[Bug 30902] Arcania: Gothic 4 fails to start (hangs on startup)

5 Dec 2013


      http://bugs.winehq.org/show_bug.cgi?id=30902
Anastasius Focht focht@gmx.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |obfuscation
             Status|NEW                         |RESOLVED
                 CC|                            |focht@gmx.net
          Component|-unknown                    |user32
         Resolution|                            |DUPLICATE
--- Comment #3 from Anastasius Focht focht@gmx.net 2013-12-05 09:17:25 CST ---
Hello folks,
confirming ... it's essentially a dupe of bug 27282
The game demo is protected with SecuROM v07.42.0004
--- snip ---
-=[ ProtectionID v0.6.4.0 JULY]=-
(c) 2003-2010 CDKiLLER & TippeX
Build 07/08/10-17:57:05
Ready...
Scanning -> Z:\home\focht.wine\drive_c\Program Files\JoWooD Entertainment
AG\ArcaniA - Gothic 4 Demo\Arcania.exe
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 24079360 (016F6C00h)
Byte(s)
[File Heuristics] -> Flag : 00000000000000000000000100000001 (0x00000101)
[!] SecuROM Detected - Version 07.42.0004
[!] Possible CD/DVD-Key or Serial Check -> evaluation version
[CompilerDetect] -> Visual C++ 9.0 (Visual Studio 2008)
- Scan Took : 1.978 Second(s)
--- snip ---
The DRM/software protection scheme employs several anti-debugging/hacking
measures.
One is the use of "watcher" thread(s) that look for running processes matching
a blacklist (debuggers, hacker tools, ...) by querying the window title.
The point where the hang/deadlock happens:
--- snip ---
...
0043:Call KERNEL32.GetProcAddress(7eca0000,100dc264 "FindWindowA") ret=01347836
0043:Ret  KERNEL32.GetProcAddress() retval=7ecae278 ret=01347836
0043:Call user32.FindWindowA(00000000,100cde00 "vResourceViewer") ret=100501a6
0040:Ret  winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000
ret=7ed5bad3
0043:Call
winex11.drv.MsgWaitForMultipleObjectsEx(00000001,08add260,ffffffff,00000040,00000000)
ret=7ed5bad3
0040:Call window proc 0x151d3d0
(hwnd=0x3006c,msg=WM_GETTEXT,wp=00000011,lp=049ade88)
0040:Call
KERNEL32.GetProcessTimes(ffffffff,049add7c,049add68,049add18,049add10)
ret=0151d558
0040:Ret  KERNEL32.GetProcessTimes() retval=00000001 ret=0151d558
0040:Call KERNEL32.CompareFileTime(049add7c,01bf1b04) ret=0151d56b
0040:Ret  KERNEL32.CompareFileTime() retval=00000000 ret=0151d56b
0040:Call KERNEL32.OpenEventA(00000002,00000000,01bf1b30
"SECUROM_SMS_EVENT_BREAKER") ret=0151d761
0040:Ret  KERNEL32.OpenEventA() retval=00000000 ret=0151d761
0040:Call user32.DefWindowProcA(0003006c,0000000d,00000011,049ade88)
ret=0151e754
0040:Ret  user32.DefWindowProcA() retval=00000000 ret=0151e754
0040:Ret  window proc 0x151d3d0
(hwnd=0x3006c,msg=WM_GETTEXT,wp=00000011,lp=049ade88) retval=00000000
0043:Ret  winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000
ret=7ed5bad3
0040:Call
winex11.drv.MsgWaitForMultipleObjectsEx(00000001,049ae738,ffffffff,000004ff,00000000)
ret=7ed5bad3
0043:Call
winex11.drv.MsgWaitForMultipleObjectsEx(00000001,08add260,ffffffff,00000040,00000000)
ret=7ed5bad3
000d:Ret  KERNEL32.Sleep() retval=00000000 ret=00492bcd
001e:Ret  KERNEL32.Sleep() retval=00000000 ret=00492bcd 
...
--- snip ---
Thread 0x43 queries the window list.
