https://bugs.winehq.org/show_bug.cgi?id=41670
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|regression |obfuscation Summary|BattlEye service |BattlEye launcher stuck at |'BEService' fails to start |'Starting BattlEye |'BEDaisy' kernel service |Service...' (PUBG, |(Planetside2, H1Z1: King of |Planetside2, H1Z1: King of |the Kill, Tibia 11) |the Kill, Tibia 11)
--- Comment #37 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
Client side:
--- snip --- $ pwd /home/focht/.wine/drive_c/users/focht/Local Settings/Application Data/Tibia/packages/Tibia/bin
$ WINEDEBUG=+timestamp,+seh,+relay,+loaddll,+process,+ntoskrnl,+service wine ./client_launcher.exe >>log.txt 2>&1 ... 12503.443:000f:trace:service:load_service_config Image path = L""C:\Program Files\Common Files\BattlEye\BEService.exe"" 12503.443:000f:trace:service:load_service_config Group = (null) 12503.443:000f:trace:service:load_service_config Service account name = L"LocalSystem" 12503.443:000f:trace:service:load_service_config Display name = L"BattlEye Service" 12503.443:000f:trace:service:load_service_config Service dependencies : (none) 12503.443:000f:trace:service:load_service_config Group dependencies : (none) ... 12503.971:0009:Call KERNEL32.CreateFileW(0033efb8 L"C:\Program Files\Common Files\BattlEye\BEService_tibia.exe",80000000,00000003,0033e8bc,00000003,00000080,00000000) ret=00419292 12503.971:0009:Ret KERNEL32.CreateFileW() retval=00000048 ret=00419292 ... 12503.971:0009:Call advapi32.OpenSCManagerW(00000000,00000000,00000001) ret=00466bd7 12503.971:0009:trace:service:SERV_OpenSCManagerW ((null),(null),0x00000001) ... 12503.974:0009:trace:service:SERV_OpenSCManagerW returning 0x14ca58 12503.974:0009:Ret advapi32.OpenSCManagerW() retval=0014ca58 ret=00466bd7 ... 12503.974:0009:Call advapi32.OpenServiceW(0014ca58,004246bc L"BEService",00000034) ret=004479a5 12503.974:0009:trace:service:SERV_OpenServiceW 0x14ca58 L"BEService" 0x00000034 ... 12503.975:0009:Ret advapi32.OpenServiceW() retval=0014ca98 ret=004479a5 ... 12503.975:0009:Call KERNEL32.CreateFileW(0033f1c0 L"C:\Program Files\Common Files\BattlEye\BEService.exe",80000000,00000001,00000000,00000003,00000000,00000000) ret=0045753c 12503.975:0009:Ret KERNEL32.CreateFileW() retval=00000050 ret=0045753c ... 12504.024:0009:Call advapi32.StartServiceW(0014ca98,00000000,00000000) ret=0043bf4a 12504.024:0009:trace:service:StartServiceW 0x14ca98 0 (nil) ... 12504.031:0031:trace:process:__wine_kernel_init starting process name=L"C:\Program Files\Common Files\BattlEye\BEService.exe" argv[0]=L"C:\Program Files\Common Files\BattlEye\BEService.exe" 12504.034:0031:trace:loaddll:load_native_dll Loaded L"C:\Program Files\Common Files\BattlEye\BEService.exe" at 0x400000: native 12504.034:0014:trace:process:create_process_impl started process pid 0030 tid 0031 ... 12504.506:0009:Ret advapi32.StartServiceW() retval=00000001 ret=0043bf4a 12504.506:0009:Call advapi32.QueryServiceStatus(0014ca98,0033eb1c) ret=00478817 12504.506:0009:trace:service:QueryServiceStatus 0x14ca98 0x33eb1c 12504.506:0009:trace:service:QueryServiceStatusEx 0x14ca98 0 0x33e958 36 0x33e954 ... 