PROT_EXEC mmap/mprotect, i386 PAE + NX broken, x86-64 2.6.17-rc2

Marcus Meissner marcus at jet.franken.de
Sat Apr 22 04:09:34 CDT 2006


On Sat, Apr 22, 2006 at 09:43:43AM +0100, Alistair John Strachan wrote:
> On Saturday 22 April 2006 08:38, Marcus Meissner wrote:
> [snip]
> > Well, in your case it seems to be the main executable, since it faults
> > at its very first instruction.
> 
> Maybe I'm just misunderstanding what you're saying here, but the problem is 
> _not_ with the application I am attempting to run. It works flawlessly with 
> an x86-64 kernel with noexec32=off, or 2.6.14.7 (where this is the default).

It is a WINE problem :)
 
> > > [alistair] 11:17 [~/.wine/drive_c/Program Files/Warcraft III] wine
> > > war3.exe -opengl wine: Unhandled page fault on write access to 0x00495000
> > > at address 0x495000 (thread 0009), starting debugger...
> > >
> > > =>1 0x00495000 EntryPoint in war3 (0x00495000)
> > >   2 0xf7f763ab wine_switch_to_stack+0x17 in libwine.so.1 (0xf7f763ab)
> > > 0x00495000 EntryPoint in war3: pushl    %eax
> >
> > Please run with:
> > 	WINEDEBUG=+virtual wine war3.exe -opengl
> > And look for the virtual entries in the vicinity of 495000.
> Can't see anything obvious. Here's the entire trace:
> http://devzero.co.uk/~alistair/wine/virtual.log

Here is the culprit:

trace:virtual:VIRTUAL_SetProt 0x462000-0x4e7fff c-rW-
trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x57bfff (anonymous)
trace:virtual:VIRTUAL_DumpView       0x400000 - 0x400fff c-r--
trace:virtual:VIRTUAL_DumpView       0x401000 - 0x449fff c-r-x
trace:virtual:VIRTUAL_DumpView       0x44a000 - 0x57bfff c-rW-

This covers the 0x00495000 address. Note that the area lacks the x-bit.

What is happening is likely the copy protection. The original loader is
likely executable, but the copyprotection decrypts the code in a datasection
and then executes it.

Could you please do:
	winedump dump -x war3.exe
and put it somewhere/attach it here?

Ciao, Marcus



More information about the wine-devel mailing list