https://bugs.winehq.org/show_bug.cgi?id=37355
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends on|23033 | Summary|Tages Protection v5.x needs |Multiple software |ntoskrnl |protection schemes need |'MmMapLockedPagesSpecifyCac |ntoskrnl |he' implementation |'MmMapLockedPagesSpecifyCac | |he' implementation (Tages | |Protection v5.x, | |BattleEye's 'bedaisy.sys') Keywords| |patch
--- Comment #8 from Anastasius Focht focht@gmx.net --- Hello folks,
refining summary.
Also needed by 'BEDaisy.sys' kernel driver, part of Battleye. Small client to reproduce: http://static.tibia.com/download/Tibia_Setup.exe
Tidbit: The kernel driver is heavily obfuscated.
--- snip --- ... 0048:trace:ntoskrnl:IoCreateDriver (L"\Driver\BEDaisy", 0x7effb1c0) ... 0048:trace:winedevice:load_driver loading driver L"C:\Program Files\Common Files\BattlEye\BEDaisy.sys" ... 0048:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\fltmgr.sys" at 0xf75d0000: builtin 0048:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\hal.dll" at 0xf7330000: builtin 0048:trace:loaddll:load_native_dll Loaded L"C:\Program Files\Common Files\BattlEye\BEDaisy.sys" at 0x780000: native ... 0048:Ret KERNEL32.LoadLibraryW() retval=00780000 ret=7effaa60 ... 0048:trace:winedevice:load_driver_module L"C:\Program Files\Common Files\BattlEye\BEDaisy.sys": relocating from 0x400000 to 0x780000 ... 0048:Call driver init 0x7fdf6e (obj=0x11cb70,str=L"\Registry\Machine\System\CurrentControlSet\Services\BEDaisy") 0048:Call ntoskrnl.exe.IoAllocateMdl(00780000,00040409,00000000,00000000,00000000) ret=0080bf37 0048:trace:ntoskrnl:IoAllocateMdl (0x780000, 263177, 0, 0, (nil)) 0048:Call ntdll.RtlAllocateHeap(00110000,00000008,00000120) ret=7ece03cc 0048:Ret ntdll.RtlAllocateHeap() retval=0011cd28 ret=7ece03cc 0048:Ret ntoskrnl.exe.IoAllocateMdl() retval=0011cd28 ret=0080bf37 0048:Call ntoskrnl.exe.MmProbeAndLockPages(0011cd28,00000000,00000001) ret=0080bf37 0048:fixme:ntoskrnl:MmProbeAndLockPages (0x11cd28, 0, 1): stub 0048:Ret ntoskrnl.exe.MmProbeAndLockPages() retval=0000003f ret=0080bf37 0048:Call ntoskrnl.exe.MmMapLockedPagesSpecifyCache(0011cd28,00000000,00000000,00000001,00000000,00000000) ret=0080bf37 0048:fixme:ntoskrnl:MmMapLockedPagesSpecifyCache (0x11cd28, 0, 0, 0x1, 0, 0): stub 0048:Ret ntoskrnl.exe.MmMapLockedPagesSpecifyCache() retval=00000000 ret=0080bf37 0048:trace:seh:raise_exception code=c0000005 flags=0 addr=0x809c6a ip=00809c6a tid=0048 0048:trace:seh:raise_exception info[0]=00000001 0048:trace:seh:raise_exception info[1]=00001000 0048:trace:seh:raise_exception eax=007fbae9 ebx=00000001 ecx=00000000 edx=007fba80 esi=0080117d edi=00001000 0048:trace:seh:raise_exception ebp=0065f464 esp=0065f35c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010203 0048:trace:seh:call_vectored_handlers calling handler at 0x7ecddf85 code=c0000005 flags=0 0048:trace:seh:call_vectored_handlers handler at 0x7ecddf85 returned 0 0048:trace:seh:call_stack_handlers calling handler at 0x7bcaf67c code=c0000005 flags=0 ... --- snip ---
NOTE: There is a problem (regression?) with service state/transition handling causing the kernel driver service not started by helper service. When the window "Starting Battleye service..." shows up, you need to issue 'wine net stop BEService' command from another console and wait a bit. The app will detect this and restart the helper service which in turn will start the kernel service.
$ sha1sum Tibia_Setup.exe 50951008ccc402cc32407bfc56a88da873e3e9bd Tibia_Setup.exe
$ du -sh Tibia_Setup.exe 5.2M Tibia_Setup.exe
$ wine --version wine-3.1-193-g354fa7eb79
Regards