[Bug 37408] NetWitness 9.x fails: GetDiskFreeSpaceExW - Does not accept path to file

26 Oct 2014


      https://bugs.winehq.org/show_bug.cgi?id=37408
Anastasius Focht focht@gmx.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P4                          |P2
             Status|UNCONFIRMED                 |NEW
                URL|                            |http://www.mtsac.edu/~bluet
                   |                            |eam/Forensic/NwInvestigator
                   |                            |Setup.exe
           Keywords|                            |download
                 CC|                            |focht@gmx.net
     Ever confirmed|0                           |1
            Summary|GetDiskFreeSpaceExW - Does  |NetWitness 9.x fails:
                   |not accept path to file     |GetDiskFreeSpaceExW - Does
                   |                            |not accept path to file
           Severity|major                       |normal
--- Comment #1 from Anastasius Focht focht@gmx.net ---
Hello,
from the logs it seems you are trying to run N^HRSA NetWitness Investigator
v9.x
--- quote ---
According to standard Microsoft documentation the GetDiskFreeSpaceExW WINAPI
call should fail if a directory is not given as the path to check free disk
space for. The documentation is incorrect. Making a call to GetDiskFreeSpaceExW
with a full path to a file (and not a directory) does indeed succeed on
standard windows. 
--- quote ---
I doubt that MS makes such obvious documentation mistake, given a parameter
'lpDirectoryName'.
If the app makes such a call it doesn't mean it's correct.
That are gazillion broken apps containing stupid code that works by chance or
fails silently.
Please write a test case and submit it to Wine test bot to prove your claim:
http://wiki.winehq.org/WineTestBot
Since you provided your own analysis (which is likely incorrect) you omitted
the important info: crash information (backtrace), error messages, terminal
logs etc.
Also specify the *exact* version of the app (9.5, 9.6, ???).
Tidbit: the app version 9.6 I found seems to be protected by Themida DRM
scheme.
--- snip ---
-=[ ProtectionID v0.6.5.5 OCTOBER]=-
(c) 2003-2013 CDKiLLER & TippeX
Build 31/10/13-21:09:09
Ready...
Scanning -> C:\Program Files\NetWitness\NetWitness
9.6\Investigator\NwInvestigatorPE.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 7936336 (0791950h)
Byte(s)
-> File Appears to be Digitally Signed @ Offset 0790200h, size : 01750h / 05968
byte(s)
[File Heuristics] -> Flag : 00000000000001001100000000000111 (0x0004C007)
[Entrypoint Section Entropy] : 1.50
[!] Themida v2.0.1.0 - v2.1.8.0 (or newer) detected !
[i] Hide PE Scanner Option used
- Scan Took : 0.738 Second(s) [0000002E2h tick(s)] [533 scan(s) done] 
--- snip ---
$ sha1sum NwInvestigatorSetup.exe
da176dab04c67c98dba6c017b54842b9be607ad65  NwInvestigatorSetup.exe
$ du -sh NwInvestigatorSetup.exe
132M    NwInvestigatorSetup.exe
$ wine --version
wine-1.7.29-57-gfbf2557
Regards
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 37408] NetWitness 9.x fails: GetDiskFreeSpaceExW - Does not accept path to file