[Bug 44438] New: 64-bit DOOM (2016) demo (Steam) hangs on launch ( Denuvo Anti-Tamper x64 #2)
https://bugs.winehq.org/show_bug.cgi?id=44438
Bug ID: 44438 Summary: 64-bit DOOM (2016) demo (Steam) hangs on launch (Denuvo Anti-Tamper x64 #2) Product: Wine Version: 3.0 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
follow-up of bug 40623
It hangs in Denuvo's x64 virtual machine code.
--- snip -- $ pwd /home/focht/wine-games/wineprefix64-steam/drive_c/Program Files (x86)/Steam
$ WINEDEBUG=+seh,+loaddll,+process,+msgbox,+debugstr wine ./steam.exe -no-cef-sandbox -applaunch 479030 -allowdebug -nominidumps -nobreakpad -windowed ... 0067:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\crypt32.dll" at 0x7fd764790000: builtin 0067:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\imagehlp.dll" at 0x7fd764530000: builtin 0067:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\setupapi.dll" at 0x7fd7642a0000: builtin 0067:trace:loaddll:load_native_dll Loaded L"C:\Program Files (x86)\Steam\tier0_s64.dll" at 0x3f000000: native 0067:trace:loaddll:load_native_dll Loaded L"C:\Program Files (x86)\Steam\vstdlib_s64.dll" at 0x3f600000: native 0067:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\mswsock.dll" at 0x7fd764060000: builtin 0067:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\netapi32.dll" at 0x7fd763bd0000: builtin 0067:trace:loaddll:load_builtin_dll Loaded L"C:\windows\system32\secur32.dll" at 0x7fd763e20000: builtin 0067:trace:loaddll:load_native_dll Loaded L"C:\Program Files (x86)\Steam\steamclient64.dll" at 0x38000000: native ... 0040:warn:debugstr:OutputDebugStringA "Game update: AppID 479030 "", ProcID 102, IP 0.0.0.0:0\n" 0040:trace:seh:raise_exception code=40010006 flags=0 addr=0x7b4464df ip=7b4464df tid=0040 0040:trace:seh:raise_exception info[0]=00000038 0040:trace:seh:raise_exception info[1]=0fd0b2ec 0040:trace:seh:raise_exception eax=7b434c5d ebx=0fd0b0c4 ecx=00000008 edx=0fd0af24 esi=0fd0b2ec edi=00000000 0040:trace:seh:raise_exception ebp=0fd0af68 esp=0fd0af04 cs=0023 ds=002b es=fd0002b fs=fd00063 gs=11006b flags=00000212 0040:trace:seh:call_stack_handlers calling handler at 0x7b48e5d1 code=40010006 flags=0 0040:trace:seh:__regs_RtlUnwind code=40010006 flags=2 0040:trace:seh:__regs_RtlUnwind eax=00000000 ebx=7b48e56d ecx=0fd0af10 edx=0fd0af10 esi=0fd0afa4 edi=7b48e56d 0040:trace:seh:__regs_RtlUnwind ebp=0fd0aa38 esp=0fd0aa08 eip=7b48e556 cs=0023 ds=002b fs=0063 gs=006b flags=00000202 0040:trace:seh:__regs_RtlUnwind calling handler at 0x7bc8ef2e code=40010006 flags=2 0040:trace:seh:__regs_RtlUnwind handler at 0x7bc8ef2e returned 1 Setting breakpad minidump AppID = 479030 Steam_SetMinidumpSteamID: Caching Steam ID: 76561197970857714 [API loaded no] 0067:trace:seh:NtRaiseException code=80000004 flags=0 addr=0x15a072fd0 ip=15a072fd0 tid=0067 0067:trace:seh:NtRaiseException rax=0000000001a4d2b0 rbx=0000000001aa04e0 rcx=fffffffffffffffe rdx=0000000000000000 0067:trace:seh:NtRaiseException rsi=000000015a3bf1d5 rdi=0000000001aa078a rbp=000000000033fdc0 rsp=000000000032eab8 0067:trace:seh:NtRaiseException r8=0000000000000000 r9=0000000000000000 r10=0000000000000008 r11=0000000000000246 0067:trace:seh:NtRaiseException r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 0067:trace:seh:call_vectored_handlers calling handler at 0x159f70d00 code=80000004 flags=0 0067:trace:seh:call_vectored_handlers handler at 0x159f70d00 returned ffffffff <spins> ... --- snip ---
--- snip --- $ wine64 winedbg
Wine-dbg>info process pid threads executable (all id:s are in hex) 00000027 4 'explorer.exe' 0000000e 5 'services.exe' 00000020 4 _ 'winedevice.exe' 0000001a 3 _ 'plugplay.exe' 00000011 4 _ 'winedevice.exe' 00000008 28 'steam.exe' 00000066 1 _ 'DOOMx64.exe' 00000031 22 _ 'steamwebhelper.exe'
Wine-dbg>attach 0x66 0x00000001595c455e: movzbq %al,%rax
