https://bugs.winehq.org/show_bug.cgi?id=48268
Paul Gofman gofmanp@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gofmanp@gmail.com
--- Comment #1 from Paul Gofman gofmanp@gmail.com --- Created attachment 65941 --> https://bugs.winehq.org/attachment.cgi?id=65941 PoC patch
At this point it wants K32QueryWorkingSetEx() implementation, or, otherwise, NtQueryVirtualMemory(... MemoryWorkingSetList) which K32QueryWorkingSetEx() calls for actual work. As far as I could guess, MemoryWorkingSetList is similar to MemoryWorkingSetExInformation stubbed in staging, but the stub return value which is currently there is not enough. I am attaching the patch which seems to make Esea client happy at this stage.
But it fails later when its rootkit driver ESEADriver2.sys fails to initialize. Maybe that is be due to a bunch of functions it is calling being a stub:
... 003d:fixme:ntoskrnl:MmProbeAndLockPages (00000000005C4CD0, 0, 1): stub 003d:fixme:ntoskrnl:MmMapLockedPagesSpecifyCache (00000000005C4CD0, 0, 1, 0000000000000000, 0, 32): stub 003d:fixme:ntoskrnl:MmUnlockPages (00000000005C4CD0): stub 003d:trace:ntoskrnl:IoFreeMdl 00000000005C4CD0 DbgPrint says: Initialization error 1
Please note that Esea client was some (rather long) time ago spotted mining bitcoins on client's computers [1], so it used to be basically a malware. So I would recommend to always keep it in a separate Wine prefix and take other reasonable precautions when using it, like running at least as a separate user without the access to sensible data and so it is easy to kill the potentially leftover processes.
1. https://www.reddit.com/r/GlobalOffensive/comments/1dgad2/esea_client_basical...