https://bugs.winehq.org/show_bug.cgi?id=18119 Anastasius Focht <focht(a)gmx.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation CC| |focht(a)gmx.net Summary|SmartDraw aborts after |SmartDraw 2009/2010/CI |displaying trial window |aborts after displaying | |trial window --- Comment #5 from Anastasius Focht <focht(a)gmx.net> --- Hello folks, confirming. The latest version from the website, 'SmartDraw CI' is infested with some intrusive DRM scheme. --- snip --- -=[ ProtectionID v0.6.5.5 OCTOBER]=- (c) 2003-2013 CDKiLLER & TippeX Build 31/10/13-21:09:09 Scanning -> Z:\home\focht\.wine\drive_c\SmartDraw CI\SmartDraw.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 6050784 (05C53E0h) Byte(s) -> File Appears to be Digitally Signed @ Offset 05C3A00h, size : 01960h / 06496 byte(s) -> File has 1928832 (01D6E80h) bytes of appended data starting at offset 03ECC00h [File Heuristics] -> Flag : 00000000000001001100001000100111 (0x0004C227) [Entrypoint Section Entropy] : 5.88 [!] LiCENSE - CrypKey Instant v7.x Wrapperdetected ! [CompilerDetect] -> Visual C++ 9.0 (Visual Studio 2008) - Scan Took : 0.346 Second(s) [00000015Ah tick(s)] [533 scan(s) done] --- snip --- When you run the trial, a second process is started which "protects" the first process by acting as debugger. Besides standard anti-debugging measures, some 'Nanomite' mechanism is used to decrypt pages on the fly (first employed by Armadillo DRM scheme). Fortunately I found older SmartDraw 2010 demo here: http://download.cnet.com/SmartDraw-2009/3000-2075_4-10898880.html This version has less intrusive anti-debugging checks which can be bypassed quickly (only 'IsDebuggerPresent' and 'NtQueryInformationProcess' 'DebugPort' info class). --- snip --- ... 0023:Call PE DLL (proc=0x2cd50b9,module=0x2c90000 L"SDC.dll",reason=PROCESS_ATTACH,res=(nil)) ... 0023:Call user32.CreatePopupMenu() ret=02c9bbc7 0023:trace:menu:CreateMenu return 0x10152 0023:Ret user32.CreatePopupMenu() retval=00010152 ret=02c9bbc7 ... 0023:Call user32.AppendMenuA(00010152,00000110,000075cd,02d39b20) ret=02c9ce48 0023:trace:menu:InsertMenuW hMenu 0x10152, pos -1, flags 00000510, id 75cd, str 0x2d39b20 (not a string) 0023:trace:menu:MENU_InsertItem inserting at 0 flags 510 0023:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common from: { ID=0x0 } 0023:warn:menu:MENU_GetMenu other process menu 0x75cd? 0023:trace:menu:RemoveMenu (menu=0x10152 pos=ffffffff flags=0510) 0023:Ret user32.AppendMenuA() retval=00000000 ret=02c9ce48 ... 0023:Call user32.DestroyMenu(00010152) ret=02cbc110 0023:Ret user32.DestroyMenu() retval=00000001 ret=02cbc110 ... 0023:Call user32.MessageBoxA(000200e2,00cad248 "Unable to load SmartDraw. Perhaps too many instances are open.",00cad140 "SmartDraw",00002030) ret=0045310c --- snip --- After some debugging I came to conclusion that id '0x75cd' is _not_ a menu handle but some menu item id. Unlike the other popup menus, this popup menu is created through some helper dll call -> SDC.SDC_CreateSDMenuFromBIN() (internal resource called 'PROPERTIESMENU'). The parent is a popup menu, created through 'CreatePopupMenu'. This is either an application bug with 'MF_POPUP' flag being passed on this menu item ('MF_OWNERDRAW | MF_POPUP') or valid code and MSDN is incorrect (wouldn't be the first time). I made a quick hack, not interpreting this item as menu handle and it allowed 'SmartDraw 2010' to start. This also allows 'SmartDraw CI' (infested with intrusive DRM scheme) to start - although it takes quite long. I suggest add such cases to existing user32/menu test suite to figure out how Windows behaves. $ sha1sum smartdraw_setup_CNET.exe 5b5e15d4204bb6c43aabbe4c15f62ec7b7300aaa smartdraw_setup_CNET.exe $ du -sh smartdraw_setup_CNET.exe 24M smartdraw_setup_CNET.exe $ wine --version wine-1.7.16-199-ga6e53ea Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.