[Bug 36023] New: Need For Speed Porsche Unleashed (NFS5) fails to launch after installing.
http://bugs.winehq.org/show_bug.cgi?id=36023
Bug ID: 36023 Summary: Need For Speed Porsche Unleashed (NFS5) fails to launch after installing. Product: Wine Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: axledude88@Yahoo.com
Under normal configuration, Wine version 1.6.1, I was able to install Need For Speed Porsche Unleashed from an original CD, but I can't seem to launch it under either version 1.6.1 or version 1.7.17. I've set Wine to launch the game under Windows 98 emulation (with a 1024X768 emulated desktop) and renamed the game's copy of gimmie.dll (this is a workaround I've seen multiple times online).
http://bugs.winehq.org/show_bug.cgi?id=36023
--- Comment #1 from Alex B. axledude88@Yahoo.com --- Created attachment 48170 --> http://bugs.winehq.org/attachment.cgi?id=48170 The backtrace from attempting to launch the game under 1.7.17.
I set Wine to launch the game under Windows 98, with an emulated desktop (1024X768) and auto-mouse-grabbing for fullscreen DirectX programs. The game itself is unchanged aside from having gimmie.dll renamed.
http://bugs.winehq.org/show_bug.cgi?id=36023
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation Status|UNCONFIRMED |RESOLVED CC| |focht@gmx.net Version|unspecified |1.7.17 Resolution|--- |WONTFIX Summary|Need For Speed Porsche |Need For Speed Porsche |Unleashed (NFS5) fails to |Unleashed (NFS5) running in |launch after installing. |Win9X mode crashes on | |startup (SafeDisc v1.x | |patches div0 exception | |handler code pointed by IDT | |entry 0)
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
the game is protected by SafeDisc v1.4
Running games with that protection scheme/version in Win9X mode is not going to work/supported because the driver implements certain anti-debugging measures specifically crafted for Win9X that can't work with NT-based systems.
You need to run the game in 'Windows 2000' mode. SafeDisc 1.x can't work with 'Windows XP' and higher by design, see bug 27503
Also make sure you've read the appdb entry: http://appdb.winehq.org/objectManager.php?sClass=version&iId=3404
Don't forget to pass 'driver=dx7z' when you run the executable.
--- snip --- Unhandled exception: page fault on read access to 0x00000000 in 32-bit code (0x004262a2). Register dump: CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b EIP:004262a2 ESP:0032d9e4 EBP:0032da30 EFLAGS:00010246( R- -- I Z- -P- ) EAX:c17c7000 EBX:00000001 ECX:0032da58 EDX:0032d9c8 ESI:00000000 EDI:00400000 ... Backtrace: =>0 0x004262a2 in porsche (+0x262a2) (0x0032da30) 1 0x0042641f in porsche (+0x2641e) (0x0032daf4) 2 0x00422d9c in porsche (+0x22d9b) (0x0032dba4) 3 0x00421e56 in porsche (+0x21e55) (0x0032dbc4) 4 0x0042111e in porsche (+0x2111d) (0x0032dc08) 5 0x00420bea in porsche (+0x20be9) (0x0032fc64) 6 0x0042087e in porsche (+0x2087d) (0x0032fcbc) 7 0x00422506 in porsche (+0x22505) (0x0032fcf4) 8 0x0040e279 in porsche (+0xe278) (0x0032fdd4) 9 0x004169b2 in porsche (+0x169b1) (0x0032fe60) 10 0x7b861d8c call_process_entry+0xb() in kernel32 (0x0032fe78) 11 0x7b86588b in kernel32 (+0x5588a) (0x0032feb8) 12 0x7bc7d970 call_thread_func_wrapper+0xb() in ntdll (0x0032fed8) 13 0x7bc7dbcd call_thread_func+0x7c() in ntdll (0x0032ffa8) 14 0x7bc7d94e RtlRaiseException+0x21() in ntdll (0x0032ffc8) 15 0x7bc53ebe in ntdll (+0x43ebd) (0x0032ffe8) 0x004262a2: movl 0x0(%esi),%edi Modules: Module Address Debug info Name (52 modules) PE 400000- 444000 Export porsche ... Threads: process tid prio (all id:s are in hex) 00000008 (D) C:\Program Files\Electronic Arts\Need For Speed - Porsche Unleashed\Porsche.exe 00000009 0 <== ... --- snip ---
Protection scan:
--- snip --- -=[ ProtectionID v0.6.5.5 OCTOBER]=- (c) 2003-2013 CDKiLLER & TippeX Build 31/10/13-21:09:09 Ready...