12504.507:0009:Ret advapi32.QueryServiceStatus() retval=00000001 ret=00478817 12504.507:0009:Call KERNEL32.CreateFileW(0033eb38 L"\\.\pipe\BattlEye",c0000000,00000000,00000000,00000003,00000000,00000000) ret=0043bf11 12504.507:0009:Ret KERNEL32.CreateFileW() retval=00000068 ret=0043bf11 12504.507:0009:Call KERNEL32.SetNamedPipeHandleState(00000068,0033ea1c,00000000,00000000) ret=0042f5a5 12504.507:0009:Ret KERNEL32.SetNamedPipeHandleState() retval=00000001 ret=0042f5a5 12504.507:0009:Call KERNEL32.GetNativeSystemInfo(0033eab4) ret=004336f4 12504.507:0009:Ret KERNEL32.GetNativeSystemInfo() retval=00000000 ret=004336f4 12504.507:0009:Call KERNEL32.WriteFile(00000068,0033ebb8,000000e3,0033ea08,00000000) ret=004568db 12504.507:0009:Ret KERNEL32.WriteFile() retval=00000001 ret=004568db 12504.507:0009:Call KERNEL32.ReadFile(00000068,0033ebb8,00000400,0033ea08,00000000) ret=0043ac10 12554.742:0009:Ret KERNEL32.ReadFile() retval=00000000 ret=0043ac10 12554.742:0009:Call KERNEL32.CloseHandle(00000068) ret=004646b3 12554.742:0009:Ret KERNEL32.CloseHandle() retval=00000001 ret=004646b3 12554.742:0009:Call KERNEL32.Sleep(00000064) ret=004396bf 12554.842:0009:Ret KERNEL32.Sleep() retval=00000000 ret=004396bf 12554.842:0009:Call advapi32.QueryServiceStatus(0014ca98,0033eb1c) ret=00478817 12554.842:0009:trace:service:QueryServiceStatus 0x14ca98 0x33eb1c 12554.842:0009:trace:service:QueryServiceStatusEx 0x14ca98 0 0x33e958 36 0x33e954 ... 12554.845:0009:Ret advapi32.QueryServiceStatus() retval=00000001 ret=00478817 12554.845:0009:Call KERNEL32.Sleep(00000064) ret=004396bf 12554.945:0009:Ret KERNEL32.Sleep() retval=00000000 ret=004396bf ... --- snip ---
BE Service side:
--- snip --- ... 12504.505:0034:Starting thread proc 0x7e5b526b (arg=0x14c900) 12504.505:0034:trace:service:service_thread 0x14c900 12504.505:0034:Call advapi32.RegisterServiceCtrlHandlerA(004365ba "",0041a500) ret=0044d448 12504.505:0034:trace:service:RegisterServiceCtrlHandlerExW L"" 0x7e5ba731 0x41a500 12504.505:0034:Ret advapi32.RegisterServiceCtrlHandlerA() retval=0014ca20 ret=0044d448 12504.505:0034:Call advapi32.SetServiceStatus(0014ca20,0043da60) ret=0056ea97 12504.505:0034:trace:service:SetServiceStatus 0x14ca20 10 4 1 0 0 0 0 ... 12504.506:0034:Ret advapi32.SetServiceStatus() retval=00000001 ret=0056ea97 12504.506:0034:Call KERNEL32.CreateNamedPipeA(00f1fe38 "\\.\pipe\BattlEye",40040003,00000006,00000002,00000400,00000400,00000000,00000000) ret=005ff52a 12504.506:0034:Ret KERNEL32.CreateNamedPipeA() retval=0000005c ret=005ff52a 12504.506:0034:Call KERNEL32.CreateNamedPipeA(00f1fe38 "\\.