http://bugs.winehq.org/show_bug.cgi?id=34470
Bug #: 34470 Summary: NCsoft's Aion (MMORPG) fails to load "CrySystem.dll" (WinLicense software protection, avoid forwarding some msvcp80 API to msvcp90) Product: Wine Version: 1.7.1 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: msvcp AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net Classification: Unclassified
Hello folks,
continuation of bug 34455 We're still 'purist' here, no winetricks (VC++ runtimes).
There is a crash in initializer, run from "CrySystem.dll" entry point.
--- snip --- ... 0009:trace:msvcrt:_initterm Call init function 0x33b6410 0009:trace:ntdll:NtQueryInformationProcess (0xffffffff,0x00000022,0x32df08,0x00000004,(nil)) 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0xf34f5f7b ip=f34f5f7b tid=0009 0009:trace:seh:raise_exception info[0]=00000000 0009:trace:seh:raise_exception info[1]=f34f5f7b 0009:trace:seh:raise_exception eax=033b6410 ebx=f2aa1000 ecx=0343fa4c edx=7bce99c8 esi=03444ebc edi=00000002 0009:trace:seh:raise_exception ebp=0032e2d0 esp=0032e26c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010206 0009:trace:seh:call_stack_handlers calling handler at 0x33b4b0d code=c0000005 flags=0 0009:trace:seh:_except_handler4_common exception c0000005 flags=0 at 0xf34f5f7b handler=0x33b4b0d 0x32df48 0x32ddcc cookie=a5990def scope table=0x3414310 cookies=-2/0,-48/0 0009:trace:seh:_except_handler4_common level 1 prev 0 filter 0x33b48c2 0009:trace:seh:_except_handler4_common filter returned CONTINUE_SEARCH 0009:trace:seh:_except_handler4_common level 0 prev -2 filter (nil) 0009:trace:seh:_except_handler4_common reached -2, returning ExceptionContinueSearch 0009:trace:seh:call_stack_handlers handler at 0x33b4b0d returned 1 0009:trace:seh:call_stack_handlers calling handler at 0x7bc9c738 code=c0000005 flags=0 0009:trace:seh:__regs_RtlUnwind code=c0000005 flags=2 0009:trace:seh:__regs_RtlUnwind calling handler at 0x7bc801d1 code=c0000005 flags=2 0009:trace:seh:__regs_RtlUnwind handler at 0x7bc801d1 returned 1 0009:trace:seh:__regs_RtlUnwind calling handler at 0x33b4b0d code=c0000005 flags=2 0009:trace:seh:_except_handler4_common exception c0000005 flags=2 at 0xf34f5f7b handler=0x33b4b0d 0x32d958 0x32d8b8 cookie=a5990def scope table=0x3414310 cookies=-2/0,-48/0 0009:trace:seh:msvcrt_local_unwind4 (0x32e320,1,-2) 0009:trace:seh:msvcrt_local_unwind4 __try block cleanup level 0 handler 0x33b48f6 ebp 0x32e330 0009:trace:seh:msvcrt_local_unwind4 unwound OK 0009:trace:seh:_except_handler4_common unwound current frame, returning ExceptionContinueSearch 0009:trace:seh:__regs_RtlUnwind handler at 0x33b4b0d returned 1 0009:trace:module:MODULE_InitDLL (0x3250000,PROCESS_ATTACH,(nil)) - RETURN 0 0009:trace:module:MODULE_InitDLL (0x3250000 L"CrySystem.dll",PROCESS_DETACH,(nil)) - CALL 0009:trace:module:LdrUnloadDll (0xf67b0000) --- snip ---
The reason for the crash are msvcp80 forwards to msvcp90. WinLicense software protection scheme doesn't like this (same as previous bug) and Windows probably doesn't do this too.
Disassembly of the crashing initializer (with imports fixed):
--- snip --- 033A6410 53 PUSH EBX 033A6411 56 PUSH ESI 033A6412 68 FD8C3A03 PUSH CrySyste.033A8CFD 033A6417 B9 4CFA4203 MOV ECX,CrySyste.0342FA4C 033A641C 90 NOP 033A641D E8 11E40779 CALL MSVCP80.??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z 033A6422 68 FD8C3A03 PUSH CrySyste.033A8CFD 033A6427 B9 68FA4203 MOV ECX,CrySyste.0342FA68 033A642C 90 NOP 033A642D E8 01E40779 CALL MSVCP80.??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z 033A6432 83CE FF OR ESI,FFFFFFFF 033A6435 68 FD8C3A03 PUSH CrySyste.033A8CFD 033A643A B9 88FA4203 MOV ECX,CrySyste.0342FA88 033A643F 8935 84FA4203 MOV DWORD PTR DS:[342FA84],ESI 033A6445 90 NOP ... --- snip ---
I avoided the forwards and copied the code (from msvcp90):
--- snip --- ... -@ thiscall -arch=win32 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z(ptr str) msvcp90.??0?$basic_string@DU?$char_traits@D@std@@V?$a +@ thiscall -arch=win32 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z(ptr str) MSVCP_basic_string_char_ctor_cstr ... --- snip ---
Now running the game again with additional +msvcp debug channel enabled gives:
--- snip --- ... 0009:trace:msvcrt:_initterm Call init function 0x33b6410 0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fa4c "" 0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fa4c "" 0 0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fa68 "" 0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fa68 "" 0 0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fa88 "" 0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fa88 "" 0 0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343faa4 "" 0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343faa4 "" 0 0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fac0 "" 0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fac0 "" 0 0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fae0 "DxDiag_SystemInfo" 0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fae0 "DxDiag_SystemInfo" 17 0009:trace:msvcrt:MSVCRT_operator_new (32) returning 0x1e42e0 0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fafc "" 0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fafc "" 0 0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fb1c "szBuildLab" 0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fb1c "szBuildLab" 10 0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fb38 "" 0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fb38 "" 0 0009:trace:msvcp:MSVCP_basic_string_char_ctor_cstr 0x343fb54 "System.szBuildLab" 0009:trace:msvcp:MSVCP_basic_string_char_assign_cstr_len 0x343fb54 "System.szBuildLab" 17 0009:trace:msvcrt:MSVCRT_operator_new (32) returning 0x1d95f8 ... --- snip ---
and the game runs again further (into next issue).
Regards