[Bug 45194] Painkiller (Dreamcatcher original, Multiplayer demo, GOG.com Black Edition 1.64) crashes at start on systems with high uptime (overflow in game engine time calculation)
WineHQ Bugzilla
wine-bugs at winehq.org
Fri Feb 26 08:20:58 CST 2021
https://bugs.winehq.org/show_bug.cgi?id=45194
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Painkiller Multiplayer demo |Painkiller (Dreamcatcher
|(Dreamcatcher) 1.0 crashes |original, Multiplayer demo,
|at start (overflow in game |GOG.com Black Edition 1.64)
|engine time calculation) |crashes at start on systems
| |with high uptime (overflow
| |in game engine time
| |calculation)
--- Comment #28 from Anastasius Focht <focht at gmx.net> ---
Hello Henri,
--- quote ---
I can confirm that this bug is also present in the full version (GOG, single
player, did not test multiplayer),
--- quote ---
The GOG release is mentioned as "Black Edition" here:
https://www.gog.com/game/painkiller
It seems the latest official version of the game is 1.64, according to this
comment:
https://www.gog.com/forum/painkiller_series/installing_mega_patch_and_unofficial_165
--- quote ---
I have not played Painkiller for a long time but I have decided to play it
again, with unofficial 1.65 patch, everything was fine until the City on Water
level, where it breaked the game for me. I can not proceed to fountain area, as
3 monster do not spawn so the game does not open the door to the next area. I
do not know if anyone else experiencied this, just saying, I was forced to
return to original 1.64 version of game.
Win10, GOG Black Edition of the game.
--- quote ---
WineHQ appdb
https://appdb.winehq.org/objectManager.php?sClass=version&iId=16200
"Painkiller: Black Edition 1.64 (GOG)"
====
The original 'engine.dll' from the multiplayer demo in this bug report:
--- snip ---
$ ll Engine.dll
-rw-rw-r--. 1 focht focht 4173824 Jul 12 2004 Engine.dll
$ sha1sum Engine.dll
3f3c5d744613cfa684ab2934b9d1ca86f55dc01c Engine.dll
--- snip ---
Protection ID scan:
--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> C:\Program Files
(x86)\DreamCatcher\PainkillerMultiplayerDemo\Bin\Engine.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 4173824 (03FB000h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x40F2B47A -> Mon 12th Jul 2004 15:55:38 (GMT)
[TimeStamp] 0x40F2B47A -> Mon 12th Jul 2004 15:55:38 (GMT) | PE Header | - |
Offset: 0x00000120 | VA: 0x10000120 | -
[TimeStamp] 0x40F2B479 -> Mon 12th Jul 2004 15:55:37 (GMT) | Export | - |
Offset: 0x00388644 | VA: 0x10388644 | -
[TimeStamp] 0x40F2B47A -> Mon 12th Jul 2004 15:55:38 (GMT) | DebugDirectory | -
| Offset: 0x00278494 | VA: 0x10278494 | -
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000100000000000000000100000000 (0x04000100)
[Entrypoint Section Entropy] : 6.59 (section #0) ".text " | Size : 0x276A45
(2583109) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 5 (0x5) | ImageSize 0x4C4C000 (80003072) byte(s)
[Export] 98% of function(s) (2707 of 2759) are in file | 0 are forwarded | 2613
code | 146 data | 0 uninit data | 0 unknown |
[ModuleReport] [IAT] Modules -> DINPUT8.dll | WS2_32.dll | mss32.dll |
WINMM.dll | binkw32.dll | KERNEL32.dll | USER32.dll | ADVAPI32.dll |
SHELL32.dll | ole32.dll
[Debug Info] (record 1 of 1) (file offset 0x278490)
Characteristics : 0x0 | TimeDateStamp : 0x40F2B47A (Mon 12th Jul 2004 15:55:38
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x50 (80)
AddressOfRawData : 0x37085C | PointerToRawData : 0x37085C