\pipe\BattlEye",40040003,00000006,00000002,00000400,00000400,00000000,00000000) ret=0063e40c 12504.506:0034:Ret KERNEL32.CreateNamedPipeA() retval=00000060 ret=0063e40c 12504.506:0034:Call advapi32.GetSecurityInfo(0000005c,00000006,00000004,00000000,00000000,00f16798,00000000,00f16768) ret=0069a031 12504.506:0034:Ret advapi32.GetSecurityInfo() retval=00000000 ret=0069a031 12504.506:0034:Call advapi32.AllocateAndInitializeSid(00f174ac,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00f1685c) ret=00445687 12504.506:0034:Ret advapi32.AllocateAndInitializeSid() retval=00000001 ret=00445687 12504.506:0034:Call advapi32.SetEntriesInAclA(00000001,00f16608,00000000,00f16858) ret=004f18c6 12504.506:0034:Ret advapi32.SetEntriesInAclA() retval=00000000 ret=004f18c6 12504.506:0034:Call advapi32.SetSecurityInfo(0000005c,00000006,00000004,00000000,00000000,0014eca8,00000000) ret=0066bc20 12504.506:0034:Ret advapi32.SetSecurityInfo() retval=00000000 ret=0066bc20 ... 12504.506:0034:Call advapi32.GetSecurityInfo(00000060,00000006,00000004,00000000,00000000,00f16798,00000000,00f16768) ret=0069a031 12504.506:0034:Ret advapi32.GetSecurityInfo() retval=00000000 ret=0069a031 12504.506:0034:Call advapi32.AllocateAndInitializeSid(00f174ac,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00f1685c) ret=00445687 12504.506:0034:Ret advapi32.AllocateAndInitializeSid() retval=00000001 ret=00445687 12504.506:0034:Call advapi32.SetEntriesInAclA(00000001,00f16608,0014ebac,00f16858) ret=004f18c6 12504.506:0034:Ret advapi32.SetEntriesInAclA() retval=00000000 ret=004f18c6 12504.506:0034:Call advapi32.SetSecurityInfo(00000060,00000006,00000004,00000000,00000000,0014ecd0,00000000) ret=0066bc20 12504.506:0034:Ret advapi32.SetSecurityInfo() retval=00000000 ret=0066bc20 ... 12504.507:0034:Call ws2_32.WSAStartup(00000202,00f16bac) ret=005e69f7 12504.507:0034:Ret ws2_32.WSAStartup() retval=00000000 ret=005e69f7 12504.507:0034:Call ws2_32.socket(00000002,00000002,00000011) ret=004b902d ... 12504.507:0034:Call ntdll.wine_server_handle_to_fd(00000064,00000000,00f15e3c,00000000) ret=7e5100e3 12504.507:0034:Ret ntdll.wine_server_handle_to_fd() retval=00000000 ret=7e5100e3 12504.507:0034:Call ntdll.wine_server_release_fd(00000064,00000011) ret=7e510117 12504.507:0034:Ret ntdll.wine_server_release_fd() retval=00000000 ret=7e510117 12504.507:0034:Ret ws2_32.socket() retval=00000064 ret=004b902d 12504.507:0034:Call ws2_32.ioctlsocket(00000064,8004667e,00f16764) ret=0068c6b4 12504.507:0034:Ret ws2_32.ioctlsocket() retval=00000000 ret=0068c6b4 12504.507:0034:Call advapi32.OpenProcessToken(ffffffff,00000020,00f1680c) ret=0045a077 12504.507:0034:Ret advapi32.OpenProcessToken() retval=00000001 ret=0045a077 12504.507:0034:Call advapi32.LookupPrivilegeValueA(00000000,004358d4,00f16650) ret=00575df2 12504.507:0034:Ret advapi32.LookupPrivilegeValueA() retval=00000001 ret=00575df2 12504.507:0034:Call advapi32.AdjustTokenPrivileges(00000068,00000000,00f1743c,00000000,00000000,00000000) ret=005d2292 12504.507:0034:Ret advapi32.AdjustTokenPrivileges() retval=00000001 ret=005d2292 12504.507:0034:Call KERNEL32.CloseHandle(00000068) ret=0064254a 12504.507:0034:Ret KERNEL32.CloseHandle() retval=00000001 ret=0064254a 12504.507:0034:Call