https://bugs.winehq.org/show_bug.cgi?id=47175
Bug ID: 47175 Summary: Star Wars - The Old Republic web-installer fails with '... require administrative permission acknowledgment' (BitRaider filter driver SCM config 'ImagePath' must be prefixed with '??') Product: Wine Version: 4.8 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
found this comment:
https://old.reddit.com/r/wine_gaming/comments/bmpsaw/support_components_as_i...
which is related to the BitRaider service/component/technology (https://www.bitraider.com/)
Further articles for reference:
* https://www.reddit.com/r/swtor/comments/5wt85k/guide_how_to_run_swtor_on_osx...
* https://www.reddit.com/r/swtor/comments/bcqg0h/anyone_else_experience_this_i...
* https://www.reddit.com/r/swtor/comments/3ksypm/guide_to_permanently_removing...
* https://www.codeweavers.com/compatibility/crossover/tips/star-wars-the-old-r...
There are actually multiple interesting bugs behind the BitRaider functionality (streaming downloader/content distribution system).
The first issues have to with the way the Windows service configuration (SCM) is stored/handled in registry. The folks who wrote this piece of gar....^ have an interesting way of using Windows service control manager API and bypassing it completely when dealing with kernel/filter driver service configurations.
I leave you out some hours of investigations with dead-ends and misleading log output.
There is a helper (console) app which is used to install and configure BitRaider. At least three log file locations are of interest during boostrapping of the game installer/launcher which includes set up of BitRaider.
--- snip --- .wine/drive_c/ProgramData/BitRaider/common/logs/BR_Debuglog.txt ... .wine/drive_c/Star Wars-The Old Republic/bitraider/logs/swtor_swtor.txt ... .wine/drive_c/Star Wars-The Old Republic/logs/launcher_20190511.log --- snip ---
'swtor_swtor.txt'
--- snip --- ... 1.3.3.4098 2014/10/10 15:09 1.3.3_hotfix #22 Logfile updated
2019/05/11 08:55:16.927:[INFO]MachineId: LAV9AVgtU0VCMUctcjMVNSIAbgBuADMA PID: 8 2019/05/11 08:55:16.929:[INFO]Language ID: 1033 Kernel: C:\windows\system32\ntoskrnl.exe 2019/05/11 08:55:16.929:[INFO]Host OS: Windows 7 [6.1.7601.21863] - 64-Bit - Release Client. - Process Elevated - User Fully Elevated 2019/05/11 08:55:16.929:[INFO]Exepath: C:\Star Wars-The Old Republic\bitraider\bin\brwc.exe 2019/05/11 08:55:16.929:[INFO]Command Parms: "brdestpath=c:\star wars-the old republic" brlocalebank=0 id=swtor_swtor -brnolaunch -brnoui brcallingpid=8 2019/05/11 08:55:16.937:[INFO]Connecting to Service Core, command: 13 2019/05/11 08:55:16.942:[INFO]CBRWCApp: Loaded common path "c:\star wars-the old republic\Bitraider\bin" for ID=swtor_swtor 2019/05/11 08:55:16.993:[INFO]STLEFE: Skipping extract to C:\Star Wars-The Old Republic\bitraider\bin\BRException.exe; identical to reource 2019/05/11 08:55:16.995:[INFO]STLEFE: Skipping extract to C:\ProgramData\BitRaider\common\BRException.exe; identical to reource 2019/05/11 08:55:16.998:[INFO]STLEFE: Skipping extract to C:\Star Wars-The Old Republic\bitraider\bin\BRExtPipe.dll; identical to reource 2019/05/11 08:55:16.999:[INFO]STLEFE: Skipping extract to C:\ProgramData\BitRaider\BRExtPipe.dll; identical to reource 2019/05/11 08:55:17.033:[CRIT](BRDriver64_1_3_3_E02B25FC): reading 'ImagePath' string under key System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC failed. error code 0 2019/05/11 08:55:17.042:[INFO]CSTL-StartStopSupportServiceStub: CurrentState: 3 2019/05/11 08:55:18.047:[INFO]CSTL-StartStopSupportServiceStub: CurrentState: 1 2019/05/11 08:55:18.062:[INFO]STLEFE: Skipping extract to C:\ProgramData\BitRaider\BRSptStub.exe; identical to reource 2019/05/11 08:55:18.081:[INFO]Attempting to install a new copy of the service helper. 