[Bug 9958] Albatross18 returns to the console immediately

http://bugs.winehq.org/show_bug.cgi?id=9958

--- Comment #8 from Anastasius Focht focht@gmx.net 2007-10-11 05:39:26 --- Hello,

--- quote --- that's the same bug Maplestory runs --- quote ---

Maple Story/GameGuard:

http://bugs.winehq.org/show_bug.cgi?id=3488 http://bugs.winehq.org/show_bug.cgi?id=3952

(one should be marked as duplicate of other)

Mount & Blade:

http://bugs.winehq.org/show_bug.cgi?id=7923

They all suffer from same issue like this bug id: Themida PE protector.

The protector creates a pile of threads (5-10), probably to countermeasure anti-debugging, anti-dumping whatever and it's main thread dies due to unhandled exception:

--- snip mount & blade --- ... 0040:Ret KERNEL32.SetEvent() retval=00000001 ret=038a943c 0040:Call KERNEL32.Sleep(00000000) ret=038a9469 0040:Ret KERNEL32.Sleep() retval=00000000 ret=038a9469 0040:Call KERNEL32.Sleep(00000000) ret=038a9469 0040:Ret KERNEL32.Sleep() retval=00000000 ret=038a9469 0040:Call KERNEL32.Sleep(00000000) ret=038a9469 0040:Ret KERNEL32.Sleep() retval=00000000 ret=038a9469 0040:Call KERNEL32.Sleep(00000000) ret=038a9469 0040:Ret KERNEL32.Sleep() retval=00000000 ret=038a9469 0028:Call KERNEL32.WaitForSingleObject(000000ac,ffffffff) ret=036d3670 0040:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4c80efe 0040:trace:seh:raise_exception info[0]=00000000 0040:trace:seh:raise_exception info[1]=04d0c0d5 0040:trace:seh:raise_exception eax=04d0c0d1 ebx=f72ae9f7 ecx=036bf720 edx=03cafee4 esi=03cafdc8 edi=00000094 0040:trace:seh:raise_exception ebp=03cafed8 esp=03cafdb4 cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00210202 0040:trace:seh:call_stack_handlers calling handler at 0x4f208c code=c0000005 flags=0 0040:trace:seh:call_stack_handlers handler at 0x4f208c returned 1 0040:trace:seh:call_stack_handlers calling handler at 0x36bc1fa code=c0000005 flags=0 0040:trace:seh:call_stack_handlers handler at 0x36bc1fa returned 0 --- snip mount & blade ---

--- snip maple story gamemon.des --- ... 0026:Call KERNEL32.VirtualProtect(00400000,00001000,00000004,006b352e) ret=008e438e 0026:Ret KERNEL32.VirtualProtect() retval=00000001 ret=008e438e 0026:Call KERNEL32.VirtualProtect(00400000,00001000,00000002,006b220e) ret=008e4692 0026:Ret KERNEL32.VirtualProtect() retval=00000001 ret=008e4692 0026:Call KERNEL32.SetEvent(000000a8) ret=008e4922 0026:Ret KERNEL32.SetEvent() retval=00000001 ret=008e4922 0026:Call KERNEL32.Sleep(00000000) ret=008e4936 0026:Ret KERNEL32.Sleep() retval=00000000 ret=008e4936 0026:Call KERNEL32.Sleep(00000000) ret=008e4936 0026:Ret KERNEL32.Sleep() retval=00000000 ret=008e4936 0026:Call KERNEL32.Sleep(00000000) ret=008e4936 0026:Ret KERNEL32.Sleep() retval=00000000 ret=008e4936 0026:Call KERNEL32.Sleep(00000000) ret=008e4936 0026:Ret KERNEL32.Sleep() retval=00000000 ret=008e4936 0026:Call KERNEL32.Sleep(00000000) ret=008e4936 0026:warn:seh:setup_exception exception outside of stack limits in thread 0026 eip 00b0e2a5 esp 00351fe8 stack 0x241000-0x350000 0026:trace:seh:raise_exception code=c0000005 flags=0 addr=0xb0e2a5 0026:trace:seh:raise_exception info[0]=00000001 0026:trace:seh:raise_exception info[1]=0000f19c 0026:trace:seh:raise_exception eax=0000f19c ebx=c39fa401 ecx=00000001 edx=1c9e25c5 esi=00351ff8 edi=0000f19c 0026:trace:seh:raise_exception ebp=00000000 esp=00351fe8 cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00010246 0026:trace:seh:call_stack_handlers calling handler at 0x7b82c030 code=c0000005 flags=0 0026:trace:seh:start_debugger Starting debugger "winedbg --auto 37 260" 0026:trace:seh:call_stack_handlers handler at 0x7b82c030 returned 1 0026:warn:seh:setup_exception exception outside of stack limits in thread 0026 eip 00b0e2a5 esp 00351fe8 stack 0x241000-0x3500 ... 0026:err:seh:raise_exception Exception frame is not in stack limits => unable to dispatch exception. --- snip maple story gamemon.des ---

Same goes for albatross18 S3. The only suspicious thing I found in all three logs:

--- snip mount & blade --- 0040:Call KERNEL32.GetModuleHandleA(035bfe3c "Th") ret=0370a7e2 0040:Ret KERNEL32.GetModuleHandleA() retval=00000000 ret=0370a7e2 0040:Call KERNEL32.LoadLibraryA(03cafe10 "u\x0e\x02`\x10\xfe\xca\x03\xff\xff\xff\xff\x10\x11\xc5{<\xfe[\x038\xfe\xca\x03\xa4V\xc8{|\xfe\xca\x03o"\xc5{\x10\xfe\xca\x03\xff\xff\xff\xff") ret=0370a815 0040:Ret KERNEL32.LoadLibraryA() retval=00000000 ret=0370a815 --- snip mount & blade ---

--- snip maple story gamemon.des --- 0026:Call KERNEL32.GetModuleHandleA(006b26fe "Th") ret=007fa64d 0026:Ret KERNEL32.GetModuleHandleA() retval=00000000 ret=007fa64d 0026:Call KERNEL32.LoadLibraryA(006b26fe "Th") ret=007fa76c 0026:Ret KERNEL32.LoadLibraryA() retval=00000000 ret=007fa76c --- snip maple story gamemon.des ---

Pretty much messed up. Several calls before the crash.

They all seem to use different versions of Themida, but I have no signatures to pin down the exact version used. The game makers would have to repackage their binaries with newer Themida versions and republish/push updates. Only feasible with GameGuard (that gets regularly updated). For other games it is a very unlikely event in case of wine "compatibility" (wine does not exist for them).

Regards