https://bugs.winehq.org/show_bug.cgi?id=45998 Bug ID: 45998 Summary: 64-bit FACEIT Anti-cheat client claims "Your system is out of date, you are missing important Windows updates!" (needs 'wintrust.CryptCATAdminAcquireContext2' stub) Product: Wine Version: 3.18 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: wintrust Assignee: wine-bugs(a)winehq.org Reporter: focht(a)gmx.net Distribution: --- Hello folks, as it says. Download: https://anticheat-client.faceit.com/FACEITInstaller_64.exe --- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/FACEIT AC $ WINEDEBUG=+seh,+relay wine ./faceitclient.exe >>log.txt 2>&1 ... 002c:Call KERNEL32.LoadLibraryA(141215440 "wintrust.dll") ret=1400b1653 002c:Ret KERNEL32.LoadLibraryA() retval=7fd071b90000 ret=1400b1653 002c:Call KERNEL32.GetProcAddress(7fd071b90000,141215450 "CryptCATAdminAcquireContext2") ret=1400b1670 002c:Ret KERNEL32.GetProcAddress() retval=00000000 ret=1400b1670 002c:Call KERNEL32.FreeLibrary(7fd071b90000) ret=1400b167c 002c:Ret KERNEL32.FreeLibrary() retval=00000001 ret=1400b167c 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000050) ret=1411adc3c 002c:Ret ntdll.RtlAllocateHeap() retval=000b09e0 ret=1411adc3c 002c:Call user32.MessageBoxA(00000000,000b09e0 "Your system is out of date, you are missing important Windows updates!",00000000,00000010) ret=1400edd5d ... --- snip --- Microsoft Docs: https://docs.microsoft.com/en-us/windows/desktop/api/mscat/nf-mscat-cryptcat... --- quote --- The CryptCATAdminAcquireContext2 function acquires a handle to a catalog administrator context for a given hash algorithm and hash policy. You can use this handle in subsequent calls to the following functions: CryptCATAdminAddCatalog CryptCATAdminEnumCatalogFromHash CryptCATAdminRemoveCatalog This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Wintrust.dll. Syntax BOOL CryptCATAdminAcquireContext2( HCATADMIN *phCatAdmin, const GUID *pgSubsystem, PCWSTR pwszHashAlgorithm, PCCERT_STRONG_SIGN_PARA pStrongHashPolicy, DWORD dwFlags ); --- quote --- It's Windows 8+ API. With a FIXME stub that prints parameters, returning FALSE: --- snip --- ... 0064:Call KERNEL32.LoadLibraryA(141215440 "wintrust.dll") ret=1400b1653 0064:Ret KERNEL32.LoadLibraryA() retval=7f9b71860000 ret=1400b1653 0064:Call KERNEL32.GetProcAddress(7f9b71860000,141215450 "CryptCATAdminAcquireContext2") ret=1400b1670 0064:Ret KERNEL32.GetProcAddress() retval=7f9b718680d0 ret=1400b1670 0064:Call KERNEL32.FreeLibrary(7f9b71860000) ret=1400b167c 0064:Ret KERNEL32.FreeLibrary() retval=00000001 ret=1400b167c --- snip --- I didn't see any call to the stub, so one might get away even with auto-generated unimplemented stub. The client executable has some anti-debug trickery and custom obfuscation scheme. Crashes later due to other insufficiencies though. $ sha1sum FACEITInstaller_64.exe ed8f8c2f6ec2d113bed882faa9d8b8a7a3b56a3c FACEITInstaller_64.exe $ du -sh FACEITInstaller_64.exe 85M FACEITInstaller_64.exe $ wine --version wine-3.18 Regards -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.