http://bugs.winehq.org/show_bug.cgi?id=7923
------- Additional Comments From focht@gmx.net 2007-04-04 11:06 ------- Hello,
i had a look at it ... bad news ... its called "themida".
That game is protected by this advanced engine which implements various user and kernel level modifications to prevent debuggers and other tools from work. The exceptions as seen in wine trace come from various usermode debugging tricks, like int 0x1/0x3 (replaces to prevent hw and sw (0xCC type) breakpoints). Further int 0xE and int 0xB are hooked at system level (prevents memory type bp) Some SST entries too (ZwAllocateVirtualMemory, ZwCreateThread, ZwDebugContinue, ZwQueryVirtualMemory and more..) - additonally it puts up various stuff which makes sure no one modifies IDT and SST at ring0.
Simplified: it works just like a rootkit.
Though there exist some older manual unpacking tutorials to restore IAT and OEP which are very time consuming (no guarantee of success), the newer engines are suspected to employ some kind of virtual machine (this stuff seems to become more popular lately in newer PE protectors).
In short: it's beyond the scope of wine. If you really want to play that game, i suggest to use dual boot or vmware.
Regards