[Bug 33242] Panzer Elite Action Demo crashes randomly on startup (custom protection/DRM scheme by JoWooD)

23 Apr 2014


      http://bugs.winehq.org/show_bug.cgi?id=33242
Anastasius Focht focht@gmx.net changed:
What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |obfuscation
             Status|UNCONFIRMED                 |NEW
                 CC|                            |focht@gmx.net
            Summary|Panzer Elite Action Demo -  |Panzer Elite Action Demo
                   |Exception frame is not in   |crashes randomly on startup
                   |stack limits                |(custom protection/DRM
                   |                            |scheme by JoWooD)
     Ever confirmed|0                           |1
--- Comment #2 from Anastasius Focht focht@gmx.net ---
Hello folks,
confirming.
Looks like a custom protection/DRM scheme (PEiD and ExeInfoPE fail to identify
it).
https://www.virustotal.com/en/file/fb44686840f005edecbcf7db52ec078e4fe10635c...
The vendor is Jowood so it's likely they "invented" their own protection/DRM
scheme.
The main executable imports only one API explicitly and has strange section
layouts.
--- snip ---
->Import Table
   1. ImageImportDescriptor:
    OriginalFirstThunk:  0x00000000
    TimeDateStamp:       0x00000000  (GMT: Thu Jan 01 00:00:00 1970)
    ForwarderChain:      0x00000000
    Name:                0x0004E034  ("kernel32.dll")
    FirstThunk:          0x0004E028
Ordinal/Hint API name
    ------------ ---------------------------------------
    0x0000       "VirtualProtect"
--- snip ---
It uses some unwrapper/resolver/loader with various anti-debugging trickery.
--- snip ---
0024:Call KERNEL32.__wine_kernel_init() ret=7bc5a402
0024:Call PE DLL (proc=0x7bc9ea28,module=0x7bc10000
L"ntdll.dll",reason=PROCESS_ATTACH,res=0x1)
0024:Ret  PE DLL (proc=0x7bc9ea28,module=0x7bc10000
L"ntdll.dll",reason=PROCESS_ATTACH,res=0x1) retval=1
0024:Call PE DLL (proc=0x7b889e6c,module=0x7b810000
L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x1)
0024:Ret  PE DLL (proc=0x7b889e6c,module=0x7b810000
L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x1) retval=1
0024:Starting process L"C:\Program Files\Panzer Elite Action\Panzer Elite
Action Demo\pea.exe" (entryproc=0x44e077)
0024:Call KERNEL32.VirtualProtect(00f8ec11,000011f3,00000040,0044e056)
ret=0044fd2a
0024:Ret  KERNEL32.VirtualProtect() retval=00000001 ret=0044fd2a
0024:trace:seh:raise_exception code=c000001d flags=0 addr=0x452f8f ip=00452f8f
tid=0024
0024:trace:seh:raise_exception  eax=f394f15b ebx=7b8bb000 ecx=000dfc00
edx=12345678 esi=0045134f edi=00454168
0024:trace:seh:raise_exception  ebp=fff63272 esp=00f8fddc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0024:trace:seh:call_stack_handlers calling handler at 0x451651 code=c000001d
flags=0
0024:trace:seh:call_stack_handlers handler at 0x451651 returned 0
0024:trace:seh:raise_exception code=80000004 flags=0 addr=0x452dea ip=00452dea
tid=0024
0024:trace:seh:raise_exception  eax=c2e01bdb ebx=7b8bb000 ecx=000dfbff
edx=4faf616c esi=0045134f edi=00454168
0024:trace:seh:raise_exception  ebp=4243484b esp=00f8fddc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0024:trace:seh:call_stack_handlers calling handler at 0x451651 code=80000004
flags=0
0024:trace:seh:call_stack_handlers handler at 0x451651 returned 0
0024:trace:seh:raise_exception code=c000001d flags=0 addr=0x452f8f ip=00452f8f
tid=0024
0024:trace:seh:raise_exception  eax=1756c9e1 ebx=7b8bb000 ecx=000dfa00
edx=4faf616c esi=0045134f edi=00454168
0024:trace:seh:raise_exception  ebp=fff63272 esp=00f8fddc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0024:trace:seh:call_stack_handlers calling handler at 0x451651 code=c000001d
flags=0
0024:trace:seh:call_stack_handlers handler at 0x451651 returned 0 
...
