[Bug 27326] DiRT 3 game fails to launch (SecuROM 8.x and SecuROM Data File Activation 2.x/Product Activation)

http://bugs.winehq.org/show_bug.cgi?id=27326

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation Status|UNCONFIRMED |NEW CC| |focht@gmx.net Summary|DiRT 3 fails to launch |DiRT 3 game fails to launch |(exits silently) |(SecuROM 8.x and SecuROM | |Data File Activation | |2.x/Product Activation) Ever Confirmed|0 |1

--- Comment #3 from Anastasius Focht focht@gmx.net 2011-06-16 04:20:41 CDT --- Hello,

seems to be newer copy protection type. I found a torrent and tested with unpatched executables.

--- snip --- -=[ ProtectionID v0.6.4.0 JULY]=- (c) 2003-2010 CDKiLLER & TippeX Build 07/08/10-17:57:05 Ready... ... Scanning -> Z:\home\focht.wine\drive_c\Program Files\Codemasters\DiRT 3\DFA.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 6252000 (05F65E0h) Byte(s) -> File Appears to be Digitally Signed @ Offset 05F5088h, size : 01558h / 05464 byte(s) -> File has 136 (088h) bytes of appended data starting at offset 05F5000h [File Heuristics] -> Flag : 00000000000000000001000000000111 (0x00001007) [!] SecuROM SLL v 1.6.1 Protected (For SecuROM v 7.42.4) [i] SecuROM Data File Activation Core Module - version 2.4.0 [CompilerDetect] -> Visual C++ 7.1 (Visual Studio 2003) - Scan Took : 0.300 Second(s)

Scanning -> Z:\home\focht.wine\drive_c\Program Files\Codemasters\DiRT 3\dirt3_game.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 14499200 (0DD3D80h) Byte(s) -> File Appears to be Digitally Signed @ Offset 0DD2800h, size : 01580h / 05504 byte(s) [File Heuristics] -> Flag : 00000000000001001101000000000100 (0x0004D004) [!] Games For Windows Live detected ! [CompilerDetect] -> Visual C++ 9.0 (Visual Studio 2008) - Scan Took : 1.880 Second(s)

Scanning -> Z:\home\focht.wine\drive_c\Program Files\Codemasters\DiRT 3\dirt3.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 9241952 (08D0560h) Byte(s) -> File Appears to be Digitally Signed @ Offset 08CF008h, size : 01558h / 05464 byte(s) [File Heuristics] -> Flag : 00000000000000000000000000000101 (0x00000005) [!] SecuROM Detected - Version 08.03.0012 [!] Possible CD/DVD-Key or Serial Check -> SerialNumber [CompilerDetect] -> Visual C++ 7.1 (Visual Studio 2003) - Scan Took : 0.330 Second(s) --- snip ---

From a quick glance it crashes while preparing the FT_Thunk check.

The FT_Thunk check is part of SecuROM prerequisite code which is to determine exact OS version. It is executed before every in-depth security check because the checks are tailored to specific Windows versions.

Maybe they changed the wrapper code to call/emulate OS api. I'll have a look at this in detail when I got some time ... the queue is full :|

Regards