[Bug 44235] EasyAntiCheat detects Wine as host platform/OS, causing failure to download correct EAC game client/driver modules ( avoid exporting 'wine_get_unix_file_name' by name)

https://bugs.winehq.org/show_bug.cgi?id=44235

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, obfuscation Ever confirmed|0 |1 CC| |focht@gmx.net Status|UNCONFIRMED |NEW URL| |https://www.paladins.com/do | |wnload Summary|EasyAntiCheat downloads |EasyAntiCheat detects Wine |incorrect platform |as host platform/OS, |information on Wine and |causing failure to download |games fail to run - wine64 |correct EAC game |!= win64 |client/driver modules | |(avoid exporting | |'wine_get_unix_file_name' | |by name) Component|-unknown |kernel32

--- Comment #13 from Anastasius Focht focht@gmx.net --- Hello folks,

confirming.

--- snip --- $ find .wine -iname "*easyanti*" .wine/drive_c/Program Files (x86)/EasyAntiCheat .wine/drive_c/Program Files (x86)/EasyAntiCheat/EasyAntiCheat.exe .wine/drive_c/Program Files (x86)/Hi-Rez Studios/HiRezGames/paladins/Binaries/EasyAntiCheat .wine/drive_c/Program Files (x86)/Hi-Rez Studios/HiRezGames/paladins/Binaries/EasyAntiCheat/EasyAntiCheat_x86.dll .wine/drive_c/Program Files (x86)/Hi-Rez Studios/HiRezGames/paladins/Binaries/EasyAntiCheat/EasyAntiCheat_x64.dll .wine/drive_c/Program Files (x86)/Hi-Rez Studios/HiRezGames/paladins/Binaries/EasyAntiCheat/EasyAntiCheat_Setup.exe --- snip ---

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Hi-Rez Studios

$ WINEDEBUG=+seh,+relay,+ntdll,+ntoskrnl wine ./HirezLauncherUI.exe product=402 game=400 >>log.txt 2>&1 ... 0047:Ret PE DLL (proc=0x90c4d75,module=0x9080000 L"easyanticheat_x86.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 ... 0047:Call KERNEL32.GetProcAddress(09080000,021d3ecc "CreateGameClient") ret=00fd0a85 0047:Ret KERNEL32.GetProcAddress() retval=09099cd0 ret=00fd0a85 0047:Call KERNEL32.GetModuleHandleW(090ee828 L"kernel32.dll") ret=09099c0f 0047:Ret KERNEL32.GetModuleHandleW() retval=7b420000 ret=09099c0f 0047:Call KERNEL32.GetProcAddress(7b420000,090ee844 "wine_get_unix_file_name") ret=09099c21 0047:Ret KERNEL32.GetProcAddress() retval=7b428c04 ret=09099c21 ... 0047:Call msvcr110._vsnwprintf_s(0033e558,00000100,000000ff,021d408c L"FEACClient being initialized",0033e768) ret=004e402c ... 005d:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4b56a0 ip=004b56a0 tid=005d 005d:trace:seh:raise_exception info[0]=00000000 005d:trace:seh:raise_exception info[1]=44359f2b 005d:trace:seh:raise_exception eax=04eb1c20 ebx=0920fe01 ecx=44359f2b edx=00000000 esi=001d81b0 edi=001ec0a0 005d:trace:seh:raise_exception ebp=026e23d0 esp=0920f5fc cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210206 005d:trace:seh:call_stack_handlers calling handler at 0x90e3d96 code=c0000005 flags=0 ... 005d:Call msvcr110.?_wsopen@@YAHPB_WHHH@Z(03957760 L"C:/Program Files/Hi-Rez Studios/HiRezGames/paladins/Binaries/Logs/system-2018-06-05.log",0000818a,00000010,00000180) ret=036b86ce ... 005d:Call KERNEL32.OutputDebugStringA(0920d67c "#-----------------#\r\n2018-06-05_21.18.02 - PID 70 - THR 93\r\n\r\nException in [0] (SE): Access Violation at 0x00000000004B56A0\r\nBP: 0x00000000026E23D0 | RetAddr: 0x0000000000000001 | IP: 0x00000000004B56A0 \r\nBP: 0x0000000001FC3C9C | RetAddr: 0x00000000004DAD20 | IP: 0x0000000000000001 \r\nBP: "...) ret=036d91ce ... 005d:Ret KERNEL32.OutputDebugStringA() retval=00000000 ret=036d91ce ... --- snip ---