2019/05/11 08:55:18.540:[INFO]Support Service Successfully installed 2019/05/11 08:55:18.541:[CRIT](BRDriver64_1_3_3_E02B25FC): reading 'Ima2019/05/11 08:59:45.826:[INFO] ... --- snip ---
--- snip --- $ pwd /home/focht/.wine/drive_c/Star Wars-The Old Republic/bitraider/bin
$ WINEDEBUG=+seh,+relay,+server,+reg,+service wine ./brwc.exe brdestpath="c:\star wars-the old republic" brlocalebank=0 id=swtor_swtor -brnolaunch -brnoui brcallingpid=8 >>log.txt 2>&1 ... 0082:Call KERNEL32.GetModuleHandleW(007683c8 L"kernel32.dll") ret=004aaaec 0082:Ret KERNEL32.GetModuleHandleW() retval=7b430000 ret=004aaaec 0082:Call KERNEL32.GetProcAddress(7b430000,00769538 "GetSystemWow64DirectoryW") ret=004aaafc 0082:Ret KERNEL32.GetProcAddress() retval=7b43675c ret=004aaafc 0082:Call KERNEL32.GetSystemWow64DirectoryW(0031c660,00000104) ret=004aab0e 0082:Ret KERNEL32.GetSystemWow64DirectoryW() retval=00000013 ret=004aab0e ... 0082:Call advapi32.RegOpenKeyExW(80000002,0031d0ec L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC",00000000,00020019,0031c890) ret=00483205 0082:trace:reg:open_key (0x2c,L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC",20019,0x31c890) 0082: open_key( parent=002c, access=00020019, attributes=00000000, name=L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC" ) 0082: open_key() = 0 { hkey=01cc } 0082:trace:reg:open_key <- 0x1cc 0082:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=00483205 0082:Call advapi32.RegQueryValueExW(000001cc,00754df4 L"DisplayName",00000000,0031c88c,0031ceec,0031c894) ret=00483249 0082:trace:reg:RegQueryValueExW (0x1cc,L"DisplayName",(nil),0x31c88c,0x31ceec,0x31c894=512) 0082:trace:reg:NtQueryValueKey (0x1cc,L"DisplayName",2,0x31c6c4,256) 0082: get_key_value( hkey=01cc, name=L"DisplayName" ) 0082: get_key_value() = 0 { type=1, total=52, data={42,00,52,00,44,00,72,00,69,00,76,00,65,00,72,00,36,00,34,00,5f,00,31,00,5f,00,33,00,5f,00,33,00,5f,00,45,00,30,00,32,00,42,00,32,00,35,00,46,00,43,00,00,00} } 0082:Ret advapi32.RegQueryValueExW() retval=00000000 ret=00483249 0082:Call advapi32.RegQueryValueExW(000001cc,00754e0c L"ErrorControl",00000000,0031c88c,0031c888,0031c894) ret=004832b4 0082:trace:reg:RegQueryValueExW (0x1cc,L"ErrorControl",(nil),0x31c88c,0x31c888,0x31c894=4) 0082:trace:reg:NtQueryValueKey (0x1cc,L"ErrorControl",2,0x31c6c4,16) 0082: get_key_value( hkey=01cc, name=L"ErrorControl" ) 0082: get_key_value() = 0 { type=4, total=4, data={01,00,00,00} } 0082:Ret advapi32.RegQueryValueExW() retval=00000000 ret=004832b4 0082:Call advapi32.RegQueryValueExW(000001cc,00754e34 L"ImagePath",00000000,0031c88c,0031ceec,0031c894) ret=00483358 0082:trace:reg:RegQueryValueExW (0x1cc,L"ImagePath",(nil),0x31c88c,0x31ceec,0x31c894=512) 0082:trace:reg:NtQueryValueKey (0x1cc,L"ImagePath",2,0x31c6c4,256) 0082: get_key_value( hkey=01cc, name=L"ImagePath" ) 0082: get_key_value() = 0 { type=1, total=126, data={43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,61,00,74,00,61,00,5c,00,42,00,69,00,74,00,52,00,61,00,69,00,64,00,65,00,72,00,5c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,5c,00,31,00,2e,00,33,00,2e,00,33,00,5c,00,45,00,30,00,32,00,42,00,32,00,35,00,46,00,43,00,5c,00,42,00,52,00,44,00,72,00,69,00,76,00,65,00,72,00,36,00,34,00,2e,00,73,00,79,00,73,00,00,00} } 0082:Ret advapi32.RegQueryValueExW() retval=00000000 ret=00483358 0082:Call KERNEL32.GetLastError() ret=004836aa 0082:Ret KERNEL32.GetLastError() retval=00000000 ret=004836aa ... 0082:Call user32.MessageBoxW(00000000,00c26108 L"Installation of the driver and support components require administrative permission acknowledgment.\r\nTry invoking the client again.\r\nInstaller cannot continue. Exiting.",00c28250 L"Fatal error",00000000) ret=0041f794 ... --- snip ---
The app writes kernel/filter driver service configuration directly into registry ('System\CurrentControlSet\Services\...'), lets the helper service (userspace side) of the filter driver register the actual kernel service using SCM and then rewrites parts of the filter driver config again. Yay.
Unfortunately the reason for the first problem can't be seen in trace log, one has to debug the garbage.
Relevant piece of app code:
--- snip --- 00482F60 | push ebp | 00482F61 | mov ebp,esp | 00482F63 | push FFFFFFFF | 00482F65 | push <brwc.sub_6489B2> | 00482F6A | mov eax,dword ptr fs:[0] | 00482F70 | push eax | 00482F71 | sub esp,A6C | ... 00483002 | push A | 00483004 | push brwc.753C2C | L"BRDriver64" 00483009 | call <brwc.sub_409E60> | ... 0048312F | push C | 00483131 | push brwc.753C78 | L"BRDriver.sys" 00483136 | lea esi,dword ptr ss:[ebp-A48] | 0048313C | call <brwc.sub_40B040> | 00483141 | mov eax,dword ptr ds:[7D19BC] | 00483146 | mov ecx,dword ptr ds:[7D19B8] | 0048314C | mov edx,dword ptr ds:[7D19B4] | 00483152 | push eax | 00483153 | mov eax,dword ptr ds:[7D19B0] | 00483158 | push ecx | 00483159 | push edx | 0048315A | push eax | 0048315B | push brwc.754D84 | L"_%u_%u_%u_%08X" 00483160 | lea esi,dword ptr ss:[ebp-A2C] | 00483166 | call <brwc.sub_408EB0> | ... 004831CA | mov eax,esi | 004831CC | push eax |
; L"System\CurrentControlSet\Services\%s" 004831CD | push brwc.754DA8 | 004831D2 | lea edx,dword ptr ss:[ebp-210] | 004831D8 | push 100 | 004831DD | push edx | 004831DE | call <brwc.sub_60427D> | ... 004832C9 | push 1FE | 004832CE | lea edx,dword ptr ss:[ebp-A0E] | 004832D4 | xor ecx,ecx | 004832D6 | push edi | 004832D7 | push edx | 004832D8 | mov word ptr ss:[ebp-A10],cx | 004832DF | call <brwc.sub_60DD90> | 004832E4 | add esp,C | 004832E7 | push brwc.754E28 | L"\??\" 004832EC | lea eax,dword ptr ss:[ebp-A10] | 004832F2 | push 100 | 004832F7 | push eax | 004832F8 | call <brwc.sub_603BD1> | 004832FD | mov eax,dword ptr ss:[ebp-A48] | 00483303 | add esp,C | 00483306 | cmp dword ptr ss:[ebp-A34],8 | 0048330D | jae brwc.483315 | 0048330F | lea eax,dword ptr ss:[ebp-A48] | 00483315 | push eax | 00483316 | lea ecx,dword ptr ss:[ebp-A10] | 0048331C | push 100 | 00483321 | push ecx | 00483322 | call <brwc.sub_606E76> | 00483327 | add esp,C | 0048332A | lea edx,dword ptr ss:[ebp-A68] | 00483330 | push edx | 00483331 | mov edx,dword ptr ss:[ebp-A6C] | 00483337 | lea eax,dword ptr ss:[ebp-410] | 0048333D | push eax | 0048333E | lea ecx,dword ptr ss:[ebp-A70] | 00483344 | push ecx | 00483345 | push edi | 00483346 | push brwc.754E34 | L"ImagePath" 0048334B | push edx | 0048334C | mov dword ptr ss:[ebp-A68],200 | 00483356 | call ebx | 00483358 | test eax,eax | 0048335A | jne brwc.48368F | ... 