PROT_EXEC mmap/mprotect, i386 PAE + NX broken, x86-64 2.6.17-rc2
Alistair John Strachan
s0348365 at sms.ed.ac.uk
Sat Apr 22 08:14:32 CDT 2006
On Saturday 22 April 2006 13:54, Marcus Meissner wrote:
> > > > http://devzero.co.uk/~alistair/wine/virtual.log
> > >
> > > Here is the culprit:
> > >
> > > trace:virtual:VIRTUAL_SetProt 0x462000-0x4e7fff c-rW-
> > > trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x57bfff (anonymous)
> > > trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r--
> > > trace:virtual:VIRTUAL_DumpView 0x401000 - 0x449fff c-r-x
> > > trace:virtual:VIRTUAL_DumpView 0x44a000 - 0x57bfff c-rW-
> > >
> > > This covers the 0x00495000 address. Note that the area lacks the x-bit.
> > >
> > > What is happening is likely the copy protection. The original loader is
> > > likely executable, but the copyprotection decrypts the code in a
> > > datasection and then executes it.
> > Well, I'm using a "modified" game executable which does not check for the
> > presence of a CD. However, it hooks into the original game executable so
> > that the game can validate itself. Alas, it's probably not the more pure
> > win32 application known to man..
> > > Could you please do:
> > > winedump dump -x war3.exe
> > > and put it somewhere/attach it here?
> > Certainly, find it here (261K):
> > http://devzero.co.uk/~alistair/wine/dump.log
> This is the section with the entry point in:
> 04 .iyhivx VirtSize: 548864 VirtAddr: 401408 0x00062000
> raw data offs: 356352 raw data size: 548864
> relocation offs: 0 relocations: 0
> line # offs: 0 line #'s: 0
> characteristics: 0xc0000040
> INITIALIZED_DATA MEM_READ MEM_WRITE
> It is missing the "MEM_EXECUTE" flag.
The patch did the trick. Thanks for taking the time to debug this.
Third year Computer Science undergraduate.
1F2 55 South Clerk Street, Edinburgh, UK.
More information about the wine-devel