Scanning -> Z:\home\focht.wine\drive_c\Program Files\Electronic Arts\Need For Speed - Porsche Unleashed\dplayerx.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 173568 (02A600h) Byte(s) [File Heuristics] -> Flag : 00000000000001001100000000000001 (0x0004C001) [Entrypoint Section Entropy] : 6.51 [!] Safedisc core dll (dplayerx.dll) detected! [CompilerDetect] -> Visual C++ 5.0 - Scan Took : 0.291 Second(s) [000000123h tick(s)] [229 scan(s) done]
Scanning -> Z:\home\focht.wine\drive_c\Program Files\Electronic Arts\Need For Speed - Porsche Unleashed\drvmgt.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 31744 (07C00h) Byte(s) [File Heuristics] -> Flag : 00000000000001001100000000000000 (0x0004C000) [Entrypoint Section Entropy] : 6.35 [!] Safedisc driver managment dll (drvmgt.dll) detected! [CompilerDetect] -> Visual C++ 5.0 - Scan Took : 0.268 Second(s) [00000010Ch tick(s)] [229 scan(s) done]
Scanning -> Z:\home\focht.wine\drive_c\Program Files\Electronic Arts\Need For Speed - Porsche Unleashed\Porsche.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 249119 (03CD1Fh) Byte(s) -> File has 1311 (051Fh) bytes of appended data starting at offset 03C800h [File Heuristics] -> Flag : 00000000000001001100000000000101 (0x0004C005) [Entrypoint Section Entropy] : 6.56 [!] Safedisc v1.41.000 detected ! [CompilerDetect] -> Visual C++ 5.0 - Scan Took : 0.316 Second(s) [00000013Ch tick(s)] [533 scan(s) done]
Scanning -> Z:\home\focht.wine\drive_c\Program Files\Electronic Arts\Need For Speed - Porsche Unleashed\secdrv.sys File Type : 32-Bit Driver (good checksum) (Subsystem : Native / 1), Size : 10848 (02A60h) Byte(s) -> File has 2368 (0940h) bytes of appended data starting at offset 02120h [File Heuristics] -> Flag : 00000100000000000000000000000111 (0x04000007) [Entrypoint Section Entropy] : 5.26 [Debug Info] Characteristics : 0x0 | TimeDateStamp : 0x37FB7638 | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 1 -> Coff | Size : 0x74B (1867) AddressOfRawData : 0x0 | PointerToRawData : 0x2120 [!] Safedisc protection driver (secdrv.sys) detected! - Scan Took : 0.289 Second(s) [000000121h tick(s)] [128 scan(s) done] --- snip ---
Code in question (see you fault address 0x004262a2):
--- snip --- .txt2:00426290 pusha .txt2:00426291 mov word ptr [ebp-1Ch], cs .txt2:00426295 sidt fword ptr [ebp-14h] ; get contents of IDTR .txt2:00426299 mov eax, [ebp-12h] ; IDT linear base address .txt2:0042629C mov esi, [eax+4] ; int 0 vector address (trap 0) .txt2:0042629F mov si, [eax] .txt2:004262A2 mov edi, [esi] .txt2:004262A4 mov [ebp-4], edi ; save old handler entry opcodes .txt2:004262A7 mov edi, [esi+4] .txt2:004262AA mov [ebp-8], edi .txt2:004262AD mov dword ptr [esi+1], 0CF530E58h ; write out new opcodes .txt2:004262B4 mov byte ptr [esi], 58h .txt2:004262B7 lea ebx, loc_4262C1 ; int 0 continuation .txt2:004262BD xor eax, eax .txt2:004262BF div eax ; trigger division-by-zero exception ... --- snip ---
Int 0 handler patched to new code:
--- snip --- $+0 58 POP EAX $+1 58 POP EAX $+2 0E PUSH CS $+3 53 PUSH EBX $+4 CF IRETD --- snip ---
To start with, directly trapping and emulating the 'sidt' instruction is only possible with a VMM/hypervisor. IDT accesses can be detected by examining the address range in page fault handler. The code to implement this - that is handling of various load/store combinations and additionally emulating IDT trap/handler code in userspace is not really worth the hassle.
Another SafeDisc bug dealing with IDT -> bug 31279
Regards
https://bugs.winehq.org/show_bug.cgi?id=36023
austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from austinenglish@gmail.com --- Closing.
-
wine-bugs@winehq.org