 1000 flags 42000040
002c:trace:module:map_image clearing 0x14b2200 - 0x14b3000
002c:trace:module:map_image mapping section .rsrc at 0x14b3000 off 600 size 3ac
virt 1000 flags 40000040
002c:trace:module:map_image clearing 0x14b3400 - 0x14b4000
002c:trace:module:get_load_order looking for
L"C:\\users\\focht\\Temp\\nst7f2e.tmp"
002c:trace:module:get_load_order got hardcoded default for
L"C:\\users\\focht\\Temp\\nst7f2e.tmp"
002c:trace:module:load_dll L"\\??\\C:\\users\\focht\\Temp\\nst7f2e.tmp" is a
fake Wine dll
002c:trace:module:load_builtin_dll Trying built-in L"nst7f2e.tmp"
002c:warn:module:load_builtin_dll cannot open .so lib for builtin
L"nst7f2e.tmp":
/home/focht/projects/wine/mainline-install-x86_64/bin/../lib/wine/nst7f2e.tmp.so:
cannot open shared object file: No such file or directory
002c:warn:module:load_dll Failed to load module
L"C:\\users\\focht\\Temp\\nst7f2e.tmp"; status=c0000135
002c:Ret KERNEL32.LoadLibraryExA() retval=00000000 ret=00b6b439
002c:trace:seh:raise_exception code=c0000005 flags=0 addr=0x258 ip=00000258
tid=002c
002c:trace:seh:raise_exception info[0]=00000000
002c:trace:seh:raise_exception info[1]=00000258
002c:trace:seh:raise_exception eax=00000000 ebx=00000000 ecx=0033f40c
edx=00110064 esi=00978248 edi=0097bc68
002c:trace:seh:raise_exception ebp=0033fa20 esp=0033f758 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
002c:trace:seh:call_stack_handlers calling handler at 0x8e1f6a code=c0000005
flags=0
002c:trace:seh:call_stack_handlers handler at 0x8e1f6a returned 1
002c:trace:seh:call_stack_handlers calling handler at 0x8e1e9f code=c0000005
flags=0
002c:Call KERNEL32.GetLastError() ret=0087e379
002c:Ret KERNEL32.GetLastError() retval=0000007e ret=0087e379
002c:trace:seh:call_stack_handlers handler at 0x8e1e9f returned 1
002c:trace:seh:call_stack_handlers calling handler at 0x87b11c code=c0000005
flags=0
--- snip ---
Just for proof (it's the pristine 32-bit placeholder and the copy):
--- snip ---
$ cmp -b windows/system32/ws2_32.dll users/focht/Temp/nst7f2e.tmp
$ winedump windows/system32/ws2_32.dll
Contents of windows/system32/ws2_32.dll: 2476 bytes
*** This is a Wine fake DLL ***
File Header
Machine: 014C (i386)
Number of Sections: 3
TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970) offset 104
PointerToSymbolTable: 00000000
NumberOfSymbols: 00000000
SizeOfOptionalHeader: 00E0
Characteristics: 2022
EXECUTABLE_IMAGE
LARGE_ADDRESS_AWARE
DLL
Optional Header (32bit)
Magic 0x10B 267
linker version 7.10
size of code 0x5 5
size of initialized data 0x0 0
size of uninitialized data 0x0 0
entrypoint RVA 0x1000 4096
base of code 0x1000 4096
base of data 0x0 0
image base 0x10000000 268435456
section align 0x1000 4096
file align 0x200 512
required OS version 1.00
image version 0.00
subsystem version 4.00
Win32 Version 0x0 0
size of image 0x4000 16384
size of headers 0x200 512
checksum 0x0 0
Subsystem 0x0 (Unknown)
DLL characteristics: 0x100
NX_COMPAT
stack reserve size 0x100000 1048576
stack commit size 0x1000 4096
heap reserve size 0x100000 1048576
heap commit size 0x1000 4096
loader flags 0x0 0
RVAs & sizes 0x10 16
Data Directory
EXPORT rva: 0x0 size: 0x0
IMPORT rva: 0x0 size: 0x0
RESOURCE rva: 0x3000 size: 0x3ac
EXCEPTION rva: 0x0 size: 0x0
SECURITY rva: 0x0 size: 0x0
BASERELOC rva: 0x2000 size: 0x8
DEBUG rva: 0x0 size: 0x0
ARCHITECTURE rva: 0x0 size: 0x0
GLOBALPTR rva: 0x0 size: 0x0
TLS rva: 0x0 size: 0x0
LOAD_CONFIG rva: 0x0 size: 0x0
Bound IAT rva: 0x0 size: 0x0
IAT rva: 0x0 size: 0x0
Delay IAT rva: 0x0 size: 0x0
CLR Header rva: 0x0 size: 0x0
rva: 0x0 size: 0x0
Done dumping windows/system32/ws2_32.dll
--- snip ---
We need to come up with better approach. One idea was briefly discussed during
last WineConf 2018. Instead of emitting fake dlls at Wine build time, a helper
tool could load all the dlls and dump/write out PE files from the in-memory
representation (before loader fixups) at prefix creation/update time. This
would also solve a number of bugs with protection schemes that compare disk vs.
in-memory layout of PEs.
$ sha1sum MapleLegendsFeb2202019.exe
2bb2e9f644e125776216540377d3a5b832874ccc MapleLegendsFeb2202019.exe
$ du -sh MapleLegendsFeb2202019.exe
1.9G MapleLegendsFeb2202019.exe
$ wine --version
wine-4.3-188-gab7756619c
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list