0048368F | cmp dword ptr ss:[ebp-A18],8 | 00483696 | mov esi,dword ptr ss:[ebp-A2C] | 0048369C | jae brwc.4836A4 | 0048369E | lea esi,dword ptr ss:[ebp-A2C] | 004836A4 | call dword ptr ds:[69438C] | 004836AA | push eax | 004836AB | lea ecx,dword ptr ss:[ebp-210] | 004836B1 | push ecx | 004836B2 | push esi |
; L"(%s): reading 'ImagePath' string under key %s failed. error code %x\n" 004836B3 | push brwc.755180 | 004836B8 | jmp brwc.48370E | --- snip ---
To cut it short: It seems 'ImagePath' entries for SERVICE_KERNEL_DRIVER or SERVICE_FILE_SYSTEM_DRIVER driver services are to be prefixed with native NT-path '??' syntax when created via advapi32.CreateServiceA/W().
Manual creation of service config keys by app prior:
--- snip --- ... 003c:Call advapi32.RegCreateKeyExW(80000002,0032f5d4 L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC",00000000,0042ab4c,00000000,0000000e,00000000,0032efd0,0032efc8) ret=0040b176 003c:trace:reg:NtCreateKey (0x24,L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC",L"",0,e,0x32ee14) 003c: create_key( access=0000000e, options=00000000, objattr={rootdir=0024,attributes=00000000,sd={},name=L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC"}, class=L"" ) 003c: create_key() = 0 { hkey=0054, created=0 } 003c:trace:reg:NtCreateKey <- 0x54 003c:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=0040b176 003c:Call advapi32.RegSetValueExW(00000054,0042d644 L"DisplayName",00000000,00000001,005f2aa0,00000032) ret=0040b1b6 003c:trace:reg:NtSetValueKey (0x54,L"DisplayName",1,0x5f2aa0,52) 003c: set_key_value( hkey=0054, type=1, namelen=22, name=L"DisplayName", data={42,00,52,00,44,00,72,00,69,00,76,00,65,00,72,00,36,00,34,00,5f,00,31,00,5f,00,33,00,5f,00,33,00,5f,00,45,00,30,00,32,00,42,00,32,00,35,00,46,00,43,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b1b6 003c:Call advapi32.RegSetValueExW(00000054,0042d65c L"ErrorControl",00000000,00000004,0032efbc,00000004) ret=0040b1e2 003c:trace:reg:NtSetValueKey (0x54,L"ErrorControl",4,0x32efbc,4) 003c: set_key_value( hkey=0054, type=4, namelen=24, name=L"ErrorControl", data={01,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b1e2 003c:Call advapi32.RegSetValueExW(00000054,0042d684 L"ImagePath",00000000,00000001,0032efd4,00000084) ret=0040b26c 003c:trace:reg:NtSetValueKey (0x54,L"ImagePath",1,0x32efd4,134) 003c: set_key_value( hkey=0054, type=1, namelen=18, name=L"ImagePath", data={5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,61,00,74,00,61,00,5c,00,42,00,69,00,74,00,52,00,61,00,69,00,64,00,65,00,72,00,5c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,5c,00,31,00,2e,00,33,00,2e,00,33,00,5c,00,45,00,30,00,32,00,42,00,32,00,35,00,46,00,43,00,5c,00,42,00,52,00,44,00,72,00,69,00,76,00,65,00,72,00,36,00,34,00,2e,00,73,00,79,00,73,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b26c 003c:Call advapi32.RegSetValueExW(00000054,0042d698 L"Start",00000000,00000004,0032efb8,00000004) ret=0040b298 003c:trace:reg:NtSetValueKey (0x54,L"Start",4,0x32efb8,4) 003c: set_key_value( hkey=0054, type=4, namelen=10, name=L"Start", data={03,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b298 