0024:Call KERNEL32.CreateFileA(00464d41
"\\.\SICE",80000000,00000001,00000000,00000003,00000080,00000000)
ret=0046410a
0024:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=0046410a
0024:Call KERNEL32.CreateFileA(00464d51
"\\.\NTICE",80000000,00000001,00000000,00000003,00000080,00000000)
ret=0046410a
0024:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=0046410a
0024:Call KERNEL32.CreateFileA(00464d61
"\\.\SIWVID",80000000,00000001,00000000,00000003,00000080,00000000)
ret=0046410a
0024:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=0046410a
0024:Call KERNEL32.CreateFileA(00464d71
"\\.\REGMON",80000000,00000001,00000000,00000003,00000080,00000000)
ret=0046410a
0024:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=0046410a
0024:Call KERNEL32.CreateFileA(00464d81
"\\.\FILEMON",80000000,00000001,00000000,00000003,00000080,00000000)
ret=0046410a
0024:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=0046410a
0024:Call KERNEL32.CreateFileA(00464d91
"\\.\SIWDEBUG",80000000,00000001,00000000,00000003,00000080,00000000)
ret=0046410a
0024:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=0046410a
0024:Call KERNEL32.CreateFileA(00464da1
"\\.\SIWVIDSTART",80000000,00000001,00000000,00000003,00000080,00000000)
ret=0046410a
0024:Ret  KERNEL32.CreateFileA() retval=ffffffff ret=0046410a 
...
0024:Call KERNEL32.LoadLibraryA(0042e2ce "core.dll") ret=00536004
...
0024:Ret  PE DLL (proc=0x1004ff2a,module=0x10000000
L"core.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
0024:Ret  KERNEL32.LoadLibraryA() retval=10000000 ret=00536004 
...
0024:trace:seh:raise_exception code=c000001d flags=0 addr=0x15a94c23
ip=15a94c23 tid=0024
0024:trace:seh:raise_exception  eax=00000000 ebx=00000000 ecx=00000000
edx=00400000 esi=0042c210 edi=00426078
0024:trace:seh:raise_exception  ebp=15525759 esp=00f8fddc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210246
0024:trace:seh:call_stack_handlers calling handler at 0x15a3055b code=c000001d
flags=0
0024:trace:seh:call_stack_handlers handler at 0x15a3055b returned 0 
...
0025:Ret  KERNEL32.SleepEx() retval=00000000 ret=10048ccd
0025:Call KERNEL32.SleepEx(00000001,00000001) ret=10048ccd
0026:Ret  KERNEL32.SleepEx() retval=00000000 ret=10048ccd
0026:Call KERNEL32.SleepEx(00000001,00000001) ret=10048ccd
0024:trace:seh:raise_exception code=c00000fd flags=0 addr=0x15ad15c7
ip=15ad15c7 tid=0024
0024:trace:seh:raise_exception  eax=15ad14b9 ebx=00000059 ecx=00000176
edx=00000080 esi=03d00aea edi=15ad14b9
0024:trace:seh:raise_exception  ebp=15525759 esp=00602000 cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00210202
0024:err:seh:raise_exception Exception frame is not in stack limits => unable
to dispatch exception.
0024:Call KERNEL32.FreeLibrary(7e1e0000) ret=7e64942a
0024:err:seh:setup_exception_record stack overflow 864 bytes in thread 0024 eip
f73a196b esp 00600fd0 stack 0x600000-0x601000-0xf90000 
...
--- snip ---
The crashes are a bit random, sometimes triggering 'winedbg' JIT handler.
Anyway the game doesn't come very far, regardless of type of crash.
I'm a bit surprised you get a black screen which means some graphics has
already been initialized.
$ sha1sum PEA_Demo.zip 
419306ec19901e416e5ca2d416de9568ebb00ab2  PEA_Demo.zip
$ du -sh PEA_Demo.zip 
339M    PEA_Demo.zip
$ wine --version
wine-1.7.17-53-g5d31c1e
Regards
-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 33242] Panzer Elite Action Demo crashes randomly on startup (custom protection/DRM scheme by JoWooD)