CvSig : 0x53445352 | SigGuid 889426AE-8628-48B4-BA86829EC7AD5718
Age : 0x1 (1) | Pdb : c:\painkiller\Game\Bin\ObjectsRelease\Engine\Engine.pdb
[CdKeySerial] found "CDKey" @ VA: 0x0027C6F0 / Offset: 0x0027C6F0
[CdKeySerial] found "CDKey" @ VA: 0x0027C6FB / Offset: 0x0027C6FB
[CdKeySerial] found "CDKey" @ VA: 0x0027D3A8 / Offset: 0x0027D3A8
[CdKeySerial] found "Invalid code" @ VA: 0x002A21BC / Offset: 0x002A21BC
[CdKeySerial] found "CDKey" @ VA: 0x003A0605 / Offset: 0x003A0605
[CdKeySerial] found "CDKey" @ VA: 0x003A490C / Offset: 0x003A490C
[CdKeySerial] found "CDKey" @ VA: 0x003A49D2 / Offset: 0x003A49D2
[CdKeySerial] found "CDKey" @ VA: 0x003A8F9F / Offset: 0x003A8F9F
[CdKeySerial] found "CDKey" @ VA: 0x003A9227 / Offset: 0x003A9227
[CompilerDetect] -> Visual C++ 7.1 (Visual Studio 2003)
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 1.828 Second(s) [000000494h (1172) tick(s)] [246 of 580 scan(s)
done]
--- snip ---
====
Unofficial Patch v1.65 for Painkiller
http://pkzone.org/unofficial-patch-v1-65/
--- snip ---
$ ll Engine.dll
-rw-rw-r--. 1 focht focht 4440064 Feb 17 2005 Engine.dll
$ sha1sum Engine.dll
e124d3bbd364e060e019201c1154a83c6a9d027f Engine.dll
--- snip ---
Although the engine dll seems newer/updated, the code in the function didn't
change (potential overflow still present):
--- snip ---
10001450 | sub esp,8 |
10001453 | fld st(0),qword ptr ds:[102AE578] |
10001459 | sub esp,8 |
1000145C | fdiv st(0),qword ptr ds:[ecx+50] |
1000145F | fstp qword ptr ss:[esp],st(0) |
10001462 | call engine.10286760 | floor()
10001467 | fnstcw word ptr ss:[esp+8] |
1000146B | movzx eax,word ptr ss:[esp+8] |
10001470 | add esp,8 |
10001473 | or ah,C |
10001476 | mov dword ptr ss:[esp+4],eax |
1000147A | fldcw word ptr ss:[esp+4] |
1000147E | fistp dword ptr ss:[esp+4],st(0) |
10001482 | mov eax,dword ptr ss:[esp+4] |
10001486 | mov dword ptr ss:[esp+4],eax |
1000148A | fldcw word ptr ss:[esp] |
1000148D | xor eax,eax |
1000148F | xor edx,edx |
10001491 | rdtsc |
10001493 | div dword ptr ss:[esp+4] |
10001497 | mov dword ptr ss:[esp],eax |
1000149A | mov eax,dword ptr ss:[esp] |
1000149D | add esp,8 |
100014A0 | ret |
--- snip ---
--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Scanning -> C:\Program Files
(x86)\DreamCatcher\PainkillerMultiplayerDemo\Bin\Painkiller.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 1474560 (0168000h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x4214B256 -> Thu 17th Feb 2005 15:03:50 (GMT)
[TimeStamp] 0x4214B256 -> Thu 17th Feb 2005 15:03:50 (GMT) | PE Header | - |
Offset: 0x00000120 | VA: 0x00400120 | -
[TimeStamp] 0x4214B256 -> Thu 17th Feb 2005 15:03:50 (GMT) | DebugDirectory | -
| Offset: 0x0006E904 | VA: 0x0046E904 | -
[LoadConfig] Struct determined as v2 (Expected size 72 | Actual size 72)
[!] Executable uses SEH Tables (/SAFESEH) (388 calculated 388 recorded... 0
invalid addresses)
[File Heuristics] -> Flag #1 : 00000100000000000000000000000000 (0x04000000)
[Entrypoint Section Entropy] : 6.51 (section #0) ".text " | Size : 0x6C9F6
(444918) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 5 (0x5) | ImageSize 0x16D000 (1495040) byte(s)
[VersionInfo] Company Name : People Can Fly
[VersionInfo] Product Name : Painkiller
[VersionInfo] Product Version : 1.0.0.0
[VersionInfo] File Description : Painkiller
[VersionInfo] File Version : 0.0.1.5
[VersionInfo] Original FileName : PainGame.exe
[VersionInfo] Internal Name : PainGame.exe
[VersionInfo] Legal Copyrights : (c) People Can Fly. All rights reserved.
