PROT_EXEC mmap/mprotect, i386 PAE + NX broken, x86-64 2.6.17-rc2
Jesse Allen
the3dfxdude at gmail.com
Sat Apr 22 12:17:11 CDT 2006
On 4/22/06, Alistair John Strachan <s0348365 at sms.ed.ac.uk> wrote:
> On Saturday 22 April 2006 10:09, Marcus Meissner wrote:
> > Here is the culprit:
> >
> > trace:virtual:VIRTUAL_SetProt 0x462000-0x4e7fff c-rW-
> > trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x57bfff (anonymous)
> > trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r--
> > trace:virtual:VIRTUAL_DumpView 0x401000 - 0x449fff c-r-x
> > trace:virtual:VIRTUAL_DumpView 0x44a000 - 0x57bfff c-rW-
> >
> > This covers the 0x00495000 address. Note that the area lacks the x-bit.
> >
> > What is happening is likely the copy protection. The original loader is
> > likely executable, but the copyprotection decrypts the code in a
> > datasection and then executes it.
>
> Well, I'm using a "modified" game executable which does not check for the
> presence of a CD. However, it hooks into the original game executable so that
> the game can validate itself. Alas, it's probably not the more pure win32
> application known to man..
>
Do you mean you're using a loader? Please try to recreate without the
loader. Loaders are known to be buggy -- even on x86 architechure.
Jesse
More information about the wine-devel
mailing list