[Bug 41469] New: 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

List overview All Threads

newer

older

[Bug 50522] New: Deus Ex Launcher...

[Bug 50496] New: OpenGL executable...

wine-bugs＠winehq.org

9 Oct 2016 9 Oct '16

2:06 p.m.

https://bugs.winehq.org/show_bug.cgi?id=41469

Bug ID: 41469 Summary: 'Ski Racing 2005 featuring Hermann Maier' crashes on startup Product: Wine Version: 1.9.20 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: bugzilla@z3ntu.xyz Distribution: ---

Created attachment 55850 --> https://bugs.winehq.org/attachment.cgi?id=55850 backtrace

The game 'Ski Racing 2005 featuring Hermann Maier' (Demo version) from an old game DVD crashes on startup. The installation went fine. I can send you the installer if you need it for reproducing the issue.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

Show replies by date

wine-bugs＠winehq.org

9 Oct 9 Oct

4:23 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

winetest@luukku.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |winetest@luukku.com

--- Comment #1 from winetest@luukku.com --- Console output before the crash?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

4:43 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #2 from Luca Weiss bugzilla@z3ntu.xyz --- I have [10/09/16 18:42:22] - Running wine- start.exe /wait /unix /home/luca/.PlayOnLinux//wineprefix/100Spiele/drive_c/./users/luca/Desktop/Ski Racing 2005 featuring Hermann Maier Demo.lnk (Working directory : /home/luca/.PlayOnLinux/wineprefix/100Spiele/dosdevices/c:/Program Files/JoWooD/Ski Racing 2005 Demo) wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 002a), starting debugger... from the playonlinux.log file. Is that what you mean?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

31 Oct 31 Oct

12:32 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #3 from winetest@luukku.com --- Can you add download keyword and add this link into urld field?

http://www.gamepressure.com/download.asp?ID=6526

sha1sum SkiRacing2005-Demo-Setup1.exe d7684789b7de45fb909fc11846f5a1f24fd7d7cc SkiRacing2005-Demo-Setup1.exe

it's valid bug against wine 1.9.22 and staging 1.9.21

No idea why it fails so early.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

1:15 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

Luca Weiss bugzilla@z3ntu.xyz changed:

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

9 Jan 9 Jan

4:31 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #4 from winetest@luukku.com --- Crash wine 2.0rc4 and staging 2.0rc3.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

6:12 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

Louis Lenders xerox_xerox2000@yahoo.co.uk changed:

--- Comment #5 from Louis Lenders xerox_xerox2000@yahoo.co.uk --- This starts fine for me using native msvcr71.dll

Luca: could you try if that helps for you als well? (use winetricks vcrun2003) (btw you have a different crash log as me)

I`ll attach a debuglog hereafter

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

6:48 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #6 from Louis Lenders xerox_xerox2000@yahoo.co.uk --- Created attachment 56791 --> https://bugs.winehq.org/attachment.cgi?id=56791 +relay,+seh,+tid log

+relay,+seh,+tid log, last 1500 lines

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

10 Jan 10 Jan

8:20 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #7 from Luca Weiss bugzilla@z3ntu.xyz --- Didn't work for me on a clean 32-bit prefix, where I installed the game -> started (crashed) -> winetricks vcrun2003 -> WINEARCH=win32 wine start 'C:\Program Files\JoWooD\Ski Racing 2005 Demo\SR2005_Demo.exe' -> crashed again with "wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0031), starting debugger..."

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

8:27 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #8 from winetest@luukku.com --- (In reply to Luca Weiss from comment #7)

...

Didn't work for me on a clean 32-bit prefix, where I installed the game -> started (crashed) -> winetricks vcrun2003 -> WINEARCH=win32 wine start 'C:\Program Files\JoWooD\Ski Racing 2005 Demo\SR2005_Demo.exe' -> crashed again with "wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0031), starting debugger..."

I couldnt get it running either thatway. I didnt bother to report since Louis is usually on the spot.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

8:48 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #9 from Louis Lenders xerox_xerox2000@yahoo.co.uk --- (In reply to winetest from comment #8)

...

(In reply to Luca Weiss from comment #7)

...
Didn't work for me on a clean 32-bit prefix, where I installed the game -> started (crashed) -> winetricks vcrun2003 -> WINEARCH=win32 wine start 'C:\Program Files\JoWooD\Ski Racing 2005 Demo\SR2005_Demo.exe' -> crashed again with "wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0031), starting debugger..."

I couldnt get it running either thatway. I didnt bother to report since Louis is usually on the spot.

Did you check that msvcr71 is really set to native? I notices that winetricks vcrun2003 only installs the dlls, but doesn`t set them to native anymore (was there a change in winetricks?).

Could you try WINEDLLOVERRIDES=msvcr71=n wine SR2005_Demo.exe

As I said, with that command it starts just fine here...

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

9 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #10 from winetest@luukku.com --- I didnt mention, but after winetricks -q vcrun2003 I even tried setting it native via winecfg. I started from fresh again. Installed the demo, did winetricks -q vcrun2003 and used the commandline as you suggested and still a crash. I can't explain.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

9:18 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #11 from Louis Lenders xerox_xerox2000@yahoo.co.uk ---

...

I can't explain.

Me neither..... strange issue

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

9:23 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #12 from Luca Weiss bugzilla@z3ntu.xyz --- I am using Arch Linux with the following versions: wine-git 2.0.rc2.r0.g56040acaa3-1 # compiling the newest right now winetricks 20170101-1

I ran the following commands exactly as they are here (using bash): rm -rf .wine/ WINEARCH=win32 wine Downloads/SkiRacing2005-Demo-Setup1.exe WINEARCH=win32 winetricks vcrun2003 # clicked next & install in the popup WINEDLLOVERRIDES=msvcr71=n wine .wine/drive_c/Program\ Files/JoWooD/Ski\ Racing\ 2005\ Demo/SR2005_Demo.exe wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0009), starting debugger...

