[Bug 49946] New: Themida-packed application crashing on multi-hop import forward

WineHQ Bugzilla wine-bugs at winehq.org
Mon Oct 5 12:27:06 CDT 2020 

https://bugs.winehq.org/show_bug.cgi?id=49946

            Bug ID: 49946
           Summary: Themida-packed application crashing on multi-hop
                    import forward
           Product: Wine
           Version: 5.18
          Hardware: x86
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: oleaut32
          Assignee: wine-bugs at winehq.org
          Reporter: heisenberg at croosade.com
   Regression SHA1: f26b1f0392714891bbd8c603de072818cc65e45f
      Distribution: ArchLinux

I'm dealing with a packed application that imports functions from oleaut32.dll.
Specifically, it uses GetErrorInfo and SetErrorInfo.

In the commit mentioned in this issue, SetErrorInfo was moved from ole32.dll
into combase.dll. This is fine, because Microsoft did the same in NT 6. However
Wine now has the situation that we have a forward chain of
oleaut32.SetErrorInfo -> ole32.SetErrorInfo -> combase.SetErrorInfo. I believe
the packer that was applied to the application I'm trying to run cannot deal
with this situation. The first hop goes fine, however for the next one, the
actual function address is not resolved. It ends up literally jumping into the
"combase.SetErrorInfo" string, which of course causes the program to crash
unrecoverably.

The application was running fine up until Wine 5.15. Wine 5.16 was the first
version that incorporated the function move commits, and I've been experiencing
this crash ever since.

As a workaround, I tried recompiling oleaut32 with the forwards in
oleaut32.spec replaced to directly point to combase instead of hopping through
ole32 first. This immediately fixed the crash. Apart from SetErrorInfo this
should also affect GetErrorInfo and CreateErrorInfo since they have the same
chain now. I'm not submitting a patch because I'm not sure if simply changing
them this way may have other side effects.

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list