http://bugs.winehq.org/show_bug.cgi?id=21924

--- Comment #1 from Benjamin Reed wine@raccoonfink.com 2010-03-04 14:22:43 --- A log of wine running the app with WINEDEBUG=+relay,+seh,+tid wine nitro.exe

http://ranger.befunk.com/debug/wine-i76-trace.log.bz2

http://bugs.winehq.org/show_bug.cgi?id=21924

Austin English austinenglish@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- OS/Version|Mac OS X 10.6 |Mac OS X

http://bugs.winehq.org/show_bug.cgi?id=21924

--- Comment #3 from Benjamin Hodgetts ben@xnode.org 2011-08-23 18:06:55 CDT --- Still an issue on Wine 1.3.26 on x86_64 Linux.

http://bugs.winehq.org/show_bug.cgi?id=21924

Anastasius Focht focht@gmx.net changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Summary|Interstate '76 Arsenal |Interstate '76 Arsenal |crashes |crashes (privileged | |instructions used in | |attempt to measure the CPU | |speed)

--- Comment #5 from Anastasius Focht focht@gmx.net 2013-10-06 17:33:02 CDT --- Hello folks,

bought the game just for analysis ... confirming. In short: the game contains a small code snippet that is incompatible with modern Windows NT-based operating systems.

The game calls GetSystemInfo() to retrieve system information:

--- snip --- ... 0049995A 50 PUSH EAX ; pSysteminfo 0049995B FF15 24C14B00 CALL DWORD PTR DS:[<KERNEL32.GetSystemInfo>] ... --- snip ---

Dump of returned structure:

--- snip --- Structure SYSTEM_INFO at 0033F33C

0033F33C .0000 DW 0 ; Architecture = PROCESSOR_ARCHITECTURE_INTEL 0033F33E .0000 DW 0 ; Reserved = 0 0033F340 .00100000 DD 00001000 ; PageSize = 4096. 0033F344 .00000100 DD 00010000 ; MinimumAppAddress = 10000 0033F348 .FFFFFE7F DD 7FFEFFFF ; MaximumAppAddress = 7FFEFFFF 0033F34C .0F000000 DD 0000000F ; ActiveProcessorMask = 0F 0033F350 .04000000 DD 00000004 ; NumberOfProcessors = 4 0033F354 .4A020000 DD 0000024A ; ProcessorType = PROCESSOR_INTEL_PENTIUM 0033F358 .00000100 DD 00010000 ; AllocationGranularity = 65536. 0033F35C .0600 DW 6 ; ProcessorLevel = 6 0033F35E .0525 DW 2505 ; ProcessorRevision = 9477. --- snip ---

"ProcessorType" member is evaluated for i386/i486 and pentium class processors:

--- snip --- 00499961 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10h] ; ProcessorType 00499964 2D 82010000 SUB EAX,182 ; switch (cases 182..24A) 00499969 74 18 JZ SHORT 00499983 0049996B 83E8 64 SUB EAX,64 0049996E 74 0C JZ SHORT 0049997C 00499970 83E8 64 SUB EAX,64 00499973 75 6B JNZ SHORT 004999E0 00499975 BE 05000000 MOV ESI,5 ; case 24A of switch 00499964 0049997A EB 0C JMP SHORT 00499988 0049997C BE 04000000 MOV ESI,4 ; case 1E6 of switch 00499964 00499981 EB 05 JMP SHORT 00499988 00499983 BE 03000000 MOV ESI,3 ; case 182 of switch 00499964 00499988 83FE 03 CMP ESI,3 0049998B 73 0A JAE SHORT 00499997 0049998D B8 66FDFFFF MOV EAX,-29A ; not i386/i486/i586 00499992 5E POP ESI 00499993 8BE5 MOV ESP,EBP 00499995 5D POP EBP 00499996 C3 RETN --- snip ---

Upon match the following code ought to be run:

--- snip --- 00499997 FA CLI 00499998 B0 B8 MOV AL,0B8 0049999A E6 43 OUT 43,AL 0049999C E4 61 IN AL,61 0049999E 0C 01 OR AL,01 004999A0 E6 61 OUT 61,AL 004999A2 32C0 XOR AL,AL 004999A4 E6 42 OUT 42,AL 004999A6 E6 42 OUT 42,AL 004999A8 B8 00000080 MOV EAX,80000000 004999AD 66:BA 5000 MOV DX,50 004999B1 0FBCC8 BSF ECX,EAX 004999B4 66:4A DEC DX 004999B6 66:83FA 01 CMP DX,1 004999BA 7D F5 JGE SHORT 004999B1 004999BC E4 42 IN AL,42 004999BE 8AE0 MOV AH,AL 004999C0 E4 42 IN AL,42 004999C2 86C4 XCHG AH,AL 004999C4 66:F7D8 NEG AX 004999C7 66:8945 FC MOV WORD PTR SS:[EBP-4],AX 004999CB FB STI 004999CC 66:8B0475 40E2 MOV AX,WORD PTR DS:[ESI*2+4FE240] 004999D4 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] 004999D7 66:6BC0 50 IMUL AX,AX,50 004999DB 66:85C9 TEST CX,CX 004999DE 75 08 JNZ SHORT 004999E8 004999E0 83C8 FF OR EAX,FFFFFFFF 004999E3 5E POP ESI 004999E4 8BE5 MOV ESP,EBP 004999E6 5D POP EBP 004999E7 C3 RETN ... ---- snip ---

*Eeeekkk*

That's an ancient way to determine CPU speed using PIT (Intel 8253 programmable interval timer, 16-Bit). The whole sequence contains several instructions that can't be executed in user mode on modern operating systems.

For example "cli" will always raise a "privileged instruction" exception in user mode when executed on Windows NT based systems.

In Windows 95, executing "cli" instruction in user mode generates a general protection fault which is transparently handled by the OS, eventually giving the same result (IF cleared) as a regular "cli".

Interestingly the comment section for this game on GOG.com shares some opinion (most likely related to other issues):

--- quote --- However this game is not properly compatible with modern systems! There are tons of bugs which the community has had to fix! This wasn't really what I hoped from GoG and seriously damages their reputation for games that work on modern PC's. I was considering gifting this game to my friends but I can't really give them a game in this state. The game is easily 5 stars but minus 3 stars for the trouble trying to get the game to work properly! :P --- quote ---

The game executable "i76.exe" is from year 2009 so it was likely recompiled. I wonder why GOG.com or the contractor who prepared the game did not remove this brain damaged ancient code to allow running on NT based systems.

I made a short workaround patch which allows to run the game in any WinVer mode in Wine:

--- snip --- $ printf '\xEB\x22' | dd of=i76.exe bs=1 seek=626025 count=2 conv=notrunc --- snip ---

What does it do?

It changes the opcode 0x74,0x18 (jz short 00499983) at file offset 0x98D69 to 0xEB,0x22 (jmp short 0049998D), avoiding the incompatible code.

I tested this only on the executable from GOG.com:

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/GOG.com/Interstate 76 Arsenal/interstate 76

$ du -sh i76.exe 1.1M i76.exe

$ sha1sum i76.exe 0d21c35d6b4f81f645f14c345dcbe7f33b2cfdc5 i76.exe --- snip ---

There is also an "Interstate 76 Nitro" pack included in the download. The executable for this pack has the same problem, hence I present another patch:

--- snip --- $ printf '\xEB\x22' | dd of=nitro.exe bs=1 seek=630921 count=2 conv=notrunc --- snip ---

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/GOG.com/Interstate 76 Arsenal/Interstate 76 Nitro Pack

$ du -sh nitro.exe 1.1M nitro.exe

$ sha1sum nitro.exe 753a73a205f7f8d973f452e5ec2c90f5f5b2c34b nitro.exe --- snip ---

Download from GOG.com:

$ du -sh setup_interstate76_arsenal.exe 592M setup_interstate76_arsenal.exe

$ sha1sum setup_interstate76_arsenal.exe 21671fbd8dce7d573095fda2612133bb24128bd8 setup_interstate76_arsenal.exe

$ wine --version wine-1.7.3-231-g264e27b

If you have a different version, exhibiting the same issues, it should fairly easy to find the place where to patch the executable.

==

In general: That game will most likely only run in Win9X compat mode on Windows NT systems. I wonder how/if they did a full Intel 8253 emulation to allow this code to work or if they just cheat with an application shim, having GetSystemInfo() _not_ returning i386/i486/i585 to avoid the critical code path.