003c:Call advapi32.RegSetValueExW(00000054,0042d6a4 L"Type",00000000,00000004,0032efc0,00000004) ret=0040b2c6 003c:trace:reg:NtSetValueKey (0x54,L"Type",4,0x32efc0,4) 003c: set_key_value( hkey=0054, type=4, namelen=8, name=L"Type", data={02,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b2c6 003c:Call advapi32.RegSetValueExW(00000054,0042d6b0 L"Tag",00000000,00000004,0032efcc,00000004) ret=0040b2ee 003c:trace:reg:NtSetValueKey (0x54,L"Tag",4,0x32efcc,4) 003c: set_key_value( hkey=0054, type=4, namelen=6, name=L"Tag", data={02,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b2ee 003c:Call advapi32.RegSetValueExW(00000054,0042d6c8 L"DependOnService",00000000,00000007,0032f1d4,0000000c) ret=0040b361 003c:trace:reg:NtSetValueKey (0x54,L"DependOnService",7,0x32f1d4,14) 003c: set_key_value( hkey=0054, type=7, namelen=30, name=L"DependOnService", data={46,00,6c,00,74,00,4d,00,67,00,72,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b361 003c:Call advapi32.RegSetValueExW(00000054,0042d71c L"Group",00000000,00000007,0032f3d4,00000032) ret=0040b3db 003c:trace:reg:NtSetValueKey (0x54,L"Group",7,0x32f3d4,52) 003c: set_key_value( hkey=0054, type=7, namelen=10, name=L"Group", data={46,00,73,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b3db 003c:Call advapi32.RegCloseKey(00000054) ret=0040b4be 003c: close_handle( handle=0054 ) 003c: close_handle() = 0 003c:Ret advapi32.RegCloseKey() retval=00000000 ret=0040b4be 003c:Call advapi32.RegCreateKeyExW(80000002,0032f5d4 L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC\Instances",00000000,0042ab4c,00000000,0000000e,00000000,0032efd0,0032efc8) ret=0040b504 003c:trace:reg:NtCreateKey (0x24,L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC\Instances",L"",0,e,0x32ee14) 003c: create_key( access=0000000e, options=00000000, objattr={rootdir=0024,attributes=00000000,sd={},name=L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC\Instances"}, class=L"" ) 003c: create_key() = 0 { hkey=0054, created=0 } 003c:trace:reg:NtCreateKey <- 0x54 003c:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=0040b504 ... --- snip ---
Call to SCM to create service entry. The app passes 'C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys' as fully qualified path to the service binary file (kernel driver):
--- snip --- ... 003c:Call advapi32.CreateServiceW(0014f2a0,005f2aa0 L"BRDriver64_1_3_3_E02B25FC",005f2aa0 L"BRDriver64_1_3_3_E02B25FC",000f01ff,00000002,00000003,00000001,005f2bd8 L"C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys",00000000,00000000,00000000,00000000,00000000) ret=0040b048 003c:trace:service:CreateServiceW 0x14f2a0 L"BRDriver64_1_3_3_E02B25FC" L"BRDriver64_1_3_3_E02B25FC" ... --- snip ---
'services.exe' side:
--- snip --- ... 0014:trace:service:svcctl_CreateServiceWOW64W Call msvcrt._vsnprintf(00bbeff0,00000400,0041b0aa "(%s, %s, 0x%x, %s)\n",00bbf430) ret=00401def 0014:Ret msvcrt._vsnprintf() retval=0000008f ret=00401def (L"BRDriver64_1_3_3_E02B25FC", L"BRDriver64_1_3_3_E02B25FC", 0xf01ff, L"C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys") ... 0014:trace:service:create_serviceW Call msvcrt._vsnprintf(00bbf020,00000400,0041b0aa "(%s, %s, 0x%x, %s)\n",00bbf460) ret=00401def ... 