[Bug 19296] "Uru: Ages beyond myst" fails to install (check for ATL thunk triggers unexpected guard page fault in Shinker 3.5 protected installer executable)

23 Oct 2013


      http://bugs.winehq.org/show_bug.cgi?id=19296
Anastasius Focht focht@gmx.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|Abandoned?                  |obfuscation
                 CC|                            |focht@gmx.net
          Component|-unknown                    |ntdll
            Summary|"Uru: Ages beyond myst"     |"Uru: Ages beyond myst"
                   |fails to install            |fails to install (check for
                   |                            |ATL thunk triggers
                   |                            |unexpected guard page fault
                   |                            |in Shinker 3.5 protected
                   |                            |installer executable)
--- Comment #12 from Anastasius Focht focht@gmx.net 2013-10-23 17:49:31 CDT ---
Hello folks,
I had the right feeling about this one ... bought the game for a few bugs and
it was delivered today :)
The installer is protected by Shinker 3.5 (+relay triggers error dialog ->
version hint).
It's basically the same issue as bug 34479 "Advantage Cooking: crashes on start
(check for ATL thunk triggers unexpected guard page fault)".
Shrinker also employs a scheme with guard pages on PE sections.
Wine triggers a guard page fault with its ATL thunk check which the protection
mishandles.
First, well known hooking of LdrAccessResource and call_exception_handler:
--- snip ---
0009:trace:module:LdrGetDllHandle L"USER32" -> 0x7eb50000 (load path
L"E:\Installer;.;C:\windows\system32;C:\windows\system;C:\windows;C:\windows\system32;C:\windows;C:\windows\system32\wbem")
0009:trace:module:LdrGetDllHandle L"NTDLL" -> 0x7bc10000 (load path
L"E:\Installer;.;C:\windows\system32;C:\windows\system;C:\windows;C:\windows\system32;C:\windows;C:\windows\system32\wbem")
0009: write_process_memory( handle=ffffffff, addr=7bc6fdb1,
data={e8,d2,05,6c,84} )
0009: *signal* signal=19
0009: write_process_memory() = 0
0009: write_process_memory( handle=ffffffff, addr=7bc857a4,
data={e9,eb,a8,6a,84,64,8b,25} )
0009: *signal* signal=19
0009: write_process_memory() = 0
--- snip ---
Setting up guard pages:
--- snip ---
0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x401000 00040000 00000001
0009:trace:virtual:VIRTUAL_SetProt 0x401000-0x440fff c----
0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x44dfff (anonymous)
0009:trace:virtual:VIRTUAL_DumpView       0x400000 - 0x400fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x401000 - 0x440fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x441000 - 0x442fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x443000 - 0x446fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView       0x447000 - 0x447fff c-rWx
0009:trace:virtual:VIRTUAL_DumpView       0x448000 - 0x44afff c-r-x
0009:trace:virtual:VIRTUAL_DumpView       0x44b000 - 0x44dfff c-r--
...
--- snip ---
Wine ATL thunk check triggers unexpected guard page fault, prematurely
resetting protection:
--- snip ---
...
0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bc83556
ip=7bc83556 tid=0009
0009:trace:seh:raise_exception  info[0]=00000000
0009:trace:seh:raise_exception  info[1]=00419b5d
0009:trace:seh:raise_exception  eax=00419b5d ebx=7bccf000 ecx=f2e3aa60
edx=0032f968 esi=0032fa9c edi=00000000
0009:trace:seh:raise_exception  ebp=0032fa38 esp=0032f940 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010246
0009:trace:seh:call_vectored_handlers calling handler at 0x7ece90b7
code=c0000005 flags=0
0009:trace:seh:call_vectored_handlers handler at 0x7ece90b7 returned 0
0009:trace:seh:call_stack_handlers calling handler at 0x7bc9d8db code=c0000005
flags=0
0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x419000 00008000 00000004
0009:trace:virtual:VIRTUAL_SetProt 0x419000-0x420fff c-rW-
0009:trace:virtual:VIRTUAL_SetProt forcing exec permission on 0x419000-0x420fff
0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x44dfff (anonymous)
0009:trace:virtual:VIRTUAL_DumpView       0x400000 - 0x400fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x401000 - 0x418fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x419000 - 0x420fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView       0x421000 - 0x422fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x423000 - 0x423fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView       0x424000 - 0x424fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x425000 - 0x440fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x441000 - 0x442fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x443000 - 0x446fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView       0x447000 - 0x447fff c-rWx
0009:trace:virtual:VIRTUAL_DumpView       0x448000 - 0x44afff c-r-x
0009:trace:virtual:VIRTUAL_DumpView       0x44b000 - 0x44dfff c-r--
...
0009:trace:virtual:NtProtectVirtualMemory 0xffffffff 0x419000 00008000 00000020
0009:trace:virtual:VIRTUAL_SetProt 0x419000-0x420fff c-r-x
0009:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x44dfff (anonymous)
0009:trace:virtual:VIRTUAL_DumpView       0x400000 - 0x400fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x401000 - 0x418fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x419000 - 0x420fff c-r-x
0009:trace:virtual:VIRTUAL_DumpView       0x421000 - 0x422fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x423000 - 0x423fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView       0x424000 - 0x424fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x425000 - 0x440fff c----
0009:trace:virtual:VIRTUAL_DumpView       0x441000 - 0x442fff c-r--
0009:trace:virtual:VIRTUAL_DumpView       0x443000 - 0x446fff c-rW-
0009:trace:virtual:VIRTUAL_DumpView       0x447000 - 0x447fff c-rWx
0009:trace:virtual:VIRTUAL_DumpView       0x448000 - 0x44afff c-r-x
0009:trace:virtual:VIRTUAL_DumpView       0x44b000 - 0x44dfff c-r--
0009:trace:seh:call_stack_handlers handler at 0x7bc9d8db returned 0
0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x419b5d ip=00419b5d
tid=0009
0009:trace:seh:raise_exception  info[0]=00000000
0009:trace:seh:raise_exception  info[1]=00419b5d
0009:trace:seh:raise_exception  eax=00419b5d ebx=7b8ba000 ecx=0002c000
edx=0013c798 esi=00000001 edi=00000000
0009:trace:seh:raise_exception  ebp=0032fe04 esp=0032fdc8 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0009:trace:seh:call_vectored_handlers calling handler at 0x7ece90b7
code=c0000005 flags=0
0009:trace:seh:call_vectored_handlers handler at 0x7ece90b7 returned 0
0009:trace:seh:call_stack_handlers calling handler at 0x449b4c code=c0000005
flags=0
0009:trace:seh:call_stack_handlers handler at 0x449b4c returned 1
0009:trace:seh:call_stack_handlers calling handler at 0x7bc9d86b code=c0000005
flags=0 
...
0009:trace:seh:start_debugger Starting debugger "winedbg --auto 8 72" 
--- snip ---
Unfortunately the ATL thunk check is needed later for GUI/window creation.
$ wine --version
wine-1.7.4-399-g83775f0
Regards
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 19296] "Uru: Ages beyond myst" fails to install (check for ATL thunk triggers unexpected guard page fault in Shinker 3.5 protected installer executable)