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

12 Feb 12 Feb

8:49 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

Jeff Zaroyko jeffz@jeffz.name changed:

What |Removed |Added ---------------------------------------------------------------------------- Severity|major |normal

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

22 Mar 22 Mar

9:44 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #13 from Luca Weiss bugzilla@z3ntu.xyz --- (In reply to Louis Lenders from comment #11)

...

...
I can't explain.

Me neither..... strange issue

Do you have any other "special" configuration? I tried over and over but I always get the "Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0009)". Unfortunately I didn't manage to disassemble the .exe with Hex-Rays IDA and I don't get the GoVest! debugger linked on the Wine wiki. Does the Game start with a new Wine prefix using the commands in my last comment?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

9:45 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

Luca Weiss bugzilla@z3ntu.xyz changed:

What |Removed |Added ---------------------------------------------------------------------------- Version|1.9.22 |2.4

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

10:49 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #14 from Louis Lenders xerox_xerox2000@yahoo.co.uk ---

...

Do you have any other "special" configuration? I tried over and over but I always get the "Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0009)". Unfortunately I didn't manage to disassemble the .exe with Hex-Rays IDA and I don't get the GoVest! debugger linked on the Wine wiki. Does the Game start with a new Wine prefix using the commands in my last comment?

Could you cd into the directory where the executable is first?

I tried your start command running from my homedirectory and now it crashes for me:f ixme:msvcp:_Locinfo__Locinfo_ctor_cat_cstr (0x33d798 1 C) semi-stub fixme:msvcp:_Locinfo__Locinfo_ctor_cat_cstr (0x33d888 1 C) semi-stub wine: Unhandled page fault on read access to 0x00000000 at address 0x467f96 (thread 003f), starting debugger... Moving item number 0 Moving item number 0

So run the game from the directory where SR2005_Demo.exe is

BTW, no need to install vcrun2003, the game comes with it`s own msvcr71

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

11:40 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

fjfrackiewicz@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |fjfrackiewicz@gmail.com

--- Comment #15 from fjfrackiewicz@gmail.com --- (In reply to Louis Lenders from comment #14)

...

BTW, no need to install vcrun2003, the game comes with it`s own msvcr71

Sorry for asking but is that msvcr71 being installed or registered correctly? I've noticed that with some games that have their own vcrun2013, for example, fail to register it properly and I have to use winetricks in order for a particular MS runtime to get registered properly...

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

23 Mar 23 Mar

8:12 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

Józef Kucia joseph.kucia@gmail.com changed:

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

8:12 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

Józef Kucia joseph.kucia@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Version|1.9.22 |1.9.20

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

25 Mar 25 Mar

12:27 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #16 from winetest@luukku.com --- Tried again wine 2.4 and staging 2.4. All defaults and just overriding that msvcr71 as native from commmand line. Crashes.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

5 Jun 5 Jun

8:58 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #17 from winetest@luukku.com --- Still crashes for me wine 2.9-git and staging 2.9.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

11:03 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #18 from Luca Weiss bugzilla@z3ntu.xyz --- I tested the game in a Windows XP and Windows Vista virtual machine and out of some reason it also crashes there. Screenshot: http://i.imgur.com/ptkQV2K.png and http://i.imgur.com/undefined.png (sorry for the bad screen resolution, I have no idea how to make that better with libvirt/virt-manager).

The .exe came directly from an iso I made from the original CD (I am 100% it once worked on Windows Vista...). I'm currently downloading an apparently full version from some "legit" website. Will report the results of that later.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

11:21 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #19 from winetest@luukku.com --- (In reply to winetest from comment #17)

...

Still crashes for me wine 2.9-git and staging 2.9.

gcc --version gcc (Ubuntu 5.4.0-6ubuntu1~16.04.4) 5.4.0 20160609 Copyright (C) 2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

I don't know if that makes any difrence.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

12:12 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #20 from Luca Weiss bugzilla@z3ntu.xyz --- second image link is broken, it should be http://i.imgur.com/hVct1cD.png

I have now tested the crack on my Windows XP VM and have to say, it crashes as well... I guess this bugreport should be closed then as it's not even working on real Windows out of some reason... 1. I've changed the date on the VM to 2007 so that shouldn't be a problem. 2. Nothing in the application is trying to reach a server (the company JoWooD went bankrupt a few years ago and the website is down).

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

6:49 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup ( JoWood X-Prot v1.5.9.49 protection scheme)

https://bugs.winehq.org/show_bug.cgi?id=41469

Anastasius Focht focht@gmx.net changed:

--- Comment #21 from Anastasius Focht focht@gmx.net --- Hello folks,

confirming, crashes for me too.

It's most likely an issue with the software protection scheme used here.

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/JoWooD/Ski Racing 2005 Demo