The first query succeeds (WM_GETTEXT handled) because thread 0x40 owning
window(s) actually has a message pump.
Window creation:
--- snip ---
...
0040:Call user32.CreateWindowExA(00000000,049ae7e8
"Arcania.exe_24_5F77A6_1EB2446",00000000,08000000,ffff8000,ffff8000,00000001,00000001,00000000,00000000,00400000,01eb2462)
ret=0151ea2a 
...
0040:Ret  user32.CreateWindowExA() retval=0003006c ret=0151ea2a 
--- snip ---
The second query blocks thread 0x43 indefinitely because thread 0x25 doesn't
handle messages at all.
Window creation (OLE init) and WaitForSingleObject:
--- snip ---
...
0025:Call user32.CreateWindowExW(00000000,7ea885e0 L"OleMainThreadWndClass
0x########
",00000000,00000000,00000000,00000000,00000000,00000000,fffffffd,00000000,7e990000,00000000)
ret=7e9ab7b5 
...
0025:Ret  user32.CreateWindowExW() retval=0001006a ret=7e9ab7b5
0025:Ret  ole32.CoInitialize() retval=00000000 ret=0138112b 
...
0025:Call KERNEL32.WaitForSingleObject(00000160,ffffffff) ret=0055b7d3 
...
--- snip ---
Debugger session showing the relevant (blocked) thread backtraces:
--- snip ---
Wine-dbg>info thread
process  tid      prio (all id:s are in hex)
...
00000024 (D) C:\Program Files\JoWooD Entertainment AG\ArcaniA - Gothic 4
Demo\Arcania.exe
    00000027   -1
    00000026    0
    0000001e    0
    0000000d    0
    0000000b    0
    00000047    0
    00000046    0
    00000045    0
    00000044    0
    00000043    0
    00000042   -2
    00000041   -1
    00000040    0
    00000025    0 <==
...
--- snip ---
Blocked query thread:
--- snip ---
Wine-dbg>bt 0x43
Backtrace:
...
  11 0x7ed1aa6f send_inter_thread_message+0xf2(info=0x8add350,
res_ptr=0x8add30c)
[/home/focht/projects/wine/wine-git/dlls/user32/message.c:3169] in user32
(0x08add2d8)
  12 0x7ed1ad1c send_message+0x247(info=0x8add350, res_ptr=0x8add37c,
unicode=0x1) [/home/focht/projects/wine/wine-git/dlls/user32/message.c:3232] in
user32 (0x08add338)
  13 0x7ed1b22a SendMessageW+0x60(hwnd=0x2006a, msg=0xd, wparam=0x11,
lparam=0x1cf578)
[/home/focht/projects/wine/wine-git/dlls/user32/message.c:3409] in user32
(0x08add388)
  14 0x7ed4d3e7 GetWindowTextW+0x5a(hwnd=<couldn't compute location>,
lpString=<couldn't compute location>, nMaxCount=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:2728] in user32
(0x08add3b8)
  15 0x7ed4b527 FindWindowExW+0x17f(parent=<couldn't compute location>,
child=<couldn't compute location>, className=<couldn't compute location>,
title=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1943] in user32
(0x08add418)
  16 0x7ed4b7c5 FindWindowExA+0x177(parent=<couldn't compute location>,
child=<couldn't compute location>, className=<couldn't compute location>,
title=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1998] in user32
(0x08add688)
  17 0x7ed4b622 FindWindowA+0x3f(className=<couldn't compute location>,
title=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/user32/win.c:1969] in user32
(0x08add6c8)
  18 0x7bc6d966 relay_call+0x39() in ntdll (0x08add6f4)
  19 0x7ecae28d in user32 (+0xe28c) (0x00000000)
...
--- snip ---
Thread that ought to handle the message:
--- snip ---
Wine-dbg>bt 0x25
Backtrace:
...