--- snip --- ... 0049F48C 68 F461FA01 PUSH Paladins.01FA61F4 0049F491 68 E6000000 PUSH 0E6 ; ASCII "d:\build\1.0\development\src\core\inc\AntiCheatArray.h" 0049F496 68 9098FA01 PUSH Paladins.01FA9890 ; ASCII "i>=0 && (i<Num()||(i==0 && Num()==0))" 0049F49B 68 C898FA01 PUSH Paladins.01FA98C8 0049F4A0 E8 1B860000 CALL Paladins.004A7AC0 0049F4A5 83C4 10 ADD ESP,10 0049F4A8 8B0D 98BE2103 MOV ECX,DWORD PTR DS:[321BE98] 0049F4AE 64:A1 2C000000 MOV EAX,DWORD PTR FS:[2C] 0049F4B4 68 00100000 PUSH 1000 0049F4B9 8B0488 MOV EAX,DWORD PTR DS:[EAX+ECX*4] 0049F4BC 6A 00 PUSH 0 0049F4BE 8B88 F0010000 MOV ECX,DWORD PTR DS:[EAX+1F0] 0049F4C4 A1 6C3F7802 MOV EAX,DWORD PTR DS:[2783F6C] 0049F4C9 3388 E00B0000 XOR ECX,DWORD PTR DS:[EAX+BE0] 0049F4CF E8 CC610100 CALL Paladins.004B56A0 0049F4D4 85C0 TEST EAX,EAX 0049F4D6 0F85 AC000000 JNZ Paladins.0049F588 ... 004B56A0 8B11 MOV EDX,DWORD PTR DS:[ECX] ; *boom* 004B56A2 8B41 04 MOV EAX,DWORD PTR DS:[ECX+4] 004B56A5 235424 04 AND EDX,DWORD PTR SS:[ESP+4] 004B56A9 234424 08 AND EAX,DWORD PTR SS:[ESP+8] 004B56AD 0BD0 OR EDX,EAX 004B56AF 74 08 JE SHORT Paladins.004B56B9 004B56B1 B8 01000000 MOV EAX,1 004B56B6 C2 0800 RETN 8 --- snip ---

--- snip --- EAX 0778CB80 ECX A5FECD82 EDX 00000000 EBX 0943FE01 ESP 0943F5FC EBP 026E23D0 Paladins.026E23D0 ESI 001ADF68 EDI 001C22B0 ASCII "File not found: EasyAntiCheat\Cache\easyanticheat_wine_x86.eac" EIP 004B56A0 Paladins.004B56A0 C 0 ES 002B 32bit 0(FFFFFFFF) P 1 CS 0023 32bit 0(FFFFFFFF) A 0 SS 002B 32bit 0(FFFFFFFF) Z 0 DS 002B 32bit 0(FFFFFFFF) S 1 FS 0063 32bit 7FFD8000(FFF) T 0 GS 006B 32bit 0(0) D 0 O 0 LastErr ERROR_PATH_NOT_FOUND (00000003) EFL 00210286 (NO,NB,NE,A,S,PE,L,LE)

0943F7F8 001C22B0 ASCII "File not found: EasyAntiCheat\Cache\easyanticheat_wine_x86.eac" 0943F7FC 0943F908 ASCII "[EAC Callback] Code 902. Message: 'File not found: EasyAntiCheat\Cache\easyanticheat_wine_x86.eac'." ... 0943FA98 |0932D318 ASCII "Connect result: No error (0) Response Code: 404 Destination IP: xx.xx.xx.xx" ... 0943FAFC 001CC8B0 ASCII 3C,"html> <head><title>404 Not Found</title></head> <body bgco" 0943FB00 09444020 ASCII "<html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>nginx</center> </body> </html> " ... 0943FC4C |001B2630 ASCII "https://download.eac-cdn.com/api/v1/games/%7B%7Bgameid%7D%7D/client/%7B%7Bsy..."