Regards

https://bugs.winehq.org/show_bug.cgi?id=21924

--- Comment #7 from Kevin siegfri3d@gmail.com --- (In reply to Anastasius Focht from comment #5)

Hello folks,

bought the game just for analysis ... confirming. In short: the game contains a small code snippet that is incompatible with modern Windows NT-based operating systems.

The game calls GetSystemInfo() to retrieve system information:

--- snip --- ... 0049995A 50 PUSH EAX ; pSysteminfo 0049995B FF15 24C14B00 CALL DWORD PTR DS:[<KERNEL32.GetSystemInfo>] ... --- snip ---

Dump of returned structure:

--- snip --- Structure SYSTEM_INFO at 0033F33C

0033F33C .0000 DW 0 ; Architecture = PROCESSOR_ARCHITECTURE_INTEL 0033F33E .0000 DW 0 ; Reserved = 0 0033F340 .00100000 DD 00001000 ; PageSize = 4096. 0033F344 .00000100 DD 00010000 ; MinimumAppAddress = 10000 0033F348 .FFFFFE7F DD 7FFEFFFF ; MaximumAppAddress = 7FFEFFFF 0033F34C .0F000000 DD 0000000F ; ActiveProcessorMask = 0F 0033F350 .04000000 DD 00000004 ; NumberOfProcessors = 4 0033F354 .4A020000 DD 0000024A ; ProcessorType = PROCESSOR_INTEL_PENTIUM 0033F358 .00000100 DD 00010000 ; AllocationGranularity = 65536. 0033F35C .0600 DW 6 ; ProcessorLevel = 6 0033F35E .0525 DW 2505 ; ProcessorRevision = 9477. --- snip ---

"ProcessorType" member is evaluated for i386/i486 and pentium class processors:

--- snip --- 00499961 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10h] ; ProcessorType 00499964 2D 82010000 SUB EAX,182 ; switch (cases 182..24A) 00499969 74 18 JZ SHORT 00499983 0049996B 83E8 64 SUB EAX,64 0049996E 74 0C JZ SHORT 0049997C 00499970 83E8 64 SUB EAX,64 00499973 75 6B JNZ SHORT 004999E0 00499975 BE 05000000 MOV ESI,5 ; case 24A of switch 00499964 0049997A EB 0C JMP SHORT 00499988 0049997C BE 04000000 MOV ESI,4 ; case 1E6 of switch 00499964 00499981 EB 05 JMP SHORT 00499988 00499983 BE 03000000 MOV ESI,3 ; case 182 of switch 00499964 00499988 83FE 03 CMP ESI,3 0049998B 73 0A JAE SHORT 00499997 0049998D B8 66FDFFFF MOV EAX,-29A ; not i386/i486/i586 00499992 5E POP ESI 00499993 8BE5 MOV ESP,EBP 00499995 5D POP EBP 00499996 C3 RETN --- snip ---

Upon match the following code ought to be run:

--- snip --- 00499997 FA CLI 00499998 B0 B8 MOV AL,0B8 0049999A E6 43 OUT 43,AL 0049999C E4 61 IN AL,61 0049999E 0C 01 OR AL,01 004999A0 E6 61 OUT 61,AL 004999A2 32C0 XOR AL,AL 004999A4 E6 42 OUT 42,AL 004999A6 E6 42 OUT 42,AL 004999A8 B8 00000080 MOV EAX,80000000 004999AD 66:BA 5000 MOV DX,50 004999B1 0FBCC8 BSF ECX,EAX 004999B4 66:4A DEC DX 004999B6 66:83FA 01 CMP DX,1 004999BA 7D F5 JGE SHORT 004999B1 004999BC E4 42 IN AL,42 004999BE 8AE0 MOV AH,AL 004999C0 E4 42 IN AL,42 004999C2 86C4 XCHG AH,AL 004999C4 66:F7D8 NEG AX 004999C7 66:8945 FC MOV WORD PTR SS:[EBP-4],AX 004999CB FB STI 004999CC 66:8B0475 40E2 MOV AX,WORD PTR DS:[ESI*2+4FE240] 004999D4 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] 004999D7 66:6BC0 50 IMUL AX,AX,50 004999DB 66:85C9 TEST CX,CX 004999DE 75 08 JNZ SHORT 004999E8 004999E0 83C8 FF OR EAX,FFFFFFFF 004999E3 5E POP ESI 004999E4 8BE5 MOV ESP,EBP 004999E6 5D POP EBP 004999E7 C3 RETN ... ---- snip ---

*Eeeekkk*

That's an ancient way to determine CPU speed using PIT (Intel 8253 programmable interval timer, 16-Bit). The whole sequence contains several instructions that can't be executed in user mode on modern operating systems.