$ WINEDEBUG=+tid,+seh,+relay wine ./SR2005_Demo.exe >>log.txt 2>&1 ... 0039:Starting process L"C:\Program Files\JoWooD\Ski Racing 2005 Demo\SR2005_Demo.exe" (entryproc=0x69d080) 0039:Call KERNEL32.VirtualProtect(0033f564,000008c0,00000040,0069d056) ret=0069dd30 0039:Ret KERNEL32.VirtualProtect() retval=00000001 ret=0069dd30 0039:trace:seh:raise_exception code=c000001d flags=0 addr=0x69f927 ip=0069f927 tid=0039 0039:trace:seh:raise_exception eax=73a70193 ebx=0033feb0 ecx=00063a00 edx=12345678 esi=0069e857 edi=006a0323 0039:trace:seh:raise_exception ebp=002177bb esp=0033fdfc cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0039:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=c000001d flags=0 0039:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0 0039:trace:seh:raise_exception code=80000004 flags=0 addr=0x69f839 ip=0069f839 tid=0039 0039:trace:seh:raise_exception eax=4855d311 ebx=0033feb0 ecx=000639ff edx=7f272775 esi=0069e857 edi=006a0323 0039:trace:seh:raise_exception ebp=4243484b esp=0033fdfc cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010206 0039:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=80000004 flags=0 0039:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0 0039:trace:seh:raise_exception code=c000001d flags=0 addr=0x69f927 ip=0069f927 tid=0039 0039:trace:seh:raise_exception eax=06ec8094 ebx=0033feb0 ecx=00063800 edx=7f272775 esi=0069e857 edi=006a0323 0039:trace:seh:raise_exception ebp=002177bb esp=0033fdfc cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0039:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=c000001d flags=0 0039:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0 ... 0039:trace:seh:raise_exception code=80000004 flags=0 addr=0x69f839 ip=0069f839 tid=0039 0039:trace:seh:raise_exception eax=0f28d5f8 ebx=0033feb0 ecx=000001ff edx=5dcdea49 esi=0069e857 edi=006a0323 0039:trace:seh:raise_exception ebp=4243484b esp=0033fdfc cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0039:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=80000004 flags=0 0039:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0 0039:trace:seh:raise_exception code=80000004 flags=0 addr=0x6a0d75 ip=006a0d75 tid=0039 0039:trace:seh:raise_exception eax=e60ff5fe ebx=0033feb0 ecx=00000000 edx=5dcdea49 esi=0069e857 edi=006a0323 0039:trace:seh:raise_exception ebp=002177bb esp=0033fdfc cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00000246 0039:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=80000004 flags=0 0039:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0 0039:trace:seh:raise_exception code=c0000005 flags=0 addr=0x6a1200 ip=006a1200 tid=0039 0039:trace:seh:raise_exception info[0]=00000001 0039:trace:seh:raise_exception info[1]=a71233f8 0039:trace:seh:raise_exception eax=00000090 ebx=0033feb0 ecx=00000090 edx=ffeb8d88 esi=0069e857 edi=006a1200 0039:trace:seh:raise_exception ebp=002177bb esp=0033fe24 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0039:trace:seh:call_stack_handlers calling handler at 0x7bcadc69 code=c0000005 flags=0 0039:Call KERNEL32.UnhandledExceptionFilter(0033f924) ret=7bcadca4 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0039), starting debugger... ... Backtrace: =>0 0x006a1200 in sr2005_demo (+0x2a1200) (0x002177bb) 0x006a1200: rorb %cl,0xa6f0bc3d(%ebp)

Modules: Module Address Debug info Name (14 modules) PE 400000- 76c000 Export sr2005_demo ELF 7b400000-7b7f0000 Deferred kernel32<elf> -PE 7b420000-7b7f0000 \ kernel32 ELF 7bc00000-7bd0a000 Deferred ntdll<elf> -PE 7bc30000-7bd0a000 \ ntdll ELF 7c000000-7c004000 Deferred <wine-loader> ELF 7ef88000-7efd6000 Deferred libm.so.6 ELF f73f3000-f73f8000 Deferred libdl.so.2 ELF f73f8000-f75c4000 Deferred libc.so.6 ELF f75c4000-f75e1000 Deferred libpthread.so.0 ELF f75e2000-f75f0000 Deferred libnss_files.so.2 ELF f760b000-f77c2000 Dwarf libwine.so.1 ELF f77c3000-f77e6000 Deferred ld-linux.so.2 ELF f77e8000-f77e9000 Deferred [vdso].so Threads: process tid prio (all id:s are in hex) ... 00000038 (D) C:\Program Files\JoWooD\Ski Racing 2005 Demo\SR2005_Demo.exe 00000039 0 <== --- snip ---

Protection ID scan:

--- snip --- -=[ ProtectionID v0.6.8.5 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/16-13:09:21 Ready... Scanning -> C:\Program Files\JoWooD\Ski Racing 2005 Demo\SR2005_Demo.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 2068480 (01F9000h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x000030BB -> Thu 01st Jan 1970 03:27:55 (GMT) [!] Warning - FileAlignment seems wrong.. is 0x00001000, calculated 0x00000400 [TimeStamp] 0x000030BB -> Thu 01st Jan 1970 03:27:55 (GMT) | PE Header | - | Offset: 0x00000108 | VA: 0x00400108 | - [File Heuristics] -> Flag #1 : 00000000000000001100000000110011 (0x0000C033) [Entrypoint Section Entropy] : 8.00 (section #3) ".dcrtext" | Size : 0x67000 (421888) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 8 (0x8) | ImageSize 0x36C000 (3588096) byte(s) [ModuleReport] [IAT] Modules -> kernel32.dll [!] JoWood X-Prot v1.5.9.49 detected ! - Scan Took : 0.439 Second(s) [0000001B7h (439) tick(s)] [506 of 580 scan(s) done] --- snip ---

The large number of single step (hwbp) and invalid instruction exceptions in the trace log are normal (except the last one), they are part of section decrypt mechanism. It decrypts the first part in (top down) and when doing the next part it encounters invalid opcodes in the decrypt continuation which ought to be decrypted during first part.

The screenshot from Windows VM (comment #18) also points to same area. There are some reports on Internet claiming this game is incompatible with newer Windows versions (Vista+). It should run on Windows XP though (originally stated by vendor).

It would be interesting to see Louis' (comment #2) machine specs where this game is reported to run on. Which distro, gcc version, Wine version (vanilla), flags used to build...

