[Bug 50118] Genshin Impact launcher loops infinitely, causing netprofm:connection_GetAdapterId message spam (Qt5Network.dll, iphlpapi.GetAdaptersAddresses)

WineHQ Bugzilla wine-bugs at winehq.org
Mon Dec 21 08:57:12 CST 2020 

https://bugs.winehq.org/show_bug.cgi?id=50118

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net
           Keywords|                            |download
            Summary|connection_GetAdapterId     |Genshin Impact launcher
                   |infinite loop in            |loops infinitely, causing
                   |Qt5Network.dll              |netprofm:connection_GetAdap
                   |                            |terId message spam
                   |                            |(Qt5Network.dll,
                   |                            |iphlpapi.GetAdaptersAddress
                   |                            |es)
                URL|                            |https://genshinimpact.mihoy
                   |                            |o.com/client_app/launcher/2
                   |                            |0201223_d3fcf5785e92e37a/Ge
                   |                            |nshinImpact_install_2020121
                   |                            |1165103.exe

--- Comment #3 from Anastasius Focht <focht at gmx.net> ---
Hello,

--- quote ---
Greppting through the files reveals that "GetAdaptersAddresses" is used in
Qt5Network.dll, hence it might also affect other applications.
--- quote ---

--- quote ---
I can no longer reproduce this problem with a newer launcher version. Perhaps
this was an application issue.
--- quote ---

if you didn't switch the Wine version and didn't touch your Linux host network
setup between last tests then it's most likely a client update.

There were few updates to 'iphlpapi' component recently:

https://source.winehq.org/git/wine.git/history/56e7cd12ce0ce3bb331a8595b25aedb811b79110:/dlls/iphlpapi

If you suspect a specific third-party library being the problem it might be
useful to extract version information and also record checksum (in case vendor
doesn't update version resource).

If you don't want to use tools, just upload the binary (dll) to:

https://www.virustotal.com/gui/

It will scan the binary and extract all necessary information. It also
generates hashes to identify unique versions and dupes.

https://genshinimpact.mihoyo.com/client_app/launcher/20201223_d3fcf5785e92e37a/GenshinImpact_install_20201211165103.exe

https://web.archive.org/web/20201221143329/https://genshinimpact.mihoyo.com/client_app/launcher/20201223_d3fcf5785e92e37a/GenshinImpact_install_20201211165103.exe

I've downloaded it and scanned 'qt5network.dll'.