For example "cli" will always raise a "privileged instruction" exception in user mode when executed on Windows NT based systems.

In Windows 95, executing "cli" instruction in user mode generates a general protection fault which is transparently handled by the OS, eventually giving the same result (IF cleared) as a regular "cli".

Interestingly the comment section for this game on GOG.com shares some opinion (most likely related to other issues):

--- quote --- However this game is not properly compatible with modern systems! There are tons of bugs which the community has had to fix! This wasn't really what I hoped from GoG and seriously damages their reputation for games that work on modern PC's. I was considering gifting this game to my friends but I can't really give them a game in this state. The game is easily 5 stars but minus 3 stars for the trouble trying to get the game to work properly! :P --- quote ---

The game executable "i76.exe" is from year 2009 so it was likely recompiled. I wonder why GOG.com or the contractor who prepared the game did not remove this brain damaged ancient code to allow running on NT based systems.

I made a short workaround patch which allows to run the game in any WinVer mode in Wine:

--- snip --- $ printf '\xEB\x22' | dd of=i76.exe bs=1 seek=626025 count=2 conv=notrunc --- snip ---

What does it do?

It changes the opcode 0x74,0x18 (jz short 00499983) at file offset 0x98D69 to 0xEB,0x22 (jmp short 0049998D), avoiding the incompatible code.

I tested this only on the executable from GOG.com:

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/GOG.com/Interstate 76 Arsenal/interstate 76

$ du -sh i76.exe 1.1M i76.exe

$ sha1sum i76.exe 0d21c35d6b4f81f645f14c345dcbe7f33b2cfdc5 i76.exe --- snip ---

There is also an "Interstate 76 Nitro" pack included in the download. The executable for this pack has the same problem, hence I present another patch:

--- snip --- $ printf '\xEB\x22' | dd of=nitro.exe bs=1 seek=630921 count=2 conv=notrunc --- snip ---

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/GOG.com/Interstate 76 Arsenal/Interstate 76 Nitro Pack

$ du -sh nitro.exe 1.1M nitro.exe

$ sha1sum nitro.exe 753a73a205f7f8d973f452e5ec2c90f5f5b2c34b nitro.exe --- snip ---

Download from GOG.com:

$ du -sh setup_interstate76_arsenal.exe 592M setup_interstate76_arsenal.exe

$ sha1sum setup_interstate76_arsenal.exe 21671fbd8dce7d573095fda2612133bb24128bd8 setup_interstate76_arsenal.exe

$ wine --version wine-1.7.3-231-g264e27b

If you have a different version, exhibiting the same issues, it should fairly easy to find the place where to patch the executable.

==

In general: That game will most likely only run in Win9X compat mode on Windows NT systems. I wonder how/if they did a full Intel 8253 emulation to allow this code to work or if they just cheat with an application shim, having GetSystemInfo() _not_ returning i386/i486/i585 to avoid the critical code path.

Regards

You did an awesome work there, the game then runs with wine.

However the game is still unplayable as cars go slow, they seem to brake, including our car. Other cars do the same, making the game quite easy.

On the first mission Taurus car goes very very slowly and often brakes, same for ennemies.

On the second mission our car and Taurus car go too slow and can't pass the "jump".

I think it's framerate related or something, there is another piece of code in the game that seem to log and calculate framerate, it's probably buggy. Somehow the sky passes VERY quickly, but cars go too slow. Same issue on recent windows with recent hardware, it was working on old windows+old hardware only.

Posting this here in case another clever person like you passes by.

https://bugs.winehq.org/show_bug.cgi?id=21924

mo78@abv.bg changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |mo78@abv.bg

--- Comment #9 from mo78@abv.bg --- Hello, your patch is working great, thank you :) Can you make a patch for the Nitro Pack as well?