--- snip ---

--- snip --- 0931E842 00 00 77 69 6E 65 5F 67 ..wine_g 0931E84A 65 74 5F 75 6E 69 78 5F et_unix_ 0931E852 66 69 6C 65 5F 6E 61 6D file_nam 0931E85A 65 00 73 00 68 00 65 00 e.s.h.e. 0931E862 6C 00 6C 00 33 00 32 00 l.l.3.2. 0931E86A 2E 00 64 00 6C 00 6C 00 ..d.l.l. 0931E872 00 00 53 48 47 65 74 46 ..SHGetF 0931E87A 6F 6C 64 65 72 50 61 74 olderPat 0931E882 68 57 00 00 00 00 5C 00 hW..... 0931E88A 45 00 61 00 73 00 79 00 E.a.s.y. 0931E892 41 00 6E 00 74 00 69 00 A.n.t.i. 0931E89A 43 00 68 00 65 00 61 00 C.h.e.a. 0931E8A2 74 00 00 00 00 00 25 00 t.....%. 0931E8AA 69 00 00 00 00 00 65 61 i.....ea 0931E8B2 73 79 61 6E 74 69 63 68 syantich 0931E8BA 65 61 74 5F 00 00 78 38 eat_..x8 0931E8C2 36 00 77 69 6E 36 34 00 6.win64. 0931E8CA 00 00 78 36 34 00 77 6F ..x64.wo 0931E8D2 77 36 34 5F 78 36 34 00 w64_x64. 0931E8DA 00 00 77 69 6E 36 34 5F ..win64_ 0931E8E2 77 6F 77 36 34 00 78 36 wow64.x6 0931E8EA 34 5F 77 6F 77 36 34 00 4_wow64. 0931E8F2 00 00 77 69 6E 65 5F 78 ..wine_x 0931E8FA 38 36 00 00 00 00 77 69 86....wi 0931E902 6E 65 36 34 00 00 77 69 ne64..wi 0931E90A 6E 65 5F 78 36 34 00 00 ne_x64.. 0931E912 00 00 49 4E 56 41 4C 49 ..INVALI 0931E91A 44 5F 53 59 53 54 45 4D D_SYSTEM 0931E922 00 00 2E 65 61 63 00 00 ...eac.. --- snip ---

--- snip --- 092C9C00 PUSH ESI 092C9C01 PUSH EDI 092C9C02 PUSH easyanti.0931E828 ; UNICODE "kernel32.dll" 092C9C07 MOV EDI,ECX 092C9C09 CALL DWORD PTR DS:[<&KERNEL32.GetModuleHandleW>] 092C9C0F MOV ESI,DWORD PTR DS:[<&KERNEL32.GetProcAddress>] 092C9C15 TEST EAX,EAX 092C9C17 JE SHORT easyanti.092C9C46 092C9C19 PUSH easyanti.0931E844 ; ASCII "wine_get_unix_file_name" 092C9C1E PUSH EAX 092C9C1F CALL ESI 092C9C21 TEST EAX,EAX 092C9C23 JE SHORT easyanti.092C9C46 092C9C25 PUSH 120 092C9C2A CALL easyanti.092F248A 092C9C2F ADD ESP,4 092C9C32 TEST EAX,EAX 092C9C34 JE SHORT easyanti.092C9C41 092C9C36 PUSH ECX 092C9C37 MOV ECX,EAX 092C9C39 CALL easyanti.092CA3F0 092C9C3E POP EDI 092C9C3F POP ESI 092C9C40 RETN 092C9C41 POP EDI 092C9C42 XOR EAX,EAX 092C9C44 POP ESI 092C9C45 RETN 092C9C46 PUSH EDI 092C9C47 PUSH 0EAC 092C9C4C CALL ESI 092C9C4E MOV ESI,EAX 092C9C50 TEST ESI,ESI 092C9C52 JNZ SHORT easyanti.092C9C6E 092C9C54 CALL DWORD PTR DS:[<&KERNEL32.GetCommandLineW>] 092C9C5A MOV ECX,EAX 092C9C5C CALL easyanti.092BA7A0 --- snip ---

One way to fix this but possibly breaking one way of detecting Wine is to export 'wine_get_unix_file_name()' by ordinal using '-noname' in the .spec file (using non-Windows allocated ordinal). I've tested this method and the client EAC module is properly downloaded.

--- snip --- $ find .wine -iname loader.log .wine/drive_c/Program Files/Hi-Rez Studios/HiRezGames/paladins/Binaries/Win32/loader.log .wine/drive_c/users/focht/Application Data/EasyAntiCheat/112/loader.log --- snip ---

--- snip --- [2018.06.06-01.01.12] Loader initialized. [2018.06.06-01.01.12] [Connection] Connecting to URL: https://download.eac-cdn.com/api/v1/games/112/client/win32/download/?uuid=04... [2018.06.06-01.01.12] Download Progress: 0%. [2018.06.06-01.01.12] [Connection] [Connection Verbose] Shuffling 6 addresses [2018.06.06-01.01.12] [Connection] [Connection Verbose] Trying 83.136.255.42... [2018.06.06-01.01.12] [Connection] [Connection Verbose] TCP_NODELAY set ... 2018.06.06-01.01.12] Download Progress: 100%. [2018.06.06-01.01.12] [Connection] [Connection Verbose] Connection #0 to host download.eac-cdn.com left intact --- snip ---

Anyway, apps shouldn't rely on the presence of Wine-specific API exports using 'GetProcAddress()' at all.

There is a failure loading the kernel driver later, but that's a different issue.

$ sha1sum InstallPaladins.exe f8d83d88635c0b94655cc301cb0e190d80b9cd77 InstallPaladins.exe

$ du -sh InstallPaladins.exe 72M InstallPaladins.exe

$ wine --version wine-3.9-165-g11e3cf091d

Regards