[Bug 47864] New: a program called fg768.exe(free gate) crashed
https://bugs.winehq.org/show_bug.cgi?id=47864 Bug ID: 47864 Summary: a program called fg768.exe(free gate) crashed Product: Wine Version: unspecified Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: awolf0412(a)qq.com Distribution: --- Created attachment 65369 --> https://bugs.winehq.org/attachment.cgi?id=65369 backtrace fg768 is a program to help with anti-sensorship -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=47864 cms42 <awolf0412(a)qq.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |awolf0412(a)qq.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=47864 Louis Lenders <xerox.xerox2000x(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |xerox.xerox2000x(a)gmail.com --- Comment #1 from Louis Lenders <xerox.xerox2000x(a)gmail.com> --- Hi, is this the program https://www.techspot.com/downloads/6243-freegate.html ? if so: It seems to check for function pointers for RtlAllocateHeap and RtlReAllocateHeap in kernel32. I know they are in ntdll, i don`t know if they are in kernel32. If you add the entries in kernel32.spec (and fornward to ntdll) the program doesn`t crash , but consumes a lot of cpu and nothing really happens. Don`t know really what it`s doing, is it supposed to show a GUI? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=47864 Fabian Maurer <dark.shadow4(a)web.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4(a)web.de --- Comment #2 from Fabian Maurer <dark.shadow4(a)web.de> --- Yeah, it's a GUI program. I tested on my Win7 VM. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=47864 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://www.techspot.com/do | |wnloads/6243-freegate.html Keywords| |download -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=47864 --- Comment #3 from Louis Lenders <xerox.xerox2000x(a)gmail.com> --- Created attachment 65372 --> https://bugs.winehq.org/attachment.cgi?id=65372 patch This attached patch allows me start the program. It looks as if there`s a typo in the code for IsWow64Process but i wonder how that would get in, can anyone who understands the code better explain the double !! ?? or confirm it`s indeed a typo -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=47864 --- Comment #4 from Nikolay Sivov <bunglehead(a)gmail.com> --- It's not a typo, non-zero value means wow64. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=47864 Louis Lenders <xerox.xerox2000x(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever confirmed|0 |1 --- Comment #5 from Louis Lenders <xerox.xerox2000x(a)gmail.com> --- (In reply to Nikolay Sivov from comment #4)
It's not a typo, non-zero value means wow64.
Yeah i see, after better look then this morning , and also I checked that the spec entries for Rtl{Re}AllocateHeap are _not_ present in windows kernel32. So funnily enough i have now two obviously wrong hacks that make the program start ;) Mystery, maybe program is obfuscated, this needs expert to look into. Here`s first crash: 0009:Call KERNEL32.GetModuleHandleA(00b257e0 "kernel32.dll") ret=00ccc871 . . 0009:Ret KERNEL32.GetModuleHandleA() retval=7b420000 ret=00ccc871 . 0009:Call KERNEL32.GetProcAddress(7b420000,7b6705a0 "RtlAllocateHeap") ret=00c5e64c 0009:Ret KERNEL32.GetProcAddress() retval=00000000 ret=00c5e64c 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0xc82155 ip=00c82155 tid=0009 . wine: Unhandled page fault on read access to 0x00000000 at address 00C82155 (thread 0009), starting debugger... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=47864 Louis Lenders <xerox.xerox2000x(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |doitsexy(a)163.com --- Comment #6 from Louis Lenders <xerox.xerox2000x(a)gmail.com> --- *** Bug 47572 has been marked as a duplicate of this bug. *** -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla