https://bugs.winehq.org/show_bug.cgi?id=35652
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Aeria Games 'Aura Kingdom' |Multiple MMORPH game |MMORPH launcher crashes on |launchers crash on startup |startup |('DIALOG_CreateIndirect' |('DIALOG_CreateIndirect' |needs to trigger WM_PAINT, |needs to trigger WM_PAINT, |missing |missing 'UpdateWindow') |'UpdateWindow')(Aeria Games | |'Aura Kingdom', STOnline)
--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,
I found another victim, 'Spirit Tales Online'
Download: http://st.koramgame.com/download/download.html
After debugging some hours I figured out it's the same issue.
Trace/relay log doesn't reveal much.
--- snip --- ... 004034C0 53 PUSH EBX 004034C1 56 PUSH ESI 004034C2 8BF1 MOV ESI,ECX 004034C4 8B86 A8000000 MOV EAX,DWORD PTR DS:[ESI+A8] 004034CA 57 PUSH EDI 004034CB 8DBE A8000000 LEA EDI,DWORD PTR DS:[ESI+A8] 004034D1 83E8 10 SUB EAX,10 004034D4 8378 0C 01 CMP DWORD PTR DS:[EAX+C],1 004034D8 7E 0B JLE SHORT _Launche.004034E5 ... 0040350B 3986 8C0B0000 CMP DWORD PTR DS:[ESI+B8C],EAX 00403511 8986 900B0000 MOV DWORD PTR DS:[ESI+B90],EAX 00403517 0F84 97000000 JE _Launche.004035B4 0040351D 8B5C24 10 MOV EBX,DWORD PTR SS:[ESP+10] 00403521 85DB TEST EBX,EBX 00403523 75 05 JNZ SHORT _Launche.0040352A 00403525 BB 3D3D3D00 MOV EBX,3D3D3D 0040352A 8B8E 8C000000 MOV ECX,DWORD PTR DS:[ESI+8C] ; NULL instance 00403530 8986 8C0B0000 MOV DWORD PTR DS:[ESI+B8C],EAX 00403536 8B86 90000000 MOV EAX,DWORD PTR DS:[ESI+90] 0040353C 85C0 TEST EAX,EAX 0040353E 74 03 JE SHORT _Launche.00403543 00403540 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4] 00403543 8B51 04 MOV EDX,DWORD PTR DS:[ECX+4] ; ECX == NULL *boom* 00403546 68 2000CC00 PUSH 0CC0020 ; rop 0040354B 68 1C020000 PUSH 21C ; y1 00403550 68 40010000 PUSH 140 ; x1 00403555 50 PUSH EAX ; hdcSrc 00403556 6A 12 PUSH 12 ; cy 00403558 68 AB010000 PUSH 1AB ; cx 0040355D 68 1C020000 PUSH 21C ; y 00403562 68 40010000 PUSH 140 ; x 00403567 52 PUSH EDX ; hdc 00403568 FF15 E8604800 CALL DWORD PTR DS:[<&GDI32.BitBlt>] ... --- snip ---
Dump of internal object (referenced by ESI):
--- snip --- $-4 022108FC 00455355 USE. $ ==> 02210900 0048747C $+4 02210904 00000001 $+8 02210908 00000000 $+C 0221090C 00000000 $+10 02210910 00000000 $+14 02210914 00000001 $+18 02210918 00000000 $+1C 0221091C 0012A4D0 $+20 02210920 000500E2 $+24 02210924 00000000 $+28 02210928 00000000 $+2C 0221092C 00000000 $+30 02210930 0049592C ; _Launcher.0049592C $+34 02210934 004959A0 ; _Launcher.004959A0 $+38 02210938 00000000 $+3C 0221093C 00000018 $+40 02210940 7E8E5E8F ; OFFSET user32.DefDlgProcW $+44 02210944 FFFFFFFF $+48 02210948 00000000 $+4C 0221094C 00000000 $+50 02210950 00000000 $+54 02210954 00000066 $+58 02210958 00000066 $+5C 0221095C 00000000 $+60 02210960 00000000 $+64 02210964 00000000 $+68 02210968 00000000 $+6C 0221096C 00000000 $+70 02210970 00000000 $+74 02210974 00190032 $+78 02210978 00000000 $+7C 0221097C 00000405 $+80 02210980 000002A2 $+84 02210984 00000001 $+88 02210988 00000003 $+8C 0221098C 00000000 ; missing instance data (1) $+90 02210990 00000000 ; missing instance data (2) ... --- snip ---
Instance data creation by game winproc handler (WM_PAINT case):
--- snip --- ... 00405210 6A FF PUSH -1 00405212 68 DC184800 PUSH 004818DC ; Entry point 00405217 64:A1 0000000 MOV EAX,DWORD PTR FS:[0] 0040521D 50 PUSH EAX 0040521E 83EC 1C SUB ESP,1C 00405221 53 PUSH EBX 00405222 55 PUSH EBP 00405223 56 PUSH ESI 00405224 57 PUSH EDI 00405225 A1 30804A00 MOV EAX,DWORD PTR DS:[4A8030] ... 00405259 56 PUSH ESI 0040525A 8BC8 MOV ECX,EAX 0040525C E8 71F60400 CALL 004548D2 ; _Launcher.004548D2 00405261 EB 02 JMP SHORT 00405265 00405263 33C0 XOR EAX,EAX 00405265 8986 8C000000 MOV DWORD PTR DS:[ESI+8C],EAX ; instance data (1) 0040526B 8B10 MOV EDX,DWORD PTR DS:[EAX] ; ASCII "SAE" 0040526D 8B52 28 MOV EDX,DWORD PTR DS:[EDX+28] ... --- snip ---
The game launcher creates a dhtml-based dialog using 'CreateDialogIndirectParamW' and expects it's redraw/paint handler being called inside dialog creation.
Wine doesn't do this, only calling 'ShowWindow' (which doesn't trigger repaint), resulting in missing instance data, causing the crash.
My fix from comment #3 also makes this launcher/game to work - it starts auto-update.
You might consider sending a patch since these user32 bugs are nasty/time consuming to investigate.
$ sha1sum STOnline_US_20140507.exe 4b29fb0176f5d325e31698338b85bce65438145e STOnline_US_20140507.exe
$ du -sh STOnline_US_20140507.exe 2.4G STOnline_US_20140507.exe
$ wine --version wine-1.7.27-47-g92bcb74
Regards