KERNEL32.GetTickCount() ret=00665b17 12504.507:0034:Ret KERNEL32.GetTickCount() retval=00becdbb ret=00665b17 12504.507:0034:Call KERNEL32.GetLastError() ret=00421189 12504.507:0034:Ret KERNEL32.GetLastError() retval=00000000 ret=00421189 12504.507:0034:Call ntdll.RtlAllocateHeap(00110000,00000008,00000364) ret=0041ffbc 12504.507:0034:Ret ntdll.RtlAllocateHeap() retval=0014ec58 ret=0041ffbc 12504.510:0034:Call KERNEL32.ConnectNamedPipe(0000005c,0043ca30) ret=00579ed8 12504.510:0034:Ret KERNEL32.ConnectNamedPipe() retval=00000000 ret=00579ed8 12504.510:0034:Call KERNEL32.GetLastError() ret=0045526b 12504.510:0034:Ret KERNEL32.GetLastError() retval=000003e5 ret=0045526b 12504.510:0034:Call KERNEL32.CreateFileA(00f1fde4 "\\.\BlackBone",80000000,00000003,00000000,00000003,00000000,00000000) ret=00632229 12504.510:0034:Ret KERNEL32.CreateFileA() retval=ffffffff ret=00632229 12504.510:0034:Call KERNEL32.Sleep(00000064) ret=006b9498 12504.610:0034:Ret KERNEL32.Sleep() retval=00000000 ret=006b9498 12504.611:0034:Call KERNEL32.CreateFileA(00f1fde4 "\\.\BlackBone",80000000,00000003,00000000,00000003,00000000,00000000) ret=00632229 12504.611:0034:Ret KERNEL32.CreateFileA() retval=ffffffff ret=00632229 12504.611:0034:Call KERNEL32.Sleep(00000064) ret=006b9498 12504.711:0034:Ret KERNEL32.Sleep() retval=00000000 ret=006b9498 12504.712:0034:Call KERNEL32.CreateFileA(00f1fde4 "\\.\BlackBone",80000000,00000003,00000000,00000003,00000000,00000000) ret=00632229 12504.712:0034:Ret KERNEL32.CreateFileA() retval=ffffffff ret=00632229 12504.712:0034:Call KERNEL32.Sleep(00000064) ret=006b9498 12504.812:0034:Ret KERNEL32.Sleep() retval=00000000 ret=006b9498 12504.812:0034:Call KERNEL32.CreateFileA(00f1fde4 "\\.\BlackBone",80000000,00000003,00000000,00000003,00000000,00000000) ret=00632229 12504.812:0034:Ret KERNEL32.CreateFileA() retval=ffffffff ret=00632229 12504.813:0034:Call KERNEL32.Sleep(00000064) ret=006b9498 12504.913:0034:Ret KERNEL32.Sleep() retval=00000000 ret=006b9498 ... <repeats> --- snip ---
The service creates two named pipe instances '\\.\pipe\BattlEye' in message mode and sets the pipe security. After some other startup initialization tasks, the service thread calls 'ConnectNamedPipe()' to wait for clients to connect. The call returns 'ERROR_IO_PENDING' because the client already managed to open and write to the named pipe. Check the timestamps of the relevant API calls from both snippets. Instead of calling 'GetOverlappedResult()', the service thread just endlessly loops trying to open '\\.\BlackBone', with small delays in between. BlackBone is some hacking framework/lib (https://github.com/DarthTon/Blackbone), also used for cheating. The failure to open the driver symlink is expected.
The client just sits in a loop, querying the service status. If the service is terminated manually by issuing 'wine net stop BEService' from another terminal, the client starts another client instance with parameter '3' which does a full service reinstall.
