http://bugs.winehq.org/show_bug.cgi?id=11539
Summary: Anycount 6.0 refuses to install Product: Wine Version: 0.9.4. Platform: All OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: jens@porup.com
Anycount.exe 6.0 refuses to install under wine with the message, "Sorry, this application cannot run under a virtual machine."
Anycount (from anycount.com) is essential for those of us who use OpenOffice.org and want Microsoft Word-compatible word count (I work in the publishing industry).
I have generated a 12M log file using the following command:
WINEDEBUG=+relay wine AnyCount6Setup.exe 2>&1 | tee ~/anycountlog.out;
which you can download from my fastmail.fm file space:
http://jp.fastmail.fm/anycount/
http://bugs.winehq.org/show_bug.cgi?id=11539
Vitaliy Margolen vitaliy@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |http://download.anycount.com | |/a2c4e6g8/AnyCount6Setup.exe Status|UNCONFIRMED |NEW Ever Confirmed|0 |1 Keywords| |download Platform|All |Other Summary|Anycount 6.0 refuses to |Anycount 6.0 refuses to |install |start
--- Comment #1 from Vitaliy Margolen vitaliy@kievinfo.com 2008-02-10 16:09:03 --- Confirming with wine-0.9.55.
I'm guessing they using some sort of protection which detects Wine as a virtual machine.
http://bugs.winehq.org/show_bug.cgi?id=11539
Vitaliy Margolen vitaliy@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|0.9.4. |0.9.55.
http://bugs.winehq.org/show_bug.cgi?id=11539
--- Comment #2 from Anastasius Focht focht@gmx.net 2008-02-13 14:27:38 --- Created an attachment (id=10755) --> (http://bugs.winehq.org/attachment.cgi?id=10755) patch which fixes VMWare backdoor check (false positive)
Hello,
although the error dialog caption states "AIT Protection System", the target is wrapped with infamous Themida/WinLicense 1.9.x Software Protection. They probably added some custom dialog resources and rechristened it as their own protection system ;-)
Anyway ... the error message itself is correct. The packaging developer either disabled Themida's builtin "Virtual Machine Compatibility Mode" on purpose to artificially limit the software to real windows machines or had no clue.
Debugging was a bit nasty (lots of anti-debug tricks and obfuscated/vm code) but it basically boils down to following checks ... I commented the snippets for your pleasure.
1.) checks for Virtual PC
--- snip --- ... <obfuscated code> db 0F, 07, 0B, 64 ; causes illegal instruction exception if not running under VM ; if running under Virtual PC, internally handled and ; exception never seen by app POP DWORD PTR FS:[0] ADD ESP,4 MOV DWORD PTR SS:[EBP+71B0225],EBX ; store result for later examination ... <obfuscated code> --- snip ---
SEH for snippet:
--- snip --- MOV ECX,DWORD PTR SS:[ESP+0C] ; ContextRecord MOV DWORD PTR DS:[ECX+0A4],-1 ; ctx->Ebx, set not running in Virtual PC ADD DWORD PTR DS:[ECX+0B8],4 ; ctx->Eip += 4 (skip Virtual PC opcode sequence) XOR EAX,EAX ; EXCEPTION_CONTINUE_EXECUTION RETN --- snip ---
Ok, this one is gracefully passed by wine.
2.) checks for VMWare:
--- snip --- ... <obfuscated code> ; eax = 0x564D5868 ('VMXh' VMWare magic number) ; dx = 0x5658 ('VX' VMWare backdoor port) ; ecx = 0xA (VMWare backdoor 'get version') IN EAX,DX ; opcode: 0xED -> cause privileged instruction exception in ring3 CMP EBX,564D5868 ; backdoor magic value, changed if running under VMWare JNE SHORT no_vmware MOV DWORD PTR SS:[EBP+71B1455],1 ; VMWare detected no_vmware: POP DWORD PTR FS:[0] ADD ESP,4 ... <obfuscated code> --- snip ---
SEH for snippet (obfuscated):
--- snip --- MOV EBX,DWORD PTR SS:[ESP+0C] ; ContextRecord PUSH EBP CALL $+5 POP EBP SUB EBP,71E3EA3 MOV EAX,DWORD PTR DS:[EBX+0B8] LEA EAX,[EBP+71E3F4B] MOV DWORD PTR DS:[EBX+0B8],EAX ; ctx->Eip ('no_vmware' address of previous snippet) POP EBP XOR EAX,EAX ; EXCEPTION_CONTINUE_EXECUTION RETN --- snip ---
Unfortunately wine gets it wrong with __wine_emulate_instruction(), "eating" this exception internally. The app SEH never executes which leads to "Virtual Machine detected" result. Attached patch fixes this. It looks for magic VMWare numbers if the special "IN EAX,DX" is to be emulated. In that case the instruction is not emulated and the exception is passed down to next handler in SEH chain.