0014:Call advapi32.RegCreateKeyW(00000024,00033d30 L"BRDriver64_1_3_3_E02B25FC",00bbf3c8) ret=004066d8 0014:trace:reg:NtCreateKey (0x24,L"BRDriver64_1_3_3_E02B25FC",(null),0,2000000,0xbbf128) 0014: create_key( access=02000000, options=00000000, objattr={rootdir=0024,attributes=00000000,sd={},name=L"BRDriver64_1_3_3_E02B25FC"}, class=L"" ) 0014: create_key() = 0 { hkey=01a0, created=0 } 0014:trace:reg:NtCreateKey <- 0x1a0 0014:Ret advapi32.RegCreateKeyW() retval=00000000 ret=004066d8 0014:Call advapi32.RegSetValueExW(000001a0,0041c670 L"DisplayName",00000000,00000001,00033e20,00000034) ret=0040655e 0014:trace:reg:NtSetValueKey (0x1a0,L"DisplayName",1,0x33e20,52) 0014: set_key_value( hkey=01a0, type=1, namelen=22, name=L"DisplayName", data={42,00,52,00,44,00,72,00,69,00,76,00,65,00,72,00,36,00,34,00,5f,00,31,00,5f,00,33,00,5f,00,33,00,5f,00,45,00,30,00,32,00,42,00,32,00,35,00,46,00,43,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040655e 0014:Call advapi32.RegSetValueExW(000001a0,0041c610 L"ImagePath",00000000,00000001,00033d80,00000086) ret=0040655e 0014:trace:reg:NtSetValueKey (0x1a0,L"ImagePath",1,0x33d80,134) 0014: set_key_value( hkey=01a0, type=1, namelen=18, name=L"ImagePath", data={5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,61,00,74,00,61,00,5c,00,42,00,69,00,74,00,52,00,61,00,69,00,64,00,65,00,72,00,5c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,5c,00,31,00,2e,00,33,00,2e,00,33,00,5c,00,45,00,30,00,32,00,42,00,32,00,35,00,46,00,43,00,5c,00,42,00,52,00,44,00,72,00,69,00,76,00,65,00,72,00,36,00,34,00,2e,00,73,00,79,00,73,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040655e 0014:Call advapi32.RegDeleteValueW(000001a0,0041c600 L"Group") ret=00406568 0014:trace:reg:NtDeleteValueKey (0x1a0,L"Group") 0014: delete_key_value( hkey=01a0, name=L"Group" ) 0014: delete_key_value() = 0 0014:Ret advapi32.RegDeleteValueW() retval=00000000 ret=00406568 0014:Call advapi32.RegSetValueExW(000001a0,0041c590 L"ObjectName",00000000,00000001,00034770,00000018) ret=0040655e 0014:trace:reg:NtSetValueKey (0x1a0,L"ObjectName",1,0x34770,24) 0014: set_key_value( hkey=01a0, type=1, namelen=20, name=L"ObjectName", data={4c,00,6f,00,63,00,61,00,6c,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040655e 0014:Call advapi32.RegDeleteValueW(000001a0,0041c570 L"Description") ret=00406568 0014:trace:reg:NtDeleteValueKey (0x1a0,L"Description") 0014: delete_key_value( hkey=01a0, name=L"Description" ) 0014: delete_key_value() = OBJECT_NAME_NOT_FOUND 0014:Ret advapi32.RegDeleteValueW() retval=00000002 ret=00406568 0014:Call advapi32.RegDeleteValueW(000001a0,0041c5e0 L"DependOnService") ret=0040622f 0014:trace:reg:NtDeleteValueKey (0x1a0,L"DependOnService") 0014: delete_key_value( hkey=01a0, name=L"DependOnService" ) 0014: delete_key_value() = 0 0014:Ret advapi32.RegDeleteValueW() retval=00000000 ret=0040622f 0014:Call advapi32.RegDeleteValueW(000001a0,0041c5b0 L"DependOnGroup") ret=0040622f 0014:trace:reg:NtDeleteValueKey (0x1a0,L"DependOnGroup") 0014: delete_key_value( hkey=01a0, name=L"DependOnGroup" ) 0014: delete_key_value() = OBJECT_NAME_NOT_FOUND 0014:Ret advapi32.RegDeleteValueW() retval=00000002 ret=0040622f 0014:Call advapi32.RegSetValueExW(000001a0,0041c650 L"Start",00000000,00000004,00033c94,00000004) ret=004067f9 0014:trace:reg:NtSetValueKey (0x1a0,L"Start",4,0x33c94,4) 0014: set_key_value( hkey=01a0, type=4, namelen=10, name=L"Start", data={03,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=004067f9 