https://bugs.winehq.org/show_bug.cgi?id=32515
--- Comment #50 from Christian Inci chris.pcguy.inci@gmail.com --- This CEG issue seems to be the result of some rarely used CEG features.
There seem to be multiple (Wine code) bugs involved, some when creating the CEG file and some others when running it. The Valve support, when asking for at least some CEG test cases and telling them that more and more people are complaining about the bug, is basically telling me: "Go fuck yourself!" (In "nicer" words, but anyway.) I don't have much time to spend on this, but I'm trying to do what I can.
The bugs seems to be in File/Directory/Volume/Exception/SectionTable-handling functions.
When creating the CEG file, something in steamservice.dll is writing 1028 (this stands for C:\WINDOWS\system32\1028) in xor'ed form to the executable. Under Wine, it'll write garbage to it. This seems to be a remainder in/of the stack. It seems like Wine's kernel32.dll needs to be somewhat stack compatible.
When running the CEG file, some int3 calls with a custom TEB are working, but others seems to be silently ignored. Even when it works, there are e.g. some differences in the EXCEPTION_RECORD and CONTEXT structures. Some members of Wine's TEB (struct in the header) doesn't seem to be in the right place and some of Wine's private members doesn't seem to be used at all.
Valve did some great work there. e.g. some multiple KiB big functions, are basically just one extremely simple and tiny loop, because 99 percent of the functions aren't used at all.
CEG seems to be actually very simple, but the hard things are e.g. to filter the irrelevant/unused parts, to circumvent the anti-debug code, the obfuscation and the code designed to distract.
This reminds me more and more of malware analysis. What are those CEG features designed to work against? Is it specific anti-Wine/anti-ReactOS code?