[Bug 34849] New: Eisenbahn.exe Pro 8 (EEP 8) train simulator crashes on startup (Themida & WinLicense 2.x software protection)

http://bugs.winehq.org/show_bug.cgi?id=34849

Bug #: 34849 Summary: Eisenbahn.exe Pro 8 (EEP 8) train simulator crashes on startup (Themida & WinLicense 2.x software protection) Product: Wine Version: 1.7.5 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net Classification: Unclassified

Hello folks,

this is a newer version of EEP which crashes for different reason than EPP version 5.0 (bug 24597).

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Trend/EEP8 ... $ wine ./EEP8.exe ... fixme:toolhelp:CreateToolhelp32Snapshot Unimplemented: heap list snapshot fixme:thread:GetThreadPreferredUILanguages 52, 0x11af7ac, 0x11af924 0x11af7b4 fixme:heap:HeapSetInformation (nil) 1 (nil) 0 fixme:win:EnumDisplayDevicesW ((null),0,0x119fe7c,0x00000000), stub! fixme:win:EnumDisplayDevicesW ((null),1,0x119fe6c,0x00000000), stub! err:x11settings:X11DRV_ChangeDisplaySettingsEx No matching mode found 2077032448x18482952x32 @60! (XRandR 1.2) wine: Unhandled page fault on read access to 0x00000004 at address 0x4f6001 (thread 0009), starting debugger... Unhandled exception: page fault on read access to 0x00000004 in 32-bit code (0x004f6001). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:004f6001 ESP:011a0628 EBP:011a063c EFLAGS:00010246( R- -- I Z- -P- ) EAX:00000000 EBX:05130469 ECX:04a91000 EDX:fbdc3330 ESI:00848bc0 EDI:05130254 Stack dump: 0x011a0628: 00854410 04f80bf5 00848bc0 00000000 0x011a0638: 00000000 011a0ba4 005064ad f31fed08 0x011a0648: 00848bc0 00848bc0 ffffffff ffffffff 0x011a0658: 011a0688 7bc39cf6 04a19064 00785b24 0x011a0668: 00000001 00000000 00000000 00000000 0x011a0678: 00000000 78e06564 78e06564 78e06564 000c: sel=0067 base=00000000 limit=00000000 16-bit --x Backtrace: =>0 0x004f6001 in eep8 (+0xf6001) (0x011a063c) 1 0x005064ad in eep8 (+0x1064ac) (0x011a0ba4) 2 0x78da86fc in mfc100 (+0x2486fb) (0x011a0bb8) 3 0x0070e86e in eep8 (+0x30e86d) (0x011a0c4c) 4 0x005801e9 in eep8 (+0x1801e8) (0x005807e8) 0x004f6001: movl 0x4(%eax),%ecx Modules: Module Address Debug info Name (104 modules) PE 400000- fb2000 Export eep8 PE 4350000- 436b000 Deferred sureparticles3 PE 4370000- 43d1000 Deferred surecommon3 PE 43e0000- 4403000 Deferred sureind PE 4740000- 477e000 Deferred ode PE 4780000- 47f9000 Deferred opcode PE 52a0000- 533d000 Deferred sprender PE 55b0000- 5672000 Deferred sutrack+ PE 10000000-101e5000 Deferred d3dx9_42 PE 78050000-780b9000 Deferred msvcp100 PE 78aa0000-78b5e000 Deferred msvcr100 PE 78b60000-78f8c000 Export mfc100 ... Threads: process tid prio (all id:s are in hex) 00000008 (D) C:\Program Files\Trend\EEP8\EEP8.exe 0000003b 0 ... 00000009 0 <== --- snip ---

"No matching mode found 2077032448x18482952x32 @60! (XRandR 1.2)"

Using +relay makes things worse ... checking the log we see this:

--- snip --- 0024:Call KERNEL32.OutputDebugStringA(00b55d82 "\r\n\n\n%s------------------------------------------------\n\r--- Themida Professional ---\n\r--- (c)2010 Oreans Technologies ---\n\r------------------------------------------------\r\n\n\n") ret=00b57c46 0024:Ret KERNEL32.OutputDebugStringA() retval=00000000 ret=00b57c46 --- snip ---

Yep, Themida doesn't like relay thunks.

ExeInfoPE scan of executable reveals:

--- snip --- Themida & WinLicense 2.0 - 2.1 - struct (Hide from PE scanners II-V) --- snip ---

So this might be one of Themida's virtual machine incompatibilities in win32 API emulation/wrapper and Wine. Requires further analysis (older versions might be even a wontfix).

Regards