"Incompatible Systemanalyzer detected"
Mike Hearn
mike at navi.cx
Sat Sep 4 11:22:09 CDT 2004
On Sat, 04 Sep 2004 17:23:47 +0200, Uwe Bonnes wrote:
> Call kernel32.GetModuleHandleA(0040a572 "Kernel32.dll")
> Ret kernel32.GetModuleHandleA() retval=40450000
> Call kernel32.GetProcAddress(40450000,0040a57f "LoadLibraryA")
> Ret kernel32.GetProcAddress() retval=40517bd0 ret=0040a60b
>
> and immediate hits an exception, which is handled:
>
> trace:seh:EXC_RtlRaiseException code=c0000005 flags=0 addr=0x4123a1
0x0040a60b and 0x004123a1 are some way apart so I wouldn't say it's
immediate.
> Similar failure on the net also come up with an additional message:
> "Kernel32 call does not point into Kernel32.dll"
I suspect it's checking for a redirection of LoadLibrary to shim code by
checking if the returned address of the call is within the boundaries
described by the PE headers of kernel32.dll
Random guess: winebuild outputs 0 and 0 for SizeOfCode and BaseOfCode,
maybe it's taking the address from GetProcAddress, casting the return of
GetModuleHandleA to an IMAGE_NT_HEADERS structure then saying
if (( address_of_loadlibrary < headers->BaseOfCode + headers->SizeOfCode )
|| address_of_loadlibrary > headers->BaseOfCode + headers->SizeOfCode )
{
MessageBox("Incompatible SystemAnalyzer detected");
}
Not sure how you could verify this except by disassembling the app though.
thanks -mike
More information about the wine-devel
mailing list