Wine-dbg>bt Backtrace: =>0 0x00000001595c455e in doomx64 (+0x195c455e) (0x000000000032ea86) --- snip ---
ProtectionID scan:
--- snip --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> Z:\home\focht\wine-games\wineprefix64-steam\drive_c\Program Files (x86)\Steam\steamapps\common\DOOM Demo\DOOMx64.exe File Type : 64-Bit Exe (Subsystem : Win GUI / 2), Size : 116719104 (06F4FE00h) Byte(s) | Machine: 0x8664 (AMD64) [!] Warning -> File needs higher OS (Current OS : 05.01, Requires OS: 06.00) [!] Warning : File is 64 Bit, this os is NOT Compilation TimeStamp : 0x579005F1 -> Wed 20th Jul 2016 23:14:57 (GMT) [TimeStamp] 0x579005F1 -> Wed 20th Jul 2016 23:14:57 (GMT) | PE Header | - | Offset: 0x00000000:000000E0 | VA: 0x00000001:400000E0 | - [TimeStamp] 0x579005F0 -> Wed 20th Jul 2016 23:14:56 (GMT) | Export | - | Offset: 0x00000000:0383E8D4 | VA: 0x00000001:5A3F0CD4 | - [TimeStamp] 0x579005F1 -> Wed 20th Jul 2016 23:14:57 (GMT) | DebugDirectory | - | Offset: 0x00000000:0383E894 | VA: 0x00000001:5A3F0C94 | - [TimeStamp] 0x579005F1 -> Wed 20th Jul 2016 23:14:57 (GMT) | DebugDirectory | - | Offset: 0x00000000:0383E8B0 | VA: 0x00000001:5A3F0CB0 | - -> Section [0x9] '.rdata ' has a higher physical size than virtual size.. [LoadConfig] Struct determined as v8 (Expected size 232 | Actual size 112) [LoadConfig] CodeIntegrity -> Flags 0x6E6F | Catalog 0x635C (25436) | Catalog Offset 0x5C65646F | Reserved 0x6C697562 [LoadConfig] GuardAddressTakenIatEntryTable 0x695A5C6D:61625C64 | Count 0x34366E69775C6E6F (8759824412002546287) [LoadConfig] GuardLongJumpTargetTable 0x70696873:5C6C675F | Count 0x61746572676E6970 (16350180981735289200) [LoadConfig] HybridMetadataPointer 0xE20613A4:9E21600D | DynamicValueRelocTable 0x445C6C69:784D4F4F [LoadConfig] FailFastIndirectProc 0xF:00000737 | FailFastPointer 0x5AD:00000000 [LoadConfig] UnknownZero1 0x292A068 0 [File Heuristics] -> Flag #1 : 00000100000001001100001100100001 (0x0404C321) [Entrypoint Section Entropy] : 4.80 (section #6) ".rsrc " | Size : 0x15D (349) byte(s) [DllCharacteristics] -> Flag : (0x8120) -> HEVA | DEP | TSA [SectionCount] 10 (0xA) | ImageSize 0x1DB02000 (498081792) byte(s) [Export] 0% of function(s) (8 of 3076) are in file | 0 are forwarded | 8 code | 3068 data | 0 uninit data | 0 unknown | [VersionInfo] Company Name : id Software [VersionInfo] Product Name : DOOM [VersionInfo] Product Version : 6. 1. 1. 2303 [VersionInfo] File Description : DOOM [VersionInfo] File Version : 6. 1. 1. 720 [VersionInfo] Original FileName : DOOMx64.exe [VersionInfo] Internal Name : DOOM [VersionInfo] Legal Copyrights : Copyright © 2016 id Software [ModuleReport] [IAT] Modules -> ADVAPI32.dll | DINPUT8.dll | GDI32.dll | IMM32.dll | IPHLPAPI.DLL | KERNEL32.dll | MSIMG32.dll | OLEACC.dll | OLEAUT32.dll | OPENGL32.dll | PSAPI.DLL | SHELL32.dll | SHLWAPI.dll | USER32.dll | UxTheme.dll | VERSION.dll | WINHTTP.dll | WININET.dll | WINMM.dll | WINSPOOL.DRV | WSOCK32.dll | XINPUT1_3.dll | bcrypt.dll | bink2w64.dll | dbghelp.dll | gdiplus.dll | ole32.dll | steam_api64.dll [Debug Info] (record 1 of 2) (file offset 0x383E890) Characteristics : 0x0 | TimeDateStamp : 0x579005F1 (Wed 20th Jul 2016 23:14:57 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x66 (102) AddressOfRawData : 0x1A40C61C | PointerToRawData : 0x385A21C CvSig : 0x53445352 | SigGuid 2E080B63-11B3-4C8F-B91B38449E46D0C5 Age : 0x2 (2) | Pdb : DOOMx64.pdb [Debug Info] (record 2 of 2) (file offset 0x383E8AC) Characteristics : 0x0 | TimeDateStamp : 0x579005F1 (Wed 20th Jul 2016 23:14:57 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 12 (0xC) -> Undocumented | Size : 0x14 (20) AddressOfRawData : 0x1A40C684 | PointerToRawData : 0x18831C84 [Raw/Hidden Debug Record] (File Offset 0x927300) CvSig : 0x53445352 | SigGuid 3EC11F9C-DCEB-48F5-A41306E20D60219E Age : 0x1 (1) | Pdb : Y:\assets\zion\code\build\bam\Zion\win64_gl\shippingretail\DOOMx64.pdb [!] Steam api usage detected [!] Denuvo "Anti-Tamper" x64 variant #2 detected [CdKeySerial] found "Invalid serial" @ VA: 0x01C2F680 / Offset: 0x00058C80 [CdKeySerial] found "Invalid code" @ VA: 0x023F8B80 / Offset: 0x00822180 --- snip ---