$ sha1sum SkiRacing2005-Demo-Setup1.exe d7684789b7de45fb909fc11846f5a1f24fd7d7cc SkiRacing2005-Demo-Setup1.exe

$ du -sh SkiRacing2005-Demo-Setup1.exe 42M SkiRacing2005-Demo-Setup1.exe

$ wine --version wine-2.9-147-ge5733e7cd4

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

9 Jun 9 Jun

8:04 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup ( JoWood X-Prot v1.5.9.49 protection scheme)

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #22 from Louis Lenders xerox_xerox2000@yahoo.co.uk --- Created attachment 58390 --> https://bugs.winehq.org/attachment.cgi?id=58390 +relay,+seh,+tid log from successfull start of the game

+relay,+seh,+tid log from successfull start of the game

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

8:06 a.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup ( JoWood X-Prot v1.5.9.49 protection scheme)

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #23 from Louis Lenders xerox_xerox2000@yahoo.co.uk --- Hi, as i said, it runs only when i use native msvcr71. Not sure if gcc version is interesting, because it also runs here then when using precompiled wine-staging package ( /opt/wine-staging/bin/wine --version wine-2.5 (Staging)). lsb_release -a LSB Version: core-2.0-ia32:core-2.0-noarch:core-3.0-ia32:core-3.0-noarch:core-3.1-ia32:core-3.1-noarch:core-3.2-ia32:core-3.2-noarch:core-4.0-ia32:core-4.0-noarch:core-4.1-ia32:core-4.1-noarch Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial

Don`t know if this info helps anything? I attaches a log of a successfull start of the game (so using native msvcr71). Maybe it could reveal anything...

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

6:09 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup ( JoWood X-Prot v1.5.9.49 protection scheme)

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #24 from Luca Weiss bugzilla@z3ntu.xyz --- Created attachment 58392 --> https://bugs.winehq.org/attachment.cgi?id=58392 +relay,+seh,+tid

Commands run with the fish shell: Installed with: rm -rf ~/.wine32 env WINEDEBUG=+relay,+seh,+tid WINEDLLOVERRIDES=msvcr71=n WINEARCH=win32 WINEPREFIX=/home/luca/.wine32 wine ~/Downloads/SkiRacing2005-Demo-Setup1.exe Run with: env WINEDEBUG=+relay,+seh,+tid WINEDLLOVERRIDES=msvcr71=n WINEARCH=win32 WINEPREFIX=/home/luca/.wine32 wine SR2005_Demo.exe 2>| tee output.txt Crashed as expected.

wine-2.9 (Staging)

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

13 Jan 13 Jan

5:49 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup (JoWood X-Prot v1.5.9.49 protection scheme)

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #25 from Gijs Vermeulen gijsvrm@gmail.com --- Crashes for me with wine-6.0-rc6.

Tried both with and without native msvcr71 override.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

17 Jan 17 Jan

12:51 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup (JoWood X-Prot v1.5.9.49 protection scheme)

https://bugs.winehq.org/show_bug.cgi?id=41469

Anastasius Focht focht@gmx.net changed:

--- Comment #26 from Anastasius Focht focht@gmx.net --- Hello folks,

native msvcr71 override from comment #5 and comment #6 is a secondary issue which is likely fixed by now.

The crash everyone observes happens has nothing to do with it. It happens in the first process instance, during decryption. MSVC++ runtime only gets mapped in the second instance of the process that is spawned.

Trace with Wine 6.0

--- snip --- ... 0024:trace:seh:NtGetContextThread 0xfffffffe: dr0=0069f839 dr1=0069f839 dr2=0069f839 dr3=0069f839 dr6=0000000f dr7=00000155 0024:trace:seh:dispatch_exception code=80000004 flags=0 addr=0069F839 ip=0069f839 tid=0024 0024:trace:seh:dispatch_exception eax=0f28d5f8 ebx=7ffde000 ecx=000001ff edx=5dcdea49 esi=0069e857 edi=006a0323 0024:trace:seh:dispatch_exception ebp=4243484b esp=0031fed4 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0024:trace:seh:call_vectored_handlers calling handler at 7B00F270 code=80000004 flags=0 0024:trace:seh:call_vectored_handlers handler at 7B00F270 returned 0 0024:trace:seh:call_stack_handlers calling handler at 0069EAA2 code=80000004 flags=0 0024:trace:seh:call_stack_handlers handler at 0069EAA2 returned 0 0024:trace:seh:NtGetContextThread 0xfffffffe: dr0=00401234 dr1=00401234 dr2=00401234 dr3=00401234 dr6=00004000 dr7=00000155

0024:trace:seh:dispatch_exception code=80000004 flags=0 addr=006A0D75 ip=006a0d75 tid=0024 0024:trace:seh:dispatch_exception eax=e60ff5fe ebx=7ffde000 ecx=00000000 edx=5dcdea49 esi=0069e857 edi=006a0323 0024:trace:seh:dispatch_exception ebp=002177bb esp=0031fed4 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00000246 0024:trace:seh:call_vectored_handlers calling handler at 7B00F270 code=80000004 flags=0 0024:trace:seh:call_vectored_handlers handler at 7B00F270 returned 0 0024:trace:seh:call_stack_handlers calling handler at 0069EAA2 code=80000004 flags=0 0024:trace:seh:call_stack_handlers handler at 0069EAA2 returned 0

0024:trace:seh:dispatch_exception code=c0000005 flags=0 addr=006A1200 ip=006a1200 tid=0024 0024:trace:seh:dispatch_exception info[0]=00000001 0024:trace:seh:dispatch_exception info[1]=a71233f8 0024:trace:seh:dispatch_exception eax=00000090 ebx=7ffde000 ecx=00000090 edx=ffe98e60 esi=0069e857 edi=006a1200 0024:trace:seh:dispatch_exception ebp=002177bb esp=0031fefc cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010202 0024:trace:seh:call_vectored_handlers calling handler at 7B00F270 code=c0000005 flags=0 0024:trace:seh:call_vectored_handlers handler at 7B00F270 returned 0 0024:trace:seh:call_stack_handlers calling handler at 7BC52730 code=c0000005 flags=0 --- snip ---

vs. Louis' "working" from Wine 2.5 (Staging?):