--- snip --- ... 12565.049:0009:Call KERNEL32.CreateProcessW(00000000,0033d6dc L""C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" 3",00000000,00000000,00000000,00000410,00000000,00000000,0033d1b0,0033d1a0) ret=7e3f2af4 ... 12565.049:0009:trace:process:create_process_impl starting L"C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" as Win32 binary (400000-4bf000, arch 014c) ... 12565.057:003d:trace:loaddll:load_native_dll Loaded L"C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" at 0x400000: native 12565.058:0009:trace:process:create_process_impl started process pid 003c tid 003d ... 12565.149:003d:Starting process L"C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" (entryproc=0x47d6dc) ... 12565.160:003d:Call advapi32.OpenServiceW(0014c620,004246bc L"BEService",00010020) ret=00441e58 ... 12565.164:003d:Call KERNEL32.DeleteFileW(0033f1c2 L"C:\Program Files\Common Files\BattlEye\BEService.exe") ret=00450c96 12565.165:003d:Ret KERNEL32.DeleteFileW() retval=00000001 ret=00450c96 12565.165:003d:Call KERNEL32.CopyFileW(0033efb8 L"C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\BattlEye\BEService.exe",0033f1c2 L"C:\Program Files\Common Files\BattlEye\BEService.exe",00000000) ret=004506bb ... 12565.170:003d:Call advapi32.CreateServiceW(0014c620,004246bc L"BEService",00424c3c L"BattlEye Service",00060010,00000010,00000003,00000001,0033f1c0 L""C:\Program Files\Common Files\BattlEye\BEService.exe"",00000000,00000000,00000000,00000000,00000000) ret=0044809e 12565.170:003d:trace:service:CreateServiceW 0x14c620 L"BEService" L"BattlEye Service" ... 12565.171:0038:trace:service:svcctl_CreateServiceW (L"BEService", L"BattlEye Service", 0x60010, L""C:\Program Files\Common Files\BattlEye\BEService.exe"") ... 12565.173:0039:Call KERNEL32.CreateProcessW(00000000,0011c760 L""C:\Program Files\Common Files\BattlEye\BEService.exe"",00000000,00000000,00000000,00000400,00450000,00000000,00eef8ec,00eef930) ret=7efe4bb0 12565.173:0039:trace:process:create_process_impl app (null) cmdline L""C:\Program Files\Common Files\BattlEye\BEService.exe"" ... 12565.186:0039:trace:process:create_process_impl started process pid 003f tid 0040 ... 12565.647:0040:trace:service:service_run_main_thread Starting 1 services running as process 63 ... 12565.661:003d:Call KERNEL32.ExitProcess(00000000) ret=0040fd66 ... 12565.662:0009:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=0046bc44 12565.662:0009:Call KERNEL32.GetExitCodeProcess(00000074,0033ea20) ret=004359ea 12565.662:0009:Ret KERNEL32.GetExitCodeProcess() retval=00000001 ret=004359ea 12565.662:0009:Call advapi32.OpenServiceW(00172870,004246bc L"BEService",00000024) ret=0044ea0d 12565.662:0009:trace:service:SERV_OpenServiceW 0x172870 L"BEService" 0x00000024 ... 12565.669:002f:Call KERNEL32.GetStringTypeW(00000001,0016b04c L"13:03:10: Installing BattlEye Service...\r\n13:03:11: Successfully installed BattlEye Service.\r\n",00000001,005bf46a) ret=7db550c1 12565.669:002f:Ret KERNEL32.GetStringTypeW() retval=00000001 ret=7db550c1 ... --- snip ---
The second time it succeeds. Same service startup sequence again:
--- snip --- 12565.650:0043:Ret advapi32.SetServiceStatus() retval=00000001 ret=0056ea97 12565.650:0043:Call KERNEL32.CreateNamedPipeA(00f1fe38 "\\.\pipe\BattlEye",40040003,00000006,00000002,00000400,00000400,00000000,00000000) ret=005ff52a 12565.650:0043:Ret KERNEL32.CreateNamedPipeA() retval=0000005c ret=005ff52a 12565.650:0043:Call KERNEL32.CreateNamedPipeA(00f1fe38 "\\.\pipe\BattlEye",40040003,00000006,00000002,00000400,00000400,00000000,00000000) ret=0063e40c 12565.650:0043:Ret KERNEL32.CreateNamedPipeA() retval=00000060 ret=0063e40c 12565.650:0043:Call advapi32.GetSecurityInfo(0000005c,00000006,00000004,00000000,00000000,00f16798,00000000,00f16768) ret=0069a031 12565.650:0043:Ret advapi32.GetSecurityInfo() retval=00000000 ret=0069a031 12565.650:0043:Call advapi32.AllocateAndInitializeSid(00f174ac,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00f1685c) ret=00445687 12565.650:0043:Ret advapi32.AllocateAndInitializeSid() retval=00000001 ret=00445687 12565.650:0043:Call advapi32.SetEntriesInAclA(00000001,00f16608,00000000,00f16858) ret=004f18c6 12565.650:0043:Ret advapi32.SetEntriesInAclA() retval=00000000 ret=004f18c6 12565.650:0043:Call advapi32.SetSecurityInfo(0000005c,00000006,00000004,00000000,00000000,0014eca8,00000000) ret=0066bc20 12565.651:0043:Ret advapi32.SetSecurityInfo() retval=00000000 ret=0066bc20 ... 12565.651:0043:Call advapi32.GetSecurityInfo(00000060,00000006,00000004,00000000,00000000,00f16798,00000000,00f16768) ret=0069a031 12565.651:0043:Ret advapi32.GetSecurityInfo() retval=00000000 ret=0069a031 12565.651:0043:Call advapi32.AllocateAndInitializeSid(00f174ac,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00f1685c) ret=00445687 12565.651:0043:Ret advapi32.AllocateAndInitializeSid() retval=00000001 ret=00445687 12565.651:0043:Call advapi32.SetEntriesInAclA(00000001,00f16608,0014ebac,00f16858) ret=004f18c6 12565.651:0043:Ret advapi32.SetEntriesInAclA() retval=00000000 ret=004f18c6 12565.651:0043:Call advapi32.SetSecurityInfo(00000060,00000006,00000004,00000000,00000000,0014ecd0,00000000) ret=0066bc20 12565.651:0043:Ret advapi32.SetSecurityInfo() retval=00000000 ret=0066bc20 ... 12565.651:0043:Call ws2_32.WSAStartup(00000202,00f16bac) ret=005e69f7 12565.651:0043:Ret ws2_32.WSAStartup() retval=00000000 ret=005e69f7 12565.651:0043:Call ws2_32.socket(00000002,00000002,00000011) ret=004b902d ... 12565.651:0043:Call ntdll.wine_server_handle_to_fd(00000064,00000000,00f15e3c,00000000) ret=7e5100e3 12565.651:0043:Ret ntdll.wine_server_handle_to_fd() retval=00000000 ret=7e5100e3 12565.651:0043:Call ntdll.wine_server_release_fd(00000064,00000011) ret=7e510117 12565.651:0043:Ret ntdll.wine_server_release_fd() retval=00000000 ret=7e510117 12565.651:0043:Ret ws2_32.socket() retval=00000064 ret=004b902d 12565.651:0043:Call ws2_32.ioctlsocket(00000064,8004667e,00f16764) ret=0068c6b4 12565.651:0043:Ret ws2_32.ioctlsocket() retval=00000000 ret=0068c6b4 12565.651:0043:Call advapi32.OpenProcessToken(ffffffff,00000020,00f1680c) ret=0045a077 12565.651:0043:Ret advapi32.OpenProcessToken() retval=00000001 ret=0045a077 12565.651:0043:Call advapi32.LookupPrivilegeValueA(00000000,004358d4,00f16650) ret=00575df2 