[Bug 49111] ELWAVE 9.2 demo installer (protected with Themida) crashes on start (CPU with User-Mode Instruction Prevention feature enabled)

WineHQ Bugzilla wine-bugs at winehq.org
Fri Jan 1 11:17:38 CST 2021 

https://bugs.winehq.org/show_bug.cgi?id=49111

Anastasius Focht <focht at gmx.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |focht at gmx.net
            Summary|ELWAVE Demo installer       |ELWAVE 9.2 demo installer
                   |crashes on start            |(protected with Themida)
                   |                            |crashes on start (CPU with
                   |                            |User-Mode Instruction
                   |                            |Prevention feature enabled)
           Keywords|                            |Installer, obfuscation

--- Comment #2 from Anastasius Focht <focht at gmx.net> ---
Hello Fabian,

are you sure this isn't a dupe of bug 49112 or the other way around?

--- snip ---
=>0 0x00663057 EntryPoint+0xffffffff() in elwave92ddemosetup (0xf4185014)
0x00663057 EntryPoint+0xffffffff in elwave92ddemosetup: sldt    0x0(%esp)
--- snip ---

I have an old 4th gen Intel Core i7 (Haswell) so I can't reproduce this anyway
;-)

Protection ID scan:

--- snip ---
-=[ ProtectionID v0.6.9.0 DECEMBER]=-
(c) 2003-2017 CDKiLLER & TippeX
Build 24/12/17-21:05:42
Ready...
Scanning -> Z:\home\focht\Downloads\ELWAVE92dDemoSetup.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 51196120 (030D30D8h)
Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x4BA39957 -> Fri 19th Mar 2010 15:33:43 (GMT)
[TimeStamp] 0x4BA39957 -> Fri 19th Mar 2010 15:33:43 (GMT) | PE Header | - |
Offset: 0x000000F0 | VA: 0x004000F0 | -
-> File Appears to be Digitally Signed @ Offset 030D1E08h, size : 012D0h /
04816 byte(s)
-> File has 46928392 (02CC1208h) bytes of appended data starting at offset
0410C00h
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset
0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558
(4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000000000001001100000000110111 (0x0004C037)
[Entrypoint Section Entropy] : 1.82 (section #5) "jzccmqax" | Size : 0x200
(512) byte(s)
[DllCharacteristics] -> Flag : (0x8000) -> TSA
[SectionCount] 6 (0x6) | ImageSize 0xB08000 (11567104) byte(s)
[ModuleReport] [IAT] Modules -> kernel32.dll | comctl32.dll
[!] Themida v2.0.1.0 - v2.1.8.0 (or newer) detected !
[i] Hide PE Scanner Option used
- Scan Took : 1.940 Second(s) [000000424h (1060) tick(s)] [566 of 580 scan(s)
done]
--- snip ---

$ sha1sum ELWAVE92dDemoSetup.exe 
58ecb98128567f3f10e25a25e0cb95450a867d49  ELWAVE92dDemoSetup.exe

$ du -sh ELWAVE92dDemoSetup.exe 
49M    ELWAVE92dDemoSetup.exe

$ wine --version
wine-6.0-rc4

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list