--- snip --- ... 0009:trace:seh:raise_exception code=80000004 flags=0 addr=0x69f839 ip=0069f839 tid=0009 0009:trace:seh:raise_exception eax=0f28d5f8 ebx=7ffdf000 ecx=000001ff edx=5dcdea49 esi=0069e857 edi=006a0323 0009:trace:seh:raise_exception ebp=4243484b esp=0033fdbc cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00010202 0009:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=80000004 flags=0 0009:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0

0009:trace:seh:raise_exception code=80000004 flags=0 addr=0x6a0d75 ip=006a0d75 tid=0009 0009:trace:seh:raise_exception eax=e60ff5fe ebx=7ffdf000 ecx=00000000 edx=5dcdea49 esi=0069e857 edi=006a0323 0009:trace:seh:raise_exception ebp=002177bb esp=0033fdbc cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00000246 0009:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=80000004 flags=0 0009:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0 0009:Call KERNEL32.VirtualAlloc(00000000,00003000,00001000,00000040) ret=006a3784 0009:Ret KERNEL32.VirtualAlloc() retval=00340000 ret=006a3784 0009:Call KERNEL32.VirtualAlloc(00000000,00003000,00001000,00000040) ret=006a3c9d 0009:Ret KERNEL32.VirtualAlloc() retval=00350000 ret=006a3c9d 0009:Call KERNEL32.VirtualAlloc(00000000,00001000,00001000,00000040) ret=006a41c6 0009:Ret KERNEL32.VirtualAlloc() retval=00220000 ret=006a41c6 0009:Call KERNEL32.LoadLibraryA(006a649e "kernel32.dll") ret=006a659a 0009:Ret KERNEL32.LoadLibraryA() retval=7b410000 ret=006a659a 0009:Call KERNEL32.LoadLibraryA(006a70d9 "user32.dll") ret=006a70ea ... 0009:Ret KERNEL32.LoadLibraryA() retval=7ec70000 ret=006a70ea 0009:Call KERNEL32.GetUserDefaultLangID() ret=006a7aaf 0009:Ret KERNEL32.GetUserDefaultLangID() retval=00000409 ret=006a7aaf 0009:Call KERNEL32.CreateFileA(006a872e "\\.\SICE",80000000,00000001,00000000,00000003,00000080,00000000) ret=006a7af7 0009:Ret KERNEL32.CreateFileA() retval=ffffffff ret=006a7af7 0009:Call KERNEL32.CreateFileA(006a873e "\\.\NTICE",80000000,00000001,00000000,00000003,00000080,00000000) ret=006a7af7 0009:Ret KERNEL32.CreateFileA() retval=ffffffff ret=006a7af7 0009:Call KERNEL32.CreateFileA(006a874e "\\.\SIWVID",80000000,00000001,00000000,00000003,00000080,00000000) ret=006a7af7 0009:Ret KERNEL32.CreateFileA() retval=ffffffff ret=006a7af7 0009:Call KERNEL32.CreateFileA(006a875e "\\.\REGMON",80000000,00000001,00000000,00000003,00000080,00000000) ret=006a7af7 0009:Ret KERNEL32.CreateFileA() retval=ffffffff ret=006a7af7 0009:Call KERNEL32.CreateFileA(006a876e "\\.\FILEMON",80000000,00000001,00000000,00000003,00000080,00000000) ret=006a7af7 0009:Ret KERNEL32.CreateFileA() retval=ffffffff ret=006a7af7 0009:Call KERNEL32.CreateFileA(006a877e "\\.\SIWDEBUG",80000000,00000001,00000000,00000003,00000080,00000000) ret=006a7af7 0009:Ret KERNEL32.CreateFileA() retval=ffffffff ret=006a7af7 0009:Call KERNEL32.CreateFileA(006a878e "\\.\SIWVIDSTART",80000000,00000001,00000000,00000003,00000080,00000000) ret=006a7af7 0009:Ret KERNEL32.CreateFileA() retval=ffffffff ret=006a7af7 ... --- snip ---

I've rebuilt Wine-Staging 2.5 (comment #23) as well and it crashes in the same way. In fact I ran the demo against all Wine 2.x, 3.x, 4.x, 5.x and 6.0 releases and it always crashes with same crash pattern.

gcc version 10.2.1 20201125 (Red Hat 10.2.1-9)

WINEPREFIX is wiped each time, demo install directory is reused.

--- snip --- for ver in 2.{0..22} 3.{0..21} 4.{0..21} 5.{0..22} 6.0 ; do echo "#####" export WINEPREFIX=~/wineprefix-bug41469 && rm -rf $WINEPREFIX export WINEARCH=win32 wine_register_path $ver winetricks nocrashdialog &> /dev/null wine ./SR2005_Demo.exe 2>&1 | egrep "(debugger|overflow)" wineserver -w done --- snip ---

Output:

--- snip --- ##### Active Wine version: wine-2.0 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 003e), starting debugger... ##### Active Wine version: wine-2.1 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0047), starting debugger... ##### Active Wine version: wine-2.2 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0047), starting debugger... ##### Active Wine version: wine-2.3 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0047), starting debugger... ... ##### Active Wine version: wine-2.21 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0042), starting debugger... ##### Active Wine version: wine-2.22 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0042), starting debugger... ##### Active Wine version: wine-3.0 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0042), starting debugger... ##### Active Wine version: wine-3.1 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0043), starting debugger... ... ##### Active Wine version: wine-3.19 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 003e), starting debugger... ##### Active Wine version: wine-3.20 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 003e), starting debugger... ##### Active Wine version: wine-3.21 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 003f), starting debugger... ##### Active Wine version: wine-4.0 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 003e), starting debugger... ##### Active Wine version: wine-4.1 wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0040), starting debugger... ... ##### Active Wine version: wine-4.20 wine: Unhandled page fault on write access to A71233F8 at address 006A1200 (thread 003f), starting debugger... ##### Active Wine version: wine-4.21 wine: Unhandled page fault on write access to A71233F8 at address 006A1200 (thread 0040), starting debugger... ... ##### Active Wine version: wine-5.0 wine: Unhandled page fault on write access to A71233F8 at address 006A1200 (thread 003f), starting debugger... ##### Active Wine version: wine-5.1 wine: Unhandled page fault on write access to A71233F8 at address 006A1200 (thread 003f), starting debugger... ##### Active Wine version: wine-5.2 wine: Unhandled page fault on write access to A71233F8 at address 006A1200 (thread 003f), starting debugger... ##### ... Active Wine version: wine-5.6 wine: Unhandled page fault on write access to A71233F8 at address 006A1200 (thread 003f), starting debugger... ##### Active Wine version: wine-5.7 ##### Active Wine version: wine-5.8 wine: Unhandled page fault on write access to A71233F8 at address 006A1200 (thread 00f8), starting debugger... ##### Active Wine version: wine-5.9 wine: Unhandled page fault on write access to A71233F8 at address 006A1200 (thread 00f8), starting debugger... ... ##### Active Wine version: wine-5.21 wine: Unhandled page fault on write access to A71233F8 at address 006A1200 (thread 019c), starting debugger... ##### Active Wine version: wine-5.22 wine: Unhandled page fault on write access to A71233F8 at address 006A1200 (thread 01a0), starting debugger... ##### Active Wine version: wine-6.0 wine: Unhandled page fault on write access to A71233F8 at address 006A1200 (thread 019c), starting debugger... --- snip ---

The only exception is Wine 5.7:

--- snip --- 0009:Starting process L"Z:\home\focht\Downloads\JoWooD\Ski Racing 2005 Demo\SR2005_Demo.exe" (entryproc=0x69d080) 0009:Call ntdll.NtQueryInformationProcess(ffffffff,00000007,0032ff40,00000004,00000000) ret=7b00d224 0009:Ret ntdll.NtQueryInformationProcess() retval=00000000 ret=7b00d224 0009:Call KERNEL32.VirtualProtect(0032f654,000008c0,00000040,0069d056) ret=0069dd30 0009:Call ntdll.NtProtectVirtualMemory(ffffffff,0032f5dc,0032f5e0,00000040,0069d056) ret=7b0231ce 0009:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b0231ce 0009:Ret KERNEL32.VirtualProtect() retval=00000001 ret=0069dd30 0009:trace:seh:raise_exception code=c000001d flags=0 addr=0x69f927 ip=0069f927 tid=0009 0009:trace:seh:raise_exception eax=73a70193 ebx=7ffdf000 ecx=00063a00 edx=12345678 esi=0069e857 edi=006a0323 0009:trace:seh:raise_exception ebp=002177bb esp=0032feec cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0009:trace:seh:call_stack_handlers calling handler at 0x69eaa2 code=c000001d flags=0 0009:trace:seh:call_stack_handlers handler at 0x69eaa2 returned 0 --- snip ---

That's due to bug 49011 ("Multiple games and applications cause wineserver crash in Wine 5.7") which broke Wine 5.7 release for quite a number of apps and games.

I even installed Ubuntu 16.04.1 LTS in a VirtualBox VM and used the original Wine 2.5 and Wine-Staging 2.5 packages from WineHQ, trying to replicate Louis' setup from comment #23. It still crashes in the same way.

--- snip --- $ wine ./SR2005_Demo.exe wine: Unhandled page fault on write access to 0xa71233f8 at address 0x6a1200 (thread 0037), starting debugger... Unhandled exception: page fault on write access to 0xa71233f8 in 32-bit code (0x006a1200). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:006a1200 ESP:0033fde4 EBP:002177bb EFLAGS:00010202( R- -- I - - - ) EAX:00000090 EBX:7ffdf000 ECX:00000090 EDX:ffeb8d48 ESI:0069e857 EDI:006a1200 Stack dump: 0x0033fde4: 7ffdf000 0069d080 0033fe28 0033fe04 0x0033fdf4: 7ffdf000 7b42943d 7b4629fe 00000000 0x0033fe04: 7b4616d9 7ffdf000 7b4629bc 7b4629bc 0x0033fe14: 7b4629bc 0033fe78 7b46299c 00000002 0x0033fe24: 7b63c000 0033fe78 7b4629bc 7ffdf000 0x0033fe34: 0069d080 7b42943d 7b4629fe 00000000 000c: sel=0067 base=00000000 limit=00000000 32-bit r-x Backtrace: =>0 0x006a1200 in sr2005_demo (+0x2a1200) (0x002177bb) 0x006a1200: rorb %cl,0xa6f0bc3d(%ebp) Modules: Module Address Debug info Name (19 modules) PE 400000- 76c000 Export sr2005_demo ELF 7b400000-7b7ec000 Deferred kernel32<elf> -PE 7b410000-7b7ec000 \ kernel32 ELF 7bc00000-7bd01000 Deferred ntdll<elf> -PE 7bc10000-7bd01000 \ ntdll ELF 7c000000-7c004000 Deferred <wine-loader> ELF 7ebd8000-7ebfb000 Deferred libtinfo.so.5 ELF 7ebfb000-7ec21000 Deferred libncurses.so.5 ELF 7ef51000-7ef64000 Deferred libnss_files.so.2 ELF 7ef64000-7ef71000 Deferred libnss_nis.so.2 ELF 7ef71000-7ef8c000 Deferred libnsl.so.1 ELF 7ef8c000-7efe1000 Deferred libm.so.6 ELF f73e4000-f73e9000 Deferred libdl.so.2 ELF f73e9000-f75a0000 Deferred libc.so.6 ELF f75a0000-f75bd000 Deferred libpthread.so.0 ELF f75d2000-f75dc000 Deferred libnss_compat.so.2 ELF f75dc000-f77ab000 Dwarf libwine.so.1 ELF f77ac000-f77d1000 Deferred ld-linux.so.2 ELF f77d3000-f77d4000 Deferred [vdso].so Threads: process tid prio (all id:s are in hex) ... 00000036 (D) Z:\home\vboxuser\Downloads\JoWooD\Ski Racing 2005 Demo\SR2005_Demo.exe ["Z:\home\vboxuser\Downloads\JoWooD\Ski Racing 2005 Demo\SR2005_Demo.exe"] 00000037 0 <== ... System information: Wine build: wine-2.5 (Staging) Platform: i386 Version: Windows XP Host system: Linux Host version: 4.4.0-200-generic --- snip ---

