[Bug 46969] Multiple 64-bit WDM kernel drivers want Windows 8+ 'ntdll.RtlQueryRegistryValuesEx' (WIBUKEY, Denuvo Anti-Cheat)

WineHQ Bugzilla wine-bugs at winehq.org
Fri May 22 17:50:52 CDT 2020 

https://bugs.winehq.org/show_bug.cgi?id=46969

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Multiple 64-bit WDM kernel  |Multiple 64-bit WDM kernel
                   |drivers want Windows 8+     |drivers want Windows 8+
                   |'ntdll.RtlQueryRegistryValu |'ntdll.RtlQueryRegistryValu
                   |esEx' (WIBUKEY)             |esEx' (WIBUKEY, Denuvo
                   |                            |Anti-Cheat)

--- Comment #3 from Anastasius Focht <focht at gmx.net> ---
Hello folks,

revisiting, still present. Denuvo Anti-Cheat 'denuvo-anti-cheat.sys' also wants
this. Continuation from bug 49224 (split out from bug 49194).

Same as with the drivers already listed here: RtlQueryRegistryValues() fallback
will be used in case this Windows 8+ API function is not present.

--- snip ---
$ WINEDEBUG=+seh,+relay,+int,+ntoskrnl,+ntdll,+reg wine net start "Denuvo
Anti-Cheat" >>log.txt 2>&1
...
00d0:Call ntoskrnl.exe.MmGetSystemRoutineAddress(00b5edf0) ret=00c85092
...
00d0:fixme:ntoskrnl:MmGetSystemRoutineAddress L"RtlQueryRegistryValuesEx" not
found
00d0:Ret  ntoskrnl.exe.MmGetSystemRoutineAddress() retval=00000000 ret=00c85092
00d0:Call
ntoskrnl.exe.RtlQueryRegistryValues(00000004,00cfab48,00b5ee10,00b5eda8,00000000)
ret=00c850b9
00d0:Call
ntdll.RtlQueryRegistryValues(00000004,00cfab48,00b5ee10,00b5eda8,00000000)
ret=7bca112f
00d0:trace:reg:RtlQueryRegistryValues (4, L"VIDEO", 0xb5ee10, 0xb5eda8, (nil))
00d0:trace:reg:open_key
((nil),L"\\Registry\\Machine\\Hardware\\DeviceMap\\VIDEO",f003f,0xb5ea68)
00d0:trace:reg:open_key <- 0x50
00d0:trace:reg:NtQueryValueKey (0x50,L"MaxObjectNumber",1,(nil),0)
00d0:Ret  ntdll.RtlQueryRegistryValues() retval=00000000 ret=7bca112f
00d0:Ret  ntoskrnl.exe.RtlQueryRegistryValues() retval=00000000 ret=00c850b9
... 
--- snip ---

$ wine --version
wine-5.9

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list