0014:Call advapi32.RegSetValueExW(000001a0,0041c630 L"ErrorControl",00000000,00000004,00033c98,00000004) ret=0040682e 0014:trace:reg:NtSetValueKey (0x1a0,L"ErrorControl",4,0x33c98,4) 0014: set_key_value( hkey=01a0, type=4, namelen=24, name=L"ErrorControl", data={01,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040682e 0014:Call advapi32.RegSetValueExW(000001a0,0041c660 L"Type",00000000,00000004,00033c90,00000004) ret=00406863 0014:trace:reg:NtSetValueKey (0x1a0,L"Type",4,0x33c90,4) 0014: set_key_value( hkey=01a0, type=4, namelen=8, name=L"Type", data={02,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=00406863 0014:Call advapi32.RegSetValueExW(000001a0,0041c540 L"PreshutdownTimeout",00000000,00000004,00033cd0,00000004) ret=0040689b 0014:trace:reg:NtSetValueKey (0x1a0,L"PreshutdownTimeout",4,0x33cd0,4) 0014: set_key_value( hkey=01a0, type=4, namelen=36, name=L"PreshutdownTimeout", data={20,bf,02,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040689b 0014:Call advapi32.RegSetValueExW(000001a0,0041c540 L"PreshutdownTimeout",00000000,00000004,00033cd0,00000004) ret=004068cc 0014:trace:reg:NtSetValueKey (0x1a0,L"PreshutdownTimeout",4,0x33cd0,4) 0014: set_key_value( hkey=01a0, type=4, namelen=36, name=L"PreshutdownTimeout", data={20,bf,02,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=004068cc 0014:Call advapi32.RegSetValueExW(000001a0,0041c518 L"WOW64",00000000,00000004,00bbf3c4,00000004) ret=0040694c 0014:trace:reg:NtSetValueKey (0x1a0,L"WOW64",4,0xbbf3c4,4) 0014: set_key_value( hkey=01a0, type=4, namelen=10, name=L"WOW64", data={01,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040694c 0014:Call advapi32.RegDeleteValueW(000001a0,0041c588 L"Tag") ret=00406969 0014:trace:reg:NtDeleteValueKey (0x1a0,L"Tag") 0014: delete_key_value( hkey=01a0, name=L"Tag" ) 0014: delete_key_value() = 0 0014:Ret advapi32.RegDeleteValueW() retval=00000000 ret=00406969 0014:Call advapi32.RegCloseKey(000001a0) ret=004066e8 0014: close_handle( handle=01a0 ) 0014: close_handle() = 0 0014:Ret advapi32.RegCloseKey() retval=00000000 ret=004066e8 ... --- snip ---
Microsoft documentation doesn't tell about this special case:
https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-create...
--- quote --- lpBinaryPathName
The fully qualified path to the service binary file. If the path contains a space, it must be quoted so that it is correctly interpreted. For example, "d:\my share\myservice.exe" should be specified as ""d:\my share\myservice.exe"".
The path can also include arguments for an auto-start service. For example, "d:\myshare\myservice.exe arg1 arg2". These arguments are passed to the service entry point (typically the main function).
If you specify a path on another computer, the share must be accessible by the computer account of the local computer because this is the security context used in the remote call. However, this requirement allows any potential vulnerabilities in the remote computer to affect the local computer. Therefore, it is best to use a local file. --- quote ---
After fixing SCM, the app validation goes further - only to run into next issue.
$ sha1sum SWTOR_setup.exe c538935eff4ec90ce2e48dc7e515a8dec2f15f58 SWTOR_setup.exe
$ du -sh SWTOR_setup.exe 32M SWTOR_setup.exe
$ wine --version wine-4.8
Regards