To rule out corruption issues with the installer/unpacking process I've checked multiple download sites but they all ended up with same sha1 of the installer.

'SkiRacing2005-Demo-Setup1.exe':

https://www.virustotal.com/gui/file/a0ba5bfd6337e5257123969da783fac32991bac1...

Installed main binary 'SR2005_Demo.exe':

https://www.virustotal.com/gui/file/2b8cb8a5fcc7388ec6a6f50c8afc9103287c26df...

The protection code uses various obfuscation and anti-debugging tricks that work even on older Wine versions.

Some techniques are incompatible with modern Windows OS though. For example it writes/executes decryption routines on the stack which is a no-go for DEP enabled systems. It also places code in "invisible" area above current top ESP, a technique which in the past caused problems with Wine's signal stack / exception context saving.

--- snip --- decrypt_timing_calc_routine: ... 0031FD6C | F2:89EA | mov edx,ebp | 0031FD6F | C6C2 FB | mov dl,FB | 0031FD72 | 2E64:89FB | mov ebx,edi | 0031FD76 | 61 | popad | 0031FD77 | 304C31 FF | xor byte ptr ds:[ecx+esi-1],cl | 0031FD7B | E2 FA | loop 31FD77 | 0031FD7D | 60 | pushad | 0031FD7E | B2 0A | mov dl,A | 0031FD80 | 88EB | mov bl,ch | 0031FD82 | 8D0D 72C17C07 | lea ecx,dword ptr ds:[77CC172] | 0031FD88 | 8D35 3191D74E | lea esi,dword ptr ds:[4ED79131] | 0031FD8E | C7C0 5AA8488F | mov eax,8F48A85A | 0031FD94 | B1 F9 | mov cl,F9 | 0031FD96 | F2:88E2 | mov dl,ah | 0031FD99 | 64:C6C2 8A | mov dl,8A | 0031FD9D | C7C0 0B830329 | mov eax,2903830B | 0031FDA3 | 64:8D05 6F7853C7 | lea eax,dword ptr ds:[C753786F] | 0031FDAA | C6C6 18 | mov dh,18 | 0031FDAD | 8D05 CB71DD34 | lea eax,dword ptr ds:[34DD71CB] | 0031FDB3 | F22E:B5 91 | mov ch,91 | 0031FDB7 | C6C5 36 | mov ch,36 | 0031FDBA | F2:88E7 | mov bh,ah | 0031FDBD | 2664:BA 0A1C6679 | mov edx,79661C0A | 0031FDC4 | EB 01 | jmp 31FDC7 | ... 0031FE59 | B3 1F | mov bl,1F | 0031FE5B | 89EF | mov edi,ebp | 0031FE5D | B3 15 | mov bl,15 | 0031FE5F | 61 | popad | 0031FE60 | FFE6 | jmp esi | 0x0069E857 ... do_execution_timing_checks: 0069E857 | 60 | pushad | 0069E858 | B8 22527CF4 | mov eax,F47C5222 | 0069E85D | BB 0C3EAEF1 | mov ebx,F1AE3E0C | 0069E862 | BA C655E8EE | mov edx,EEE855C6 | 0069E867 | E8 07000000 | call sr2005_demo.69E873 | 0069E86C | E8 02000000 | call sr2005_demo.69E873 | 0069E871 | FF25 60B90500 | jmp dword ptr ds:[5B960] | ... --- snip ---

--- snip --- EAX : 7FFDE030 EBX : 7FFDE000 ECX : 00000155 EDX : FFE98E98 EBP : 002177BB ESP : 0031FF34 ESI : 0069E857 sr2005_demo.0069E857 EDI : 0031FBE3 EIP : 0031FD77 EFLAGS : 00010202 ZF : 0 OF : 0 CF : 0 PF : 0 SF : 0 TF : 0 AF : 0 DF : 0 IF : 1 LastError : 80000001 LastStatus : 80000001 GS : 006B sr2005_demo.63006B ES : 002B CS : 0023 FS : 0063 DS : 002B SS : 002B --- snip ---

EIP = 0031FD77 ESP = 0031FF34 (current top)

Bug 28089 ("exception handling code touches stack for exceptions handled by the debugger"). Interestingly there was still enough space between the context save and the bottom part of the decryption routine to not get corrupted.

---

There are also instruction execution timing related checks but the threshold seems sufficiently large enough to not trigger misbehaviour when being run without debuggers.

