[Bug 48997] Riot Vanguard (Riot Games) 'vgk.sys' crashes in driver entry (needs more reasonable CR0 register values in instruction emulation)
WineHQ Bugzilla
wine-bugs at winehq.org
Thu Apr 23 04:19:48 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=48997
--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello Fabian,
--- quote ---
Do you know what they do with that value from CR0? I mean, what's the point
when it's always the same?
--- quote ---
well in case of CR0 only basic checks are done. If CR0 contains nonsense values
like in case Wine one can be sure something is fishy and refuse to run further.
Things like not being in protected mode, paging disabled, write protect
disabled (no traps of ring0 access to read-only ring3 pages) etc.
For me it looks like the code is part of a "suite" they might have copied from
some anti-debug cookbook or general RCE whitepapers to check if Windows runs
under control of a Hypervisor/VMM. There are multiple checks of special
function/system register values.
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list