3.) General checks by using IDTR, GDTR and LDTR register values
The instructions to retrieve these values (selectors) are non-privileged in ring3 (not causing exception).
Example:
--- LDT --- ... <obfuscated code> sldt word ptr ss:[esp] ; store segment selector from the LDTR in a 16bit memory location ... <obfuscated code> pop eax ... <obfuscated code> or ax, ax jz no_vm --- LDT ---
On real windows machine the LDT selector value is 0x0000. In Virtual Machines the value is usually something different - unfortunately the same applies to linux ;-(
Due to the nature of these instructions (non-privileged) this problem can't be fixed in wine. Ask the Anycount software vendor (Advanced International Translations) to enable Themida's Virtual Machine compatibility mode or just don't buy/support their products.
Anyway - at least the special check for VMWare backdoor can be fixed in wine and should be handled properly.
Regards
http://bugs.winehq.org/show_bug.cgi?id=11539
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch
--- Comment #3 from Austin English austinenglish@gmail.com 2008-10-23 16:56:32 --- http://download2.anycount.com/1b3d5f7h/AnyCount6Setup.exe - 9f5929284eaf70af57cb1ed206376915376c9766
Still present in git, though Anastasius's patch no longer works (for me at least).
http://bugs.winehq.org/show_bug.cgi?id=11539
nsandschn@gmx.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |nsandschn@gmx.de
--- Comment #4 from nsandschn@gmx.de 2009-06-08 16:54:44 --- Still present in wine 1.1.23
http://bugs.winehq.org/show_bug.cgi?id=11539
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation
http://bugs.winehq.org/show_bug.cgi?id=11539
Nikolay Sivov bunglehead@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |shyningcrow@yahoo.it
--- Comment #5 from Nikolay Sivov bunglehead@gmail.com 2010-02-03 06:27:09 --- *** Bug 21582 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=11539
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dank@kegel.com
--- Comment #6 from Dan Kegel dank@kegel.com 2010-02-03 08:42:59 --- Wine should at least not look like VmWare... are there any apps that actually work if we fix that check?
http://bugs.winehq.org/show_bug.cgi?id=11539
Vitaliy Margolen vitaliy@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |wk-privat@peppiswelt.de
--- Comment #7 from Vitaliy Margolen vitaliy@kievinfo.com 2010-02-12 08:51:45 --- *** Bug 21691 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=11539
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |focht@gmx.net Resolution| |FIXED Summary|Anycount 6.0 refuses to |Anycount 6.0 refuses to |start |start (VMWare backdoor | |check, magic 0x564D5868 on | |port 0x5658)
--- Comment #8 from Anastasius Focht focht@gmx.net 2010-08-19 15:44:54 --- Hello,
looks like an AnyCount 6 version with VM checks is no longer available for download. It seems they silently removed that stuff in downloadable AnyCount 6 builds (616+).
I found another test tool with employs basic VM checks here: http://www.codegurus.be/codegurus/Programming/virtualpc&vmware_en.htm
Wine correctly raises exception (priv instruction) now which is catched by installed SEH.
--- snip --- 002b:trace:seh:raise_exception code=c0000096 flags=0 addr=0x401461 ip=00401461 tid=002b 002b:trace:seh:raise_exception eax=564d5868 ebx=8685d465 ecx=0000000a edx=00005658 esi=001104f8 edi=00401818 002b:trace:seh:raise_exception ebp=0032f6c4 esp=0032f698 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010212 002b:trace:seh:call_stack_handlers calling handler at 0x401740 code=c0000096 flags=0 002b:trace:seh:__regs_RtlUnwind code=c0000027 flags=2 002b:trace:seh:__regs_RtlUnwind calling handler at 0x7bc6f500 code=c0000027 flags=2 002b:trace:seh:__regs_RtlUnwind handler at 0x7bc6f500 returned 1 --- snip ---
Marking this bug fixed for the VMWare backdoor check. The third type of check using IDTR, GDTR and LDTR register values can't be fixed anyway in Wine.
Regards
http://bugs.winehq.org/show_bug.cgi?id=11539
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #9 from Alexandre Julliard julliard@winehq.org 2010-08-20 12:38:01 --- Closing bugs fixed in 1.3.1.
http://bugs.winehq.org/show_bug.cgi?id=11539
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Hardware|Other |x86
-
wine-bugs@winehq.org