Anti-debug timing measurements:

--- snip --- 0069E85D | mov ebx,F1AE3E0C | 0069E862 | mov edx,EEE855C6 | 0069E867 | call sr2005_demo.69E873 | 0069E86C | call sr2005_demo.69E873 | 0069E871 | jmp dword ptr ds:[5B960] | *boom* ... 0069E873 | pushad | 0069E874 | mov ecx,5 | timing loop_count = 5 0069E879 | call sr2005_demo.69E87F | ... 0069E87F | add dword ptr ss:[esp],7 | 0069E883 | ret | ... timing_loop: 0069E885 | rdtsc | start 0069E887 | call sr2005_demo.69E88D | ... 0069E88D | add dword ptr ss:[esp],7 | continuation 0069E891 | ret | ... 0069E893 | mov ebx,eax | Start.LowPart 0069E895 | call sr2005_demo.69E89B | ... 0069E89B | add dword ptr ss:[esp],7 | continuation 0069E89F | ret | ... 0069E8A1 | rdtsc | stop 0069E8A3 | call sr2005_demo.69E8A9 | ... 0069E8A9 | add dword ptr ss:[esp],7 | continuation 0069E8AD | ret | ... 0069E8AF | sub eax,ebx | End.LowPart 0069E8B1 | call sr2005_demo.69E8B7 | ... 0069E8B7 | add dword ptr ss:[esp],7 | continuation 0069E8BB | ret | ... 0069E8BD | and eax,FFFF0000 | elapsed ticks > 0xffff? 0069E8C2 | call sr2005_demo.69E8C8 | ... 0069E8C8 | add dword ptr ss:[esp],7 | 0069E8CC | ret | ... 0069E8CE | cmp eax,0 | 0069E8D1 | je sr2005_demo.69E8F1 | no debug 0069E8D3 | call sr2005_demo.69E8D9 | ... 0069E8D9 | add dword ptr ss:[esp],7 | continuation 0069E8DD | ret | ... 0069E8DF | dec ecx | loop_count 0069E8E0 | jne sr2005_demo.69E885 | timing_loop 0069E8E2 | call sr2005_demo.69E8E8 | ... 0069E8E8 | add dword ptr ss:[esp],7 | continuation 0069E8EC | ret | ... 0069E8EE | popad | 0069E8EF | ret | ... no_debug: 0069E8F1 | popad | 0069E8F2 | call sr2005_demo.69E8F8 | ... 0069E8F8 | add dword ptr ss:[esp],7 | continuation 0069E8FC | ret | ... 0069E8F8 | add dword ptr ss:[esp],7 | continuation 0069E8FC | ret | ... 0069E8FE | add dword ptr ss:[esp],9A | continuation 0069E905 | ret | ... 0069E906 | call sr2005_demo.69E917 | ... 0069E917 | call sr2005_demo.69E90D | ... 0069E90D | jmp sr2005_demo.69E920 | ... 0069E920 | ret 4 | ... 0069E91C | jmp sr2005_demo.69E911 | ... 0069E911 | jmp sr2005_demo.69E925 | ... decrypt_next_routine: 0069E925 | mov ecx,65529 | 0069E92A | lea esi,dword ptr ss:[ebp+4871F1] | 0069E930 | call sr2005_demo.69E941 | 0069E935 | jmp E97BD52B | ... --- snip ---

The decryption uses hardware breakpoints by design.

I've compared the exception context register values up to the crash site from Louis' "good run" in comment #22 and Wine 6.0. All relevant register "seed" values seem to match in each decrypt iteration. The crash site contains invalid opcode indicating something went wrong in the last decryption process or in the previous chain (different jump destination). Although still obfuscated, the overall decrypted code doesn't seem systematically wrong. There are still sequences that resemble previous decryption routines (chained decryption).

Summarizing:

No one except Louis managed to run the demo who at that time used Ubuntu LTS 16.04.1 with prebuilt Wine 2.5 and Wine-Staging 2.5 (comment #23). I couldn't replicate his observation with same software environment in a VM. The demo doesn't run on Windows XP and Windows Vista according to comment #18 (albeit in VM).

I can't completely rule out that a VM might somehow play a role. But from what I've seen so far, the protection doesn't have code for detecting Virtualization / Hypervisor presence (backdoor, timing analysis other than anti-debug, certain privileged instructions, registry).

If someone has a machine with Windows XP/Windows 7 or old Ubuntu 16.04 LTS not being run as virtualized guest it would be nice to know if the demo runs there. Then there might be a chance to figure out what's going on. Although somewhat challenging I don't want to spend multiple days on this since no other app/game wrapped with JoWood X-Prot has been reported to be affected as well.

$ sha1sum SkiRacing2005-Demo-Setup1.exe d7684789b7de45fb909fc11846f5a1f24fd7d7cc SkiRacing2005-Demo-Setup1.exe

$ du -sh SkiRacing2005-Demo-Setup1.exe 42M SkiRacing2005-Demo-Setup1.exe

$ wine --version wine-6.0-40-g00401d22782

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

18 Jan 18 Jan

6:45 p.m.

New subject: [Bug 41469] 'Ski Racing 2005 featuring Hermann Maier' crashes on startup (JoWood X-Prot v1.5.9.49 protection scheme)

https://bugs.winehq.org/show_bug.cgi?id=41469

--- Comment #27 from Luca Weiss bugzilla@z3ntu.xyz --- fwiw I've tried today the original demo version from a physical CD (that I've also used in 2016) on a bare metal Windows Vista install and it still runs fine there, and as it crashes in my Windows Vista VM there's definitely some interesting trickery going on.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

1454

Age (days ago)

3016

Last active (days ago)

wine-bugs@winehq.org

32 comments

2 participants

tags (0)

participants (2)

wine-bugs＠winehq.org
WineHQ Bugzilla