12565.651:0043:Ret advapi32.LookupPrivilegeValueA() retval=00000001 ret=00575df2 12565.651:0043:Call advapi32.AdjustTokenPrivileges(00000068,00000000,00f1743c,00000000,00000000,00000000) ret=005d2292 12565.651:0043:Ret advapi32.AdjustTokenPrivileges() retval=00000001 ret=005d2292 12565.651:0043:Call KERNEL32.CloseHandle(00000068) ret=0064254a 12565.651:0043:Ret KERNEL32.CloseHandle() retval=00000001 ret=0064254a 12565.651:0043:Call KERNEL32.GetTickCount() ret=00665b17 12565.651:0043:Ret KERNEL32.GetTickCount() retval=00bfbc93 ret=00665b17 12565.651:0043:Call KERNEL32.GetLastError() ret=00421189 12565.651:0043:Ret KERNEL32.GetLastError() retval=00000000 ret=00421189 12565.651:0043:Call ntdll.RtlAllocateHeap(00110000,00000008,00000364) ret=0041ffbc 12565.651:0043:Ret ntdll.RtlAllocateHeap() retval=0014ec58 ret=0041ffbc 12565.655:0043:Call KERNEL32.ConnectNamedPipe(0000005c,0043ca30) ret=00579ed8 12565.655:0043:Ret KERNEL32.ConnectNamedPipe() retval=00000000 ret=00579ed8 12565.655:0043:Call KERNEL32.GetLastError() ret=0045526b 12565.655:0043:Ret KERNEL32.GetLastError() retval=000003e5 ret=0045526b 12565.655:0043:Call KERNEL32.CreateFileA(00f1fde4 "\\.\BlackBone",80000000,00000003,00000000,00000003,00000000,00000000) ret=00632229 12565.655:0043:Ret KERNEL32.CreateFileA() retval=ffffffff ret=00632229 12565.655:0043:Call KERNEL32.Sleep(00000064) ret=006b9498 12565.755:0043:Ret KERNEL32.Sleep() retval=00000000 ret=006b9498 12565.755:0043:Call KERNEL32.GetOverlappedResult(0000005c,0043ca30,00f16ba0,00000000) ret=00463d46 12565.755:0043:Ret KERNEL32.GetOverlappedResult() retval=00000001 ret=00463d46 12565.756:0043:Call KERNEL32.ReadFile(0000005c,0043d258,00000400,00f16ba0,0043ca30) ret=004a3dd5 12565.756:0043:Ret KERNEL32.ReadFile() retval=00000001 ret=004a3dd5 12565.756:0043:Call KERNEL32.GetModuleFileNameW(00000000,00f19e38,000001f5) ret=00583164 12565.756:0043:Ret KERNEL32.GetModuleFileNameW() retval=00000034 ret=00583164 ... 12565.761:0043:Call advapi32.CreateServiceW(0014f238,00f1fd98 L"BEDaisy",00f1fd98 L"BEDaisy",00010034,00000001,00000003,00000001,00f19a38 L"C:\Program Files\Common Files\BattlEye\BEDaisy.sys",00000000,00000000,00000000,00000000,00000000) ret=00489100 12565.761:0043:trace:service:CreateServiceW 0x14f238 L"BEDaisy" L"BEDaisy" ... --- snip ---
The same service binary is started again but the code path executed after 'ConnectNamedPipe()' fails with 'ERROR_IO_PENDING' is a bit different. Unfortunately the service binary is protected (obfuscated/virtualized) with VMProtect 2.x or 3.x. which makes it time consuming to figure out the problem domain:
* bug in Wine (API insufficiencies) * bug in VMP virtual machine code (incompatibility with Wine) * bug in app code, before virtualization (not a Wine bug, works by chance on Windows)
For now use the following workaround when 'BattlEye Launcher' dialog window shows 'Starting BattlEye Service...':
--- snip --- $ wine net stop BEService --- snip ---
$ sha1sum Tibia_Setup.exe 14eaffd5c5026d06427b417d643a65786edc5e73 Tibia_Setup.exe
$ du -sh Tibia_Setup.exe 5.4M Tibia_Setup.exe
$ wine --version wine-3.14
Regards