https://bugs.winehq.org/show_bug.cgi?id=23449
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation Status|NEW |RESOLVED URL|http://www.daemon-tools.cc/ |www.oldapps.com/daemon_tool |eng/home |s.php?old_daemon_tools=23 Component|advapi32 |ntdll Resolution|--- |WONTFIX Summary|Daemon tools Lite 4.35.6 |Daemon tools Lite 4.35.6 |Fails to install, giving |fails to install, reports: |error message: "Internal |"Internal setup error. |setup error. Error code |Error code 256. Contact |256. Contact support." |support." (expects syscall | |trampoline layout for some | |native API)
--- Comment #17 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting.
I already said it in comment #12 - there is not much we can do here.
The installer (setuphlp.dll) analyses native API entry points and expects a certain layout to patch it later. It tries to disguise its actions by encrypting lookup strings for PE exports and xor'ing the API entry point addresses in memory.
* ntdll.NtQueryInformationProcess * ntdll.NtAllocateVirtualMemory * ntdll.NtProtectVirtualMemory * ntdll.NtReadVirtualMemory * ntdll.NtGetContextThread * ntdll.NtSetContextThread
The entry point analyzer can cope with some opcode variations but still expects Windows syscall trampoline layout (eax = syscall number, edx = KUSER_SHARED_DATA->syscall ...).
Shorted example what it looks for (it's actually more complex):
[00] [01][02][03][04] [05] [06] [0xB8] xx xx xx xx [0x8D|0xBA] ... mov eax, x mov edx, ...
Anyway, it seems in newer versions they dropped this garbage. I'll resolve this 'WONTFIX' here.
$ sha1sum DTLite4356-0091.exe 8e1d4488d30ccd527c32240b96c246928971023f DTLite4356-0091.exe
$ du -sh DTLite4356-0091.exe 9.2M DTLite4356-0091.exe
$ wine --version wine-1.7.13-118-g0eb6265
Regards