[Bug 45377] StreetFighter V Arcade Edition (Steam) custom protection scheme requires pids/tids to be multiples of four

WineHQ Bugzilla wine-bugs at winehq.org
Tue Apr 28 13:10:39 CDT 2020 

https://bugs.winehq.org/show_bug.cgi?id=45377

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
            Summary|StreetFighter V Arcade      |StreetFighter V Arcade
                   |Edition (Steam) custom      |Edition (Steam) custom
                   |protection scheme fails to  |protection scheme requires
                   |validate in-memory          |pids/tids to be multiples
                   |'ntdll.dll' PE header       |of four
                   |against on-disk fake-dll    |
             Status|NEW                         |RESOLVED
          Component|ntdll                       |wineserver
      Fixed by SHA1|                            |daa120309e1f674a251497ff6a0
                   |                            |14168d339c90c

--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello Rémi,

well, I didn't revisit this one for a long time since it was depending on
Wine-Staging patchset(s) and potentially on the conversion of core dlls to PE
format which is the proper way. Not all protection schemes need syscall-style
entries/thunks.

In general I try to avoid analysing too much further to not let people
cherry-pick things into mainline while Staging patches keep living on forever.
Kind of putting some pressure to continue upstreaming things.

I will refine the ticket summary to target the specific issue you fixed. Good
work! All other issues are already tracked in different tickets along with
their Wine-Staging patchset(s).

https://source.winehq.org/git/wine.git/commitdiff/daa120309e1f674a251497ff6a014168d339c90c
("server: Make sure pids/tids are multiples of four.")

--- snip ---
Street Fighter V unpacker relies on it when validating other processes
for its anti-debug checks, it uses (PID&0xfffffffc)>>2 as an array index
and then checks back indexes against PIDs, and terminates early if some
PIDs do not match.
--- snip ---

Thanks Rémi

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list