[Bug 49198] Denuvo Anti-Cheat 'denuvo-anti-cheat.sys' crashes in entry point (incorrect page protection restored during relocation processing)
WineHQ Bugzilla
wine-bugs at winehq.org
Fri May 22 03:17:55 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=49198
--- Comment #3 from Anastasius Focht <focht at gmx.net> ---
Hello Zeb,
the patch works. Thanks.
--- snip ---
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+loaddll,+module,+ntdll,+virtual wine net
start "Denuvo Anti-Cheat" >>log.txt 2>&1
...
00d0:trace:virtual:map_view got mem in reserved area 0xc80000-0xe04000
00d0:trace:module:map_image mapped PE file at 0xc80000-0xe04000
00d0:trace:module:map_image mapping section .text at 0xc81000 off 600 size
75200 virt 75200 flags 68000020
00d0:trace:module:map_image clearing 0xcf6200 - 0xcf7000
00d0:trace:module:map_image mapping section .rdata at 0xcf7000 off 75800 size
2fa00 virt 30000 flags 48000020
00d0:trace:module:map_image clearing 0xd26a00 - 0xd27000
00d0:trace:module:map_image mapping section .data at 0xd27000 off a5200 size
200 virt 5000 flags c8000020
00d0:trace:module:map_image clearing 0xd27200 - 0xd28000
00d0:trace:module:map_image mapping section .pdata at 0xd2c000 off a5400 size
7800 virt 8000 flags 48000040
00d0:trace:module:map_image clearing 0xd33800 - 0xd34000
00d0:trace:module:map_image mapping section .gfids at 0xd34000 off acc00 size
200 virt 1000 flags 48000020
00d0:trace:module:map_image clearing 0xd34200 - 0xd35000
00d0:trace:module:map_image mapping section PAGE at 0xd35000 off ace00 size 400
virt 400 flags 68000020
00d0:trace:module:map_image clearing 0xd35400 - 0xd36000
00d0:trace:module:map_image mapping section .edata at 0xd36000 off ad200 size
200 virt 1000 flags 48000020
00d0:trace:module:map_image clearing 0xd36200 - 0xd37000
00d0:trace:module:map_image mapping section INIT at 0xd37000 off ad400 size e00
virt e00 flags 68000020
00d0:trace:module:map_image clearing 0xd37e00 - 0xd38000
00d0:trace:module:map_image mapping section .rsrc at 0xd38000 off ae200 size
1a00 virt 2000 flags 48000020
00d0:trace:module:map_image clearing 0xd39a00 - 0xd3a000
00d0:trace:module:map_image mapping section at 0xd3a000 off afc00 size c1a00
virt c1828 flags 68000020
00d0:trace:module:map_image clearing 0xdfba00 - 0xdfc000
00d0:trace:module:map_image mapping section at 0xdfc000 off 171600 size e00
virt c2c flags 48000020
00d0:trace:module:map_image clearing 0xdfce00 - 0xdfd000
00d0:trace:module:map_image mapping section at 0xdfd000 off 172400 size 600
virt 480 flags c8000020
00d0:trace:module:map_image clearing 0xdfd600 - 0xdfe000
00d0:trace:module:map_image mapping section at 0xdfe000 off 172a00 size 800
virt 696 flags 68000020
00d0:trace:module:map_image clearing 0xdfe800 - 0xdff000
00d0:trace:module:map_image mapping section .rdata at 0xdff000 off 173200 size
1400 virt 12d4 flags 48000040
00d0:trace:module:map_image clearing 0xe00400 - 0xe01000
00d0:trace:module:map_image mapping section .rsrc at 0xe01000 off 174600 size
600 virt 4f8 flags 42000040
00d0:trace:module:map_image clearing 0xe01600 - 0xe02000
00d0:trace:module:map_image mapping section .reloc at 0xe02000 off 174c00 size
1c00 virt 1a60 flags 42000040
00d0:trace:module:map_image clearing 0xe03c00 - 0xe04000
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
...
00d0:Call
ntdll.LdrProcessRelocationBlock(00d27000,10000000a,00e03924,fffffffec0c80000)
ret=00236ac4
00d0:Ret ntdll.LdrProcessRelocationBlock() retval=00e03938 ret=00236ac4
00d0:Call KERNEL32.VirtualProtect(00d27000,00001000,00000008,00b5f7c0)
ret=00236ada
00d0:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000008,00b5f7c0)
ret=7b02d008
00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xd27000 00001000
00000008
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008
00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236ada
00d0:Call KERNEL32.VirtualProtect(00d28000,00001000,00000008,00b5f7a0)
ret=00236aed
00d0:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000008,00b5f7a0)
ret=7b02d008
00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xd28000 00001000
00000008
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008
00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236aed
00d0:Call KERNEL32.VirtualProtect(00dfd000,00001000,00000004,00b5f7c0)
ret=00236a80
00d0:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000004,00b5f7c0)
ret=7b02d008
00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xdfd000 00001000
00000004
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008
00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236a80
00d0:Call KERNEL32.VirtualProtect(00dfe000,00001000,00000004,00b5f7a0)
ret=00236a9d
00d0:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000004,00b5f7a0)
ret=7b02d008
00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xdfe000 00001000
00000004
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfefff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008
00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236a9d
00d0:Call
ntdll.LdrProcessRelocationBlock(00dfd000,100000090,00e03940,fffffffec0c80000)
ret=00236ac4
00d0:Ret ntdll.LdrProcessRelocationBlock() retval=00e03a60 ret=00236ac4
00d0:Call KERNEL32.VirtualProtect(00dfd000,00001000,00000008,00b5f7c0)
ret=00236ada
00d0:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000008,00b5f7c0)
ret=7b02d008
00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xdfd000 00001000
00000008
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfefff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008
00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236ada
00d0:Call KERNEL32.VirtualProtect(00dfe000,00001000,00000020,00b5f7a0)
ret=00236aed
00d0:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000020,00b5f7a0)
ret=7b02d008
00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xdfe000 00001000
00000020
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008
00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236aed
00d0:Call KERNEL32.VirtualProtect(00c800d0,00000108,00000004,00b5f7a4)
ret=00236b91
00d0:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000004,00b5f7a4)
ret=7b02d008
00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xc800d0 00000108
00000004
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008
00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236b91
00d0:Call KERNEL32.VirtualProtect(00c800d0,00000108,00000002,00b5f7a4)
ret=00236bb0
00d0:Call
ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000002,00b5f7a4)
ret=7b02d008
00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xc800d0 00000108
00000002
00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image)
00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r--
00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW-
00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x
00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r--
00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008
00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236bb0
00d0:Call
ntdll.RtlImageDirectoryEntryToData(00c80000,00000001,00000001,00b5f7a0)
ret=00236bc8
00d0:Ret ntdll.RtlImageDirectoryEntryToData() retval=00dff61c ret=00236bc8
00d0:Call KERNEL32.LoadLibraryW(00b5f7c0 L"netio.sys") ret=00236928
...
00d0:Call driver init 0000000000C81184
(obj=00000000000FD0D0,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Denuvo
Anti-Cheat")
00d0:Call ntoskrnl.exe.RtlCopyUnicodeString(00d2b988,000fd238) ret=00c810c2
...
00d0:Ret ntoskrnl.exe.RtlCopyUnicodeString() retval=00d2b9c0 ret=00c810c2
...
--- snip ---
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list