[Bug 18844] Neuro-Programmer v2.5 fails to map registry entries (XenoCode Virtual Application Studio 2010 registry virtualization fails to intercept Wine's root key handles)

14 Sep 2015


      https://bugs.winehq.org/show_bug.cgi?id=18844
Anastasius Focht focht@gmx.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |obfuscation
             Status|NEW                         |RESOLVED
                 CC|                            |focht@gmx.net
          Component|-unknown                    |advapi32
         Resolution|---                         |DUPLICATE
            Summary|Neuro-Programmer v2.5 fails |Neuro-Programmer v2.5 fails
                   |to map registry entries     |to map registry entries
                   |                            |(XenoCode Virtual
                   |                            |Application Studio 2010
                   |                            |registry virtualization
                   |                            |fails to intercept Wine's
                   |                            |root key handles)
--- Comment #4 from Anastasius Focht focht@gmx.net ---
Hello folks,
the problem the special root key handle interception which Xenocode registry
virtualization relies on.
I described the problem in bug 38956
I'm resolving this as dupe since the analysis is there.
--- snip ---
$ WINEDEBUG=+tid,+seh,+loaddll,+process,+reg,+msgbox wine ./Neuro-Programmer\
2.exe >>log.txt 2>&1
...
0027:trace:loaddll:load_native_dll Loaded L"C:\windows\system32\mscoree.dll"
at 0x79000000: native
0027:trace:reg:GetSystemInfo si=0x0x33ecd8
0027:trace:reg:GetSystemInfo si=0x0x33ea3c
0027:trace:reg:NtOpenKey
(0x2c,L"Software\Microsoft\.NETFramework",20019,0x33dfe0)
0027:trace:reg:NtOpenKey <- (nil)
...
0027:trace:loaddll:load_native_dll Loaded
L"C:\windows\system32\MUI\0409\mscorees.dll" at 0x63ef0000: native
...
0027:trace:reg:NtOpenKey
(0x2c,L"Software\Microsoft\.NETFramework",20019,0x33c4a8)
0027:trace:reg:NtOpenKey <- (nil)
0027:trace:reg:NtOpenKey
(0x2c,L"Software\Microsoft\.NETFramework",20019,0x33c868)
0027:trace:reg:NtOpenKey <- (nil)
0027:trace:reg:NtOpenKey
(0x2c,L"Software\Microsoft\.NETFramework",20019,0x33bf94)
0027:trace:reg:NtOpenKey <- (nil)
0027:trace:reg:NtOpenKey
(0x50,L"Software\Microsoft\.NETFramework\Policy\Upgrades",20019,0x33c860)
0027:trace:reg:NtOpenKey <- (nil)
0027:trace:reg:NtOpenKey
(0x2c,L"Software\Microsoft\.NETFramework\Policy\Upgrades",20019,0x33c860)
0027:trace:reg:NtOpenKey <- (nil)
0027:trace:reg:NtOpenKey
(0x2c,L"Software\Microsoft\.NETFramework",20019,0x33bf94)
0027:trace:reg:NtOpenKey <- (nil)
...
0027:trace:msgbox:MSGBOX_OnInit L"Please set registry key
HKLM\Software\Microsoft\.NETFramework\InstallRoot to point \nto the .NET
Framework install location" 
--- snip ---
ProtectionID scan:
--- snip ---
-=[ ProtectionID v0.6.6.7 DECEMBER]=-
(c) 2003-2015 CDKiLLER & TippeX
Build 24/12/14-22:48:13
Ready...
Scanning -> C:\Program Files\Neuro-Programmer 2\Neuro-Programmer 2.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 27265025 (01A00801h)
Byte(s)
Compilation TimeStamp : 0x0000002B -> Thu 01st Jan 1970 00:00:43 (GMT)
[TimeStamp] 0x0000002B -> Thu 01st Jan 1970 00:00:43 (GMT) | PE Header | - |
Offset: 0x00000088 | VA: 0x00400088 | -
-> File has 27240961 (019FAA01h) bytes of appended data starting at offset
05E00h
[File Heuristics] -> Flag #1 : 00000000000001001000000000000100 (0x00048004)
[Entrypoint Section Entropy] : 6.30 (section #0) ".text   " | Size : 0x3C54
(15444) byte(s)
[DllCharacteristics] -> Flag : (0x8000) -> TSA
[SectionCount] 6 (0x6) | ImageSize 0x290000 (2686976) byte(s)
[VersionInfo] Company Name : Transparent Corporation. www.transparentcorp.com
[VersionInfo] Product Name : Neuro-Programmer 2
[VersionInfo] Product Version : 2.5.4.0
[VersionInfo] File Description : Neuro-Programmer 2
[VersionInfo] File Version : 2.5.4.0
[VersionInfo] Original FileName : Neuro-Programmer 2.exe
[VersionInfo] Internal Name : Neuro-Programmer 2.exe
[VersionInfo] Version Comments : An advanced self-help application. utilizing
brainwave entrainment. hypnosis and psychological techniques.
[VersionInfo] Legal Trademarks : Neuro-Programmer
[VersionInfo] Legal Copyrights : Copyright 2003-2010 Transparent Corporation
All Rights Reserved
[!] XenoCode Virtual Application Studio 2010 detected !
[CdKeySerial] found "Invalid code" @ VA: 0x00001EE0 / Offset: 0x000012E0
- Scan Took : 0.349 Second(s) [00000015Dh (349) tick(s)] [558 of 573 scan(s)
done]
--- snip ---
$ sha1sum NP2_Installer.exe 
74724b836908dd4ef5efad9833fe933eeef57d82  NP2_Installer.exe
$ du -sh NP2_Installer.exe 
44M    NP2_Installer.exe
$ wine --version
wine-1.7.51-102-ga7e294c
Regards
*** This bug has been marked as a duplicate of bug 38956 ***
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 18844] Neuro-Programmer v2.5 fails to map registry entries (XenoCode Virtual Application Studio 2010 registry virtualization fails to intercept Wine's root key handles)