https://bugs.winehq.org/show_bug.cgi?id=53303
Bug ID: 53303 Summary: Tycho: When Tycho tries to run a companion exe it corrupts the exe (VirusTotal check is clean) Product: Wine Version: 7.12 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: jessethecandent@gmail.com Distribution: ---
Created attachment 72680 --> https://bugs.winehq.org/attachment.cgi?id=72680 sha1 hashes for files
A VirusTotal scan for the programs involved is clean along with the corrupted programs.
I am using the development version of wine (wine-7.12).
Tycho uses a modified version of Find_Orb (find_o64_modified.exe) for some of its tasks but will corrupt it when it tries to use it. If dosbox is available, wine will run the corrupt exe in dosbox. Wine versions 5.16 and below will make a corrupt find_o64_modified.exe.tmp instead of replacing the original exe, which allows Tycho to properly use Find_Orb so Tycho can identify known minor planets. However, a version of wine that old has bad OpenCL support. In a windows 10 VM the hash of find_o64_modified.exe does not change when Tycho uses it. Given Find_Orb's important place in the workflow of searching for minor planets, people would quickly notice if it got corrupted in windows.
Corrupt exe observations: -The corrupt exe is usually smaller than the original, even if you target smallexe64.exe (https://github.com/katahiromz/smallexe), giving you a 3 byte exe. -The corrupt exe contains pieces of the original exe and stuff not in the original exe. -The same target exe produces the same corrupt exe but a different target exe produces a different corrupt exe. -Corrupting a corrupt exe does not change it.
warn+all doesn't give anything useful and a trace+all capture of the corruption event ran my VM out of disk space.
Reproduction instructions: Running Linux in a VM is recommended due to exe corruption. Uninstall dosbox if you don't want to run the corrupted exe. Go to www.tycho-tracker.com/download and download the "Tycho" (v9.2) installer zip and the "Find_Orb [modified for Tycho]" (2021-07-20) zip file. Extract the Tycho installer from its zip file. In a 64 bit wine prefix run the Tycho installer. Extract the find_orb_2021-07-20/find_o64/ directory and place the find_o64 directory in the wine drive_c directory. Make a copy of find_o64_modified.exe and place it somewhere for future reference. Use wine to run Program Files/Tycho/Tycho.exe . Click continue at the invitation to register window. Go to the Settings dropdown menu and click on Find_Orb. In the "Full Path to Find_Orb Modified Executable" section click browse and go to the find_o64_modified.exe extracted previously (or put in a different file you wish to corrupt) Click on "Run Diagnostic Test". THIS WILL CORRUPT THE SELECTED EXE. IT WILL RUN IF YOU HAVE DOSBOX INSTALLED!! A successful test would look like: [2022/07/02 16:20:20]: Ready. [2022/07/02 16:20:22]: Beginning test... [2022/07/02 16:20:23]: [INFO] Returned identifier=[131075], num tries=[0] [2022/07/02 16:20:23]: [ OK ] Version [5] is a supported version. [2022/07/02 16:20:23]: End of test. [2022/07/02 16:20:23]: Ready. Close Tycho and compare the find_o64_modified.exe (or other file you corrupted) to the good copy you have.