  6 0x7b87604f WaitForSingleObject+0x45(handle=<couldn't compute location>,
timeout=<couldn't compute location>)
[/home/focht/projects/wine/wine-git/dlls/kernel32/sync.c:128] in kernel32
(0x026ae668)
  7 0x7bc6d966 relay_call+0x39() in ntdll (0x026ae6a0)
  8 0x7b825979 in kernel32 (+0x15978) (0x026ae6c8)
  9 0x0055b7d3 in arcania (+0x15b7d2) (0x026ae6c8)
  10 0x00beb99f in arcania (+0x7eb99e) (0x026af320)
  11 0x004032fc in arcania (+0x32fb) (0x026af6ac)
  12 0x0210539e in arcania (+0x1d0539d) (0x026af6bc)
  13 0x00b6bcac in arcania (+0x76bcab) (0x026af74c)
  14 0x7b863ef0 call_process_entry+0xb() in kernel32 (0x026af7a4)
--- snip ---
For the curious: list of 'tools' the DRM scheme looks for ;-)
--- snip ---
$ cat log.txt | grep "FindWindowA(" | grep -Po '".*?"' | sort | uniq >
findwindow.txt
"18467-41"
"#32770"
"Anti-Blaxx"
"API Functions"
"ApiLogger"
"APIMonitor By Rohitab"
"Arcania"
"Atiptool"
"BusTrace Status"
"c1"
"c3"
"cuteProgressClass"
"DriverspyNT v1.20. (c)2001,2002 Collake Software"
"FileMonClass"
"File Monitor - Sysinternals: www.sysinternals.com"
"Fucker of CDROM Protections v0.81 Beta"
"Fucker of CDROM Protections v0.83 Beta"
"HANOLLY"
"icu_dbg"
"JCDSPY_NT_001"
"KaKeeware Application Monitor 1.21"
"kk1"
"Lbr68"
"[ LordPE Deluxe b ] by yoda"
"[ LordPE Deluxe ] by yoda"
"[ LordPE Dumper Server ]"
"[ LordPE RoyalTS ] by yoda"
"MyDEBUG"
"OLLYDBG"
"PEBrowse Professional Interactive"
"pediy06"
"Pr0t.St0p v1.0"
"Process Analyzer - right click on a process to access menu"
"Process Explorer - SysInternals: www.sysinternals.com [nexus4\focht]"
"Process Monitor - Sysinternals: www.sysinternals.com"
"PROCEXPL"
"PROCMON_WINDOW_CLASS"
"SafeDisc4 Hider"
"SafeDisc4 Hider 1.0 \xa9 2005 SKULL"
"SafeDisc4 Hider 1.1 \xa9 2005 SKULL"
"SD4 Sucks v0.10 by Joseph Cox"
"Settings"
"SHADOW"
"Shell_TrayWnd"
"sniff_hit"
"SR7Stop"
"SR7.Stop v1.1"
"SR7.Stop v1.2"
"Starforce Nightmare"
"STARFUCK TOOL"
"SysAnalyzer"
"SysAnalyzer Configuration Wizard"
"Syser [Ctrl+F12]"
"TApplication"
"Task Explorer II - by Ntoskrnl"
"TForm1"
"ThunderRT6FormDC"
"ThunderRT6Main"
"TIdaWindow"
"TMainForm"
"ToolbarWindow32\xa0"
"Tsd4hideform"
"Virtual-CD-Hide"
"VMwareTrayIcon"
"vResourceViewer"
"WispWindowClass"
"Y.A.S.U v1.03 - Copyright \xa9 2006 CureROM DT"
"Y.A.S.U v1.04 - Copyright \xa9 2006 CureROM DT"
"Zeta Debugger" 
--- snip ---
$ sha1sum ArcaniA_Gothic4_Demo_Setup.zip 
f71c0ec7e90b34d2646263b4e4ff9b3a4f2d8231  ArcaniA_Gothic4_Demo_Setup.zip
$ du -sh ArcaniA_Gothic4_Demo_Setup.zip
1.8G    ArcaniA_Gothic4_Demo_Setup.zip
$ wine --version
wine-1.7.7-307-g652c899
Regards
*** This bug has been marked as a duplicate of bug 27282 ***
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 30902] Arcania: Gothic 4 fails to start (hangs on startup)