$ wine --version wine-3.0-180-g85635db0ea
Regards
https://bugs.winehq.org/show_bug.cgi?id=44438
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation URL| |http://store.steampowered.c | |om/agecheck/app/479030/
https://bugs.winehq.org/show_bug.cgi?id=44438
mirh mirh@protonmail.ch changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mirh@protonmail.ch
https://bugs.winehq.org/show_bug.cgi?id=44438
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|64-bit DOOM (2016) demo |Multiple 64-bit games |(Steam) hangs on launch |protected with Denuvo |(Denuvo Anti-Tamper x64 #2) |Anti-Tamper x64 #2 scheme | |hang on launch (DOOM 2016 | |Steam demo, Football | |Manager 2017)
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
refining summary to collect games with same underlying issue here.
64-bit Football Manager 2017 also encounters this (mentioned in bug 44456).
Regards
https://bugs.winehq.org/show_bug.cgi?id=44438
Alistair Leslie-Hughes leslie_alistair@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |leslie_alistair@hotmail.com
https://bugs.winehq.org/show_bug.cgi?id=44438
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |linards.liepins@gmail.com
--- Comment #2 from Anastasius Focht focht@gmx.net --- *** Bug 44532 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=44438
Sven Arvidsson sa@whiz.se changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sa@whiz.se
https://bugs.winehq.org/show_bug.cgi?id=44438
tokktokk fdsfgs@krutt.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org
https://bugs.winehq.org/show_bug.cgi?id=44438
Robert Walker bob.mt.wya@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bob.mt.wya@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=44438
joaopa jeremielapuree@yahoo.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree@yahoo.fr
--- Comment #3 from joaopa jeremielapuree@yahoo.fr --- Does the bug still occur with wine-5.0?
https://bugs.winehq.org/show_bug.cgi?id=44438
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |DUPLICATE Status|NEW |RESOLVED
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
Spoiler: This is actually a duplicate of bug 29168 ("Multiple games and applications need realtime updates to KSYSTEM_TIME members in KUSER_SHARED_DATA (Star Wars: The Old Republic game client, Blizzard games, GO 1.4+ runtime)").
Relay tracing and/or debugging Denuvo's x64 VM code isn't very fun so I went with a selection of Wine-Staging patches. I started with an educated guess: fakedll/thunk/syscall patches -> https://github.com/wine-staging/wine-staging/tree/master/patches/winebuild-F... . That already seemed to help hence I started removing the commits one by one.
I ended up with: https://github.com/wine-staging/wine-staging/tree/master/patches/ntdll-User_... - a prerequisite to winebuild-Fake_Dlls patchset.
Tested with https://github.com/wine-staging/wine-staging/blob/master/patches/ntdll-User_...
--- snip --- $ git log --oneline -n3 f6ab88b5e8 (HEAD -> master) server: Add USD support with timestamp updates. 67f1358d03 ntdll/tests: Test user_shared_data timestamp updates. d1f858e03d (origin/master, github-rmi1974/master) dmime: Parse lyric track data. --- snip ---
$ wine --version wine-5.7-172-gf6ab88b5e8
Regards
*** This bug has been marked as a duplicate of bug 29168 ***
https://bugs.winehq.org/show_bug.cgi?id=44438
Alistair Leslie-Hughes leslie_alistair@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Alistair Leslie-Hughes leslie_alistair@hotmail.com --- Closing Duplicate
-
wine-bugs@winehq.org -
WineHQ Bugzilla