https://bugs.winehq.org/show_bug.cgi?id=37355
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Multiple software |Multiple software |protection schemes need |protection schemes need |ntoskrnl |ntoskrnl |'MmMapLockedPagesSpecifyCac |'MmMapLockedPagesSpecifyCac |he' implementation (Tages |he' implementation (Tages |Protection v5.x, |Protection v5.x, |BattleEye's 'bedaisy.sys') |BattleEye's 'bedaisy.sys', | |MRAC Anti-Cheat)
--- Comment #33 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting and adding another protection/anti-cheat scheme:
MRAC Anti-Cheat (My.Com Warface) -> continued from bug 47047
Download:
https://web.archive.org/web/20190331063634/http://static.gc.my.com/WarfaceMy...
With that part(s) fixed, the driver passes the init sequence and processes IRPs from client (MRAC service) ioctls.
--- snip --- $ WINEDEBUG=+seh,+loaddll,+process,+ntoskrnl wine ./GameCenter.exe ... 0031:trace:ntoskrnl:load_driver loading driver L"C:\windows\System32\drivers\mracdrv.sys" 0031:Call KERNEL32.LoadLibraryW(00032010 L"C:\windows\System32\drivers\mracdrv.sys") ret=7f12f8b0bc4c ... 0031:Ret KERNEL32.LoadLibraryW() retval=140000000 ret=7f12f8b0bc4c ... 0031:Call driver init 0x140098005 (obj=0x31c70,str=L"\Registry\Machine\System\CurrentControlSet\Services\mracdrv") ... 0031:Call ntoskrnl.exe.ExAllocatePoolWithTag(00000000,00002000,4943414d) ret=140ab5668 0031:Call ntdll.RtlAllocateHeap(00010000,00000000,00002000) ret=7f12f8b0b158 0031:trace:heap:RtlAllocateHeap (0x10000,70000062,00002000): returning 0x48ba0 0031:Ret ntdll.RtlAllocateHeap() retval=00048ba0 ret=7f12f8b0b158 0031:trace:ntoskrnl:ExAllocatePoolWithTag 8192 pool 0 -> 0x48ba0 0031:Ret ntoskrnl.exe.ExAllocatePoolWithTag() retval=00048ba0 ret=140ab5668 ... 0031:Call ntoskrnl.exe.MmGetPhysicalAddress(00049000) ret=1403a839c 0031:fixme:ntoskrnl:MmGetPhysicalAddress stub: 0x49000 0031:Ret ntoskrnl.exe.MmGetPhysicalAddress() retval=00049000 ret=1403a839c ... 0031:Call ntoskrnl.exe.IoAllocateMdl(00049000,00001000,00000000,00000000,00000000) ret=140f3d8e4 0031:trace:ntoskrnl:IoAllocateMdl (0x49000, 4096, 0, 0, (nil)) 0031:Call ntdll.RtlAllocateHeap(00010000,00000008,00000034) ret=7f12f8b0e514 0031:trace:heap:RtlAllocateHeap (0x10000,7000006a,00000034): returning 0x4abc0 0031:Ret ntdll.RtlAllocateHeap() retval=0004abc0 ret=7f12f8b0e514 0031:Ret ntoskrnl.exe.IoAllocateMdl() retval=0004abc0 ret=140f3d8e4 ... 0031:Call ntoskrnl.exe.MmProbeAndLockPages(0004abc0,00000000,00000000) ret=1403e3800 0031:fixme:ntoskrnl:MmProbeAndLockPages (0x4abc0, 0, 0): stub 0031:Ret ntoskrnl.exe.MmProbeAndLockPages() retval=0000003e ret=1403e3800 ... 0031:Call ntoskrnl.exe.MmMapLockedPagesSpecifyCache(0004abc0,00000000,00000001,00000000,00000000,00000010) ret=140a50460 0031:fixme:ntoskrnl:MmMapLockedPagesSpecifyCache (0x4abc0, 0, 1, (nil), 0, 16): stub 0031:Ret ntoskrnl.exe.MmMapLockedPagesSpecifyCache() retval=00049000 ret=140a50460 ... <repeats for more sets of buffers/MDLs> ... 0031:Ret driver init 0x140098005 (obj=0x31c70,str=L"\Registry\Machine\System\CurrentControlSet\Services\mracdrv") retval=00000000 ... --- snip ---
$ sha1sum WarfaceMycomLoader_805e0da40d16630c2fe73ed12399cb48_.exe b07e87a029d6697ad823dc03fdbf297c406a91b9 WarfaceMycomLoader_805e0da40d16630c2fe73ed12399cb48_.exe
$ du -sh WarfaceMycomLoader_805e0da40d16630c2fe73ed12399cb48_.exe 6.8M WarfaceMycomLoader_805e0da40d16630c2fe73ed12399cb48_.exe
$ wine --version wine-4.6-61-g085e58878f
Regards