[ModuleReport] [IAT] Modules -> Engine.dll | KERNEL32.dll | USER32.dll |
GDI32.dll | comdlg32.dll | WINSPOOL.DRV | ADVAPI32.dll | SHELL32.dll |
COMCTL32.dll | SHLWAPI.dll | ole32.dll | OLEAUT32.dll | WS2_32.dll | WINMM.dll
| oledlg.dll
[ModuleReport] [DelayImport] Modules -> OLEACC.dll
[Debug Info] (record 1 of 1) (file offset 0x6E900)
Characteristics : 0x0 | TimeDateStamp : 0x4214B256 (Thu 17th Feb 2005 15:03:50
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x58 (88)
AddressOfRawData : 0x81D00 | PointerToRawData : 0x81D00
CvSig : 0x53445352 | SigGuid 87465267-0864-4DB7-AC389EC65DF46F2A
Age : 0x3 (3) | Pdb :
w:\Painkiller\Game\Bin\ObjectsRelease\PainEditor\PainEditor.pdb
[CompilerDetect] -> Visual C++ 7.1 (Visual Studio 2003)
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.925 Second(s) [00000039Dh (925) tick(s)] [506 of 580 scan(s)
done]
Scanning -> C:\Program Files
(x86)\DreamCatcher\PainkillerMultiplayerDemo\Bin\Engine.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 4440064 (043C000h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x4214B251 -> Thu 17th Feb 2005 15:03:45 (GMT)
[TimeStamp] 0x4214B251 -> Thu 17th Feb 2005 15:03:45 (GMT) | PE Header | - |
Offset: 0x00000118 | VA: 0x10000118 | -
[TimeStamp] 0x4214B250 -> Thu 17th Feb 2005 15:03:44 (GMT) | Export | - |
Offset: 0x003C2504 | VA: 0x103C2504 | -
[TimeStamp] 0x4214B251 -> Thu 17th Feb 2005 15:03:45 (GMT) | DebugDirectory | -
| Offset: 0x002AE4D4 | VA: 0x102AE4D4 | -
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000100000000000000000100000000 (0x04000100)
[Entrypoint Section Entropy] : 6.58 (section #0) ".text " | Size : 0x2ACD75
(2805109) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 5 (0x5) | ImageSize 0x5045000 (84168704) byte(s)
[Export] 98% of function(s) (2813 of 2867) are in file | 0 are forwarded | 2718
code | 149 data | 0 uninit data | 0 unknown |
[ModuleReport] [IAT] Modules -> DINPUT8.dll | WS2_32.dll | mss32.dll |
WINMM.dll | binkw32.dll | KERNEL32.dll | USER32.dll | ADVAPI32.dll |
SHELL32.dll | ole32.dll
[Debug Info] (record 1 of 1) (file offset 0x2AE4D0)
Characteristics : 0x0 | TimeDateStamp : 0x4214B251 (Thu 17th Feb 2005 15:03:45
(GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x50 (80)
AddressOfRawData : 0x3A8D7C | PointerToRawData : 0x3A8D7C
CvSig : 0x53445352 | SigGuid BEC5D164-2B0A-4A0E-A6B5DAE9643DCDA6
Age : 0x3 (3) | Pdb : w:\Painkiller\Game\Bin\ObjectsRelease\Engine\Engine.pdb
[CdKeySerial] found "CDKey" @ VA: 0x002B2D14 / Offset: 0x002B2D14
[CdKeySerial] found "CDKey" @ VA: 0x002B2D1F / Offset: 0x002B2D1F
[CdKeySerial] found "CDKey" @ VA: 0x002B39D0 / Offset: 0x002B39D0
[CdKeySerial] found "Invalid code" @ VA: 0x002DA6DC / Offset: 0x002DA6DC
[CdKeySerial] found "CDKey" @ VA: 0x003D9784 / Offset: 0x003D9784
[CdKeySerial] found "CDKey" @ VA: 0x003DB9CF / Offset: 0x003DB9CF
[CdKeySerial] found "CDKey" @ VA: 0x003DFB7C / Offset: 0x003DFB7C
[CdKeySerial] found "CDKey" @ VA: 0x003E4398 / Offset: 0x003E4398
[CdKeySerial] found "CDKey" @ VA: 0x003E4623 / Offset: 0x003E4623
[CompilerDetect] -> Visual C++ 7.1 (Visual Studio 2003)
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 1.757 Second(s) [0000004DBh (1243) tick(s)] [246 of 580 scan(s)
done]
--- snip ---
Unofficial Patch v1.66 for Painkiller
https://www.moddb.com/mods/painkiller-black-edition-unofficial-patch-166/downloads/pkbe-unofficial-166
I've checked the v1.66 patch 'engine.dll' and it's identical to v1.65 patch.
GOG.com and/or the original publisher Dreamcatcher were apparently never made
aware of the problem. They probably wouldn't do anything as the effort to fix
the problem and provide an updated version is not worth the cost. Only a
negligible number of users encountered this problem and an easy workaround
exists.
I've updated the summary again. Thanks for the information on the GOG version.
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list