[Bug 42391] Multiple E-Banking applications by KOBIL Systems GmbH wrapped with BoxedApp protection scheme crash on startup (MigrosBank EBanking 8.2.x, Sparda Bank SecureApp 1.x)

https://bugs.winehq.org/show_bug.cgi?id=42391

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Summary|SpardaSecureApp: crashes on |Multiple E-Banking |startup |applications by KOBIL | |Systems GmbH wrapped with | |BoxedApp protection scheme | |crash on startup | |(MigrosBank EBanking 8.2.x, | |Sparda Bank SecureApp 1.x) Status|NEW |RESOLVED Keywords| |obfuscation Component|-unknown |ntdll CC| |focht@gmx.net

--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,

there are a number of bugs related to BoxedApp protection scheme (native API/WindowsOS loader compatibility).

* bug 22797 ("BoxedApp (native API application virtualization scheme) SDK v3.3.x examples fail") -> meta-bug, was already partially de-duplicated in https://bugs.winehq.org/show_bug.cgi?id=22797#c3

* bug 23451 ("VMWare Thinapps (packaged with version >4.5) and XenoCode wrapped apps fail to run (differences in process creation sequence at native API level)")

* bug 33236 ("Multiple application virtualization schemes rely on LdrLoadDll to behave like native Windows loader (NtOpenFile, NtXXXSection) (VMWare ThinApp 4.x, BoxedApp)")

From quick debugging session in Wow64 WINEPREFIX, I've identified a dozen of

old and new issues .. but none of them were related PEB/TEB/wow64 layout Dmitri was talking about in comment #3 . The apps likely evolved/got updated hence the original issue might not be reproducible anymore. That's why I try to snapshot every installer at the time of bug report via Internet Archive/Wayback machine.

I've tested the old Wine version 2.1 this bug was reported against with the current app versions. I immediately found missing native API 'ntdll.LdrRegisterDllNotification' being the first/blocker problem. The protection calls it in TLS callback/startup code, causing a crash.

--- snip --- Unhandled exception: page fault on read access to 0x00000000 in 32-bit code (0x00000000). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:00000000 ESP:0033fda4 EBP:0033fe08 EFLAGS:00010202( R- -- I - - - ) EAX:00360000 EBX:7b639000 ECX:7487626c EDX:00000000 ESI:2004d25c EDI:20010000 ... Backtrace: =>0 0x00000000 (0x0033fe08) 1 0x2003c18c in spardasecureapp (+0x3c18b) (0x0033fe1c) 2 0x20029437 in spardasecureapp (+0x29436) (0x0033fe60) 3 0x7b45ec9c call_process_entry+0xb() in kernel32 (0x0033fe78) 4 0x7b45fc2a start_process+0x59(peb=<couldn't compute location>) [/home/focht/projects/wine/mainline-src-2.1/dlls/kernel32/process.c:1108] in kernel32 (0x0033fea8) 5 0x7bc7db9c call_thread_func_wrapper+0xb() in ntdll (0x0033fec8) 6 0x7bc80909 call_thread_func+0xa8(entry=0x7b45fbd0, arg=0x7ffdf000, frame=0x33ffc8) [/home/focht/projects/wine/mainline-src-2.1/dlls/ntdll/signal_i386.c:2759] in ntdll (0x0033ffa8) 7 0x7bc7db7a call_thread_entry_point+0x11() in ntdll (0x0033ffc8) 8 0x7bc529b7 start_process+0x16(kernel_start=0x7b45fbd0) [/home/focht/projects/wine/mainline-src-2.1/dlls/ntdll/loader.c:3047] in ntdll (0x0033ffe8) 9 0xf7d544bd wine_call_on_stack+0x1c() in libwine.so.1 (0x00000000) 10 0xf7d54620 wine_switch_to_stack+0x1f(func=0x7bc529a0, arg=0x7b45fbd0, stack=0x340000) [/home/focht/projects/wine/mainline-src-2.1/libs/wine/port.c:77] in libwine.so.1 (0xffd9ec88) 11 0x7bc5854d LdrInitializeThunk+0x1ec(kernel_start=<couldn't compute location>, unknown2=<couldn't compute location>, unknown3=<couldn't compute location>, unknown4=<couldn't compute location>) [/home/focht/projects/wine/mainline-src-2.1/dlls/ntdll/loader.c:3103] in ntdll (0xffd9ecc8) 12 0x7b465c43 __wine_kernel_init+0xae2() [/home/focht/projects/wine/mainline-src-2.1/dlls/kernel32/process.c:1302] in kernel32 (0xffd9fbb8) 13 0x7bc6bc0e relay_call+0x39() in ntdll (0xffd9fbd8) 14 0x7b428235 in kernel32 (+0x18234) (0xffd9fc48) 15 0x7bc593dc __wine_process_init+0x1fb() [/home/focht/projects/wine/mainline-src-2.1/dlls/ntdll/loader.c:3312] in ntdll (0xffd9fc48) 16 0xf7d53ae8 wine_init+0x2a7(argc=0x2, argv=0xffda0184, error="", error_size=0x400) [/home/focht/projects/wine/mainline-src-2.1/libs/wine/loader.c:956] in libwine.so.1 (0xffd9fc98) 17 0x7c000a3a main+0x79(argc=<is not available>, argv=<is not available>) [/home/focht/projects/wine/mainline-src-2.1/loader/main.c:254] in <wine-loader> (0xffda00d8) 18 0xf7b630d1 __libc_start_main+0xf0() in libc.so.6 (0x00000000) 0x00000000: -- no code accessible -- Modules: Module Address Debug info Name (24 modules) PE 20000000-200d8000 Export spardasecureapp ELF 7b400000-7b7e1000 Dwarf kernel32<elf> -PE 7b410000-7b7e1000 \ kernel32 ELF 7bc00000-7bcf5000 Dwarf ntdll<elf> -PE 7bc10000-7bcf5000 \ ntdll ELF 7c000000-7c004000 Dwarf <wine-loader> ... ELF f7b49000-f7cec000 Dwarf libc.so.6 ELF f7cec000-f7d0b000 Deferred libpthread.so.0 ELF f7d4d000-f7f03000 Dwarf libwine.so.1 ELF f7f05000-f7f2e000 Deferred ld-linux.so.2 ELF f7f31000-f7f32000 Deferred [vdso].so Threads: process tid prio (all id:s are in hex) ... 00000032 SpardaSecureApp.exe 00000033 0 00000034 (D) C:\users\focht\Application Data\Sparda\AST-Client\SpardaSecureApp.exe 00000035 0 <== ... --- snip ---

Instead of recycling this bug for a new issue, resolving as dupe of bug 44585 unless Dmitri digs out an old app version which highlights the PEB/TEB/wow64 layout issue he was talking about.

I will create new tickets for other interesting issues which are reproducible with current version of the apps.

$ sha1sum spardasecureapp_p.exe d579216a3a61555c68a75636893216b8a4233737 spardasecureapp_p.exe

$ du -sh spardasecureapp_p.exe 9.6M spardasecureapp_p.exe

$ wine --version wine-2.1-1-g999afbeed5

Regards

*** This bug has been marked as a duplicate of bug 44585 ***