--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> Z:\home\focht\Downloads\Qt5Network.dll
File Type : 64-Bit Dll (Subsystem : Win GUI / 2), Size : 1326712 (0143E78h)
Byte(s) | Machine: 0x8664 (AMD64)
Compilation TimeStamp : 0x5D6EBEF2 -> Tue 03rd Sep 2019 19:28:50 (GMT)
[TimeStamp] 0x5D6EBEF2 -> Tue 03rd Sep 2019 19:28:50 (GMT) | PE Header | - |
Offset: 0x00000000:00000120 | VA: 0x00000001:80000120 | -
[TimeStamp] 0xFFFFFFFF -> Sun 07th Feb 2106 06:28:15 (GMT) | Export | - |
Offset: 0x00000000:00106944 | VA: 0x00000001:80107D44 | -
[TimeStamp] 0x5D6EBEF2 -> Tue 03rd Sep 2019 19:28:50 (GMT) | DebugDirectory | -
| Offset: 0x00000000:000F2CD4 | VA: 0x00000001:800F40D4 | -
[TimeStamp] 0x5D6EBEF2 -> Tue 03rd Sep 2019 19:28:50 (GMT) | DebugDirectory | -
| Offset: 0x00000000:000F2CF0 | VA: 0x00000001:800F40F0 | -
[TimeStamp] 0x5D6EBEF2 -> Tue 03rd Sep 2019 19:28:50 (GMT) | DebugDirectory | -
| Offset: 0x00000000:000F2D0C | VA: 0x00000001:800F410C | -
-> File Appears to be Digitally Signed @ Offset 0142800h, size : 01678h / 05752
byte(s)
[LoadConfig] Struct determined as v8 (Expected size 232 | Actual size 248)
[LoadConfig] CFG (/Guard) - Handler @ 0x1:800DDF28
[LoadConfig] CFG Table @ 0x0:00000000 | 0x00 (00) entries
[LoadConfig] CFG Flags : 0x100
[LoadConfig] CodeIntegrity -> Flags 0x0 | Catalog 0x0 (0) | Catalog Offset 0x0
| Reserved 0x0
[LoadConfig] GuardAddressTakenIatEntryTable 0x0:00000000 | Count 0x000000000
(00)
[LoadConfig] GuardLongJumpTargetTable 0x0:00000000 | Count 0x000000000 (00)
[LoadConfig] HybridMetadataPointer 0x1:00000000 | DynamicValueRelocTable
0x0:00000000
[LoadConfig] FailFastIndirectProc 0x800DA4E0:00000001 | FailFastPointer
0x800DDF38:00000001
[LoadConfig] UnknownZero1 0x0       0
[LoadConfig] CFG Data Present, yet setting is not present in the
DllCharacteristics.. patched out?
[File Heuristics] -> Flag #1 : 00000100000001001101000100000100 (0x0404D104)
[Entrypoint Section Entropy] : 6.26 (section #0) ".text   " | Size : 0xDA603
(894467) byte(s)
[DllCharacteristics] -> Flag : (0x0160) -> HEVA | ASLR | DEP
[SectionCount] 6 (0x6) | ImageSize 0x149000 (1347584) byte(s)
[Export] 100% of function(s) (1446 of 1446) are in file | 0 are forwarded |
1393 code | 53 data | 0 uninit data | 0 unknown | 
[VersionInfo] Company Name : The Qt Company Ltd.
[VersionInfo] Product Name : Qt5
[VersionInfo] Product Version : 5.12.5.0
[VersionInfo] File Description : C++ Application Development Framework
[VersionInfo] File Version : 5.12.5.0
[VersionInfo] Original FileName : Qt5Network.dll
[VersionInfo] Legal Copyrights : Copyright (C) 2019 The Qt Company Ltd.
[ModuleReport] [IAT] Modules -> Qt5Core.dll | DNSAPI.dll | IPHLPAPI.DLL |
ADVAPI32.dll | CRYPT32.dll | WS2_32.dll | MSVCP140.dll | KERNEL32.dll |
VCRUNTIME140.dll | api-ms-win-crt-runtime-l1-1-0.dll |
api-ms-win-crt-convert-l1-1-0.dll | api-ms-win-crt-stdio-l1-1-0.dll |
api-ms-win-crt-string-l1-1-0.dll | api-ms-win-crt-heap-l1-1-0.dll
[Debug Info] (record 1 of 3) (file offset 0xF2CD0)
Characteristics : 0x0 | TimeDateStamp : 0x5D6EBEF2 (Tue 03rd Sep 2019 19:28:50
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x46 (70) 
AddressOfRawData : 0xF8DD4 | PointerToRawData : 0xF79D4
CvSig : 0x53445352 | SigGuid 05BA99C5-D3BD-4AFF-97F3E0F46C0AD9A3
Age : 0x1 (1) | Pdb : C:\Users\qt\work\qt\qtbase\lib\Qt5Network.pdb
[Debug Info] (record 2 of 3) (file offset 0xF2CEC)
Characteristics : 0x0 | TimeDateStamp : 0x5D6EBEF2 (Tue 03rd Sep 2019 19:28:50
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 12 (0xC) -> Undocumented | Size : 0x14 (20) 
AddressOfRawData : 0xF8E1C | PointerToRawData : 0xF7A1C
[Debug Info] (record 3 of 3) (file offset 0xF2D08)
Characteristics : 0x0 | TimeDateStamp : 0x5D6EBEF2 (Tue 03rd Sep 2019 19:28:50
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 13 (0xD) -> Undocumented | Size : 0x34C (844) 
AddressOfRawData : 0xF8E30 | PointerToRawData : 0xF7A30
...
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.660 Second(s) [000000294h (660) tick(s)] [162 of 580 scan(s)
done]
--- snip ---

Maybe they've used an older version before.
It could have been something else in the caller of the API though (main exe).

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list