http://bugs.winehq.org/show_bug.cgi?id=29688
Bug #: 29688 Summary: CHAOS;HEAD crashes on start Product: Wine Version: 1.3.37 Platform: x86 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: doyob@yopmail.com Classification: Unclassified
Created attachment 38508 --> http://bugs.winehq.org/attachment.cgi?id=38508 +relay,+seh log
The game crashes before any window shows up.
http://bugs.winehq.org/show_bug.cgi?id=29688
xangel1@mail.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |xangel1@mail.ru
http://bugs.winehq.org/show_bug.cgi?id=29688
--- Comment #1 from Austin English austinenglish@gmail.com --- This is your friendly reminder that there has been no bug activity for 2 years. Is this still an issue in current (1.7.18 or newer) wine?
http://bugs.winehq.org/show_bug.cgi?id=29688
KarolS stasiu88@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |stasiu88@gmail.com
--- Comment #2 from KarolS stasiu88@gmail.com --- I have experienced a similar issue on Wine 1.7.19.
http://bugs.winehq.org/show_bug.cgi?id=29688
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation Status|UNCONFIRMED |NEW CC| |focht@gmx.net Summary|CHAOS;HEAD crashes on start |CHAOS;HEAD crashes on start | |(in-memory PE image of Wine | |builtins vs. placeholder | |image on disk) Ever confirmed|0 |1
--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
The game uses some custom anti-debugging/reversing protection scheme, probably created by vendor (not detected by 'ProtectionID' or 'ExeInfoPE' tools).
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Nitroplus/CHAOS;HEAD
$ LANG=ja_JP.UTF-8 WINEDEBUG=+tid,+seh,+relay wine ./ChaosHead.exe >>log.txt 2>&1 ... 0023:Call KERNEL32.IsDebuggerPresent() ret=00584cbf 0023:Ret KERNEL32.IsDebuggerPresent() retval=00000000 ret=00584cbf ... 0023:Call KERNEL32._lopen(00676b7c "\\.\NTICE",00000000) ret=00584eb3 0023:Ret KERNEL32._lopen() retval=ffffffff ret=00584eb3 0023:Call KERNEL32.lstrlenA(00676bcc "__ANTICRACK__") ret=006310d7 0023:Ret KERNEL32.lstrlenA() retval=0000000d ret=006310d7 ... 0023:Call KERNEL32._lopen(00676b64 "\\.\SICE",00000000) ret=00584f41 0023:Ret KERNEL32._lopen() retval=ffffffff ret=00584f41 ... 0023:Call KERNEL32._lopen(00676b58 "\\.\TRW",00000000) ret=00584f71 0023:Ret KERNEL32._lopen() retval=ffffffff ret=00584f71 ... 0023:Call KERNEL32._lopen(00676b48 "\\.\SIWVID",00000000) ret=00584fa1 0023:Ret KERNEL32._lopen() retval=ffffffff ret=00584fa1 ... 0023:trace:seh:raise_exception code=80000003 flags=0 addr=0x587fe0 ip=00587fe1 tid=0023 0023:trace:seh:raise_exception eax=0033fe10 ebx=ffffffff ecx=00781308 edx=00000011 esi=00676bc1 edi=0033fd69 0023:trace:seh:raise_exception ebp=0033f968 esp=0033f93c cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00200207 0023:trace:seh:call_stack_handlers calling handler at 0x613830 code=80000003 flags=0 0023:Call ntdll.RtlUnwind(0033f958,0061343c,00000000,00000000) ret=0061343c 0023: eax=00000001 ebx=0033f958 ecx=00000000 edx=7bc825c1 esi=00000000 edi=0064e208 ebp=0033f404 esp=0033f3f4 ds=002b es=002b fs=0063 gs=006b flags=00200202 0023:trace:seh:__regs_RtlUnwind code=c0000027 flags=2 0023:trace:seh:__regs_RtlUnwind calling handler at 0x7bc825c1 code=c0000027 flags=2 0023:trace:seh:__regs_RtlUnwind handler at 0x7bc825c1 returned 1 ...
0023:Call KERNEL32.CreateFileA(008bb410 "C:\windows\system32\Kernel32.dll",80000000,00000003,00000000,00000003,08000000,00000000) ret=005dd078 0023:Ret KERNEL32.CreateFileA() retval=0000005c ret=005dd078 0023:Call KERNEL32.CreateFileA(008bb460 "C:\windows\system32\User32.dll",80000000,00000003,00000000,00000003,08000000,00000000) ret=005dd598 0023:Ret KERNEL32.CreateFileA() retval=00000060 ret=005dd598 0023:Call KERNEL32.CreateFileA(008bb5a0 "C:\windows\system32\Imagehlp.dll",80000000,00000003,00000000,00000003,08000000,00000000) ret=005dd5bd 0023:Ret KERNEL32.CreateFileA() retval=00000064 ret=005dd5bd 0023:Call KERNEL32.CreateFileMappingA(0000005c,00000000,01000002,00000000,00000000,00000000) ret=005dd612 0023:Ret KERNEL32.CreateFileMappingA() retval=00000068 ret=005dd612 0023:Call KERNEL32.CreateFileMappingA(00000060,00000000,01000002,00000000,00000000,00000000) ret=005dd637 0023:Ret KERNEL32.CreateFileMappingA() retval=0000006c ret=005dd637 0023:Call KERNEL32.CreateFileMappingA(00000064,00000000,01000002,00000000,00000000,00000000) ret=005ddabf 0023:Ret KERNEL32.CreateFileMappingA() retval=00000070 ret=005ddabf 0023:Call KERNEL32.MapViewOfFile(00000068,00000004,00000000,00000000,00000000) ret=005ddb09 0023:Ret KERNEL32.MapViewOfFile() retval=10000000 ret=005ddb09 0023:Call KERNEL32.MapViewOfFile(0000006c,00000004,00000000,00000000,00000000) ret=005ddb2a 0023:Ret KERNEL32.MapViewOfFile() retval=00340000 ret=005ddb2a 0023:Call KERNEL32.MapViewOfFile(00000070,00000004,00000000,00000000,00000000) ret=005ddb4b 0023:Ret KERNEL32.MapViewOfFile() retval=00380000 ret=005ddb4b ... 0023:Call KERNEL32.lstrlenA(006894a8 "ANTICRACK_RESOURCE_STRING") ret=006310d7 0023:Ret KERNEL32.lstrlenA() retval=00000019 ret=006310d7 ... 0023:Call KERNEL32.lstrlenA(00689520 "__ANTICRACK_EXPRESSION__") ret=006310d7 0023:Ret KERNEL32.lstrlenA() retval=00000018 ret=006310d7 ... 0023:Call KERNEL32.lstrlenA(0077f8a8 "") ret=006310d7 0023:Ret KERNEL32.lstrlenA() retval=00000000 ret=006310d7 0023:Call KERNEL32.lstrlenA(00689468 "\xa4\xb8\xa4\xa9\xb4\xf5\xb4\xfa\xa4\xb8\xb4\xd9\xb7\xb1\xa4\xb7\xb7\xaf\xa4\xd3\xa4\xbb") ret=006310d7 0023:Ret KERNEL32.lstrlenA() retval=00000016 ret=006310d7 0023:Call KERNEL32.lstrlenA(008bc828 "%\n\x04%\x0b\x08%\n\x04%\n\t%\x0b\x04%\x0f\x05%\x0b\x04%\x0f\n%\n\x04%\x0b\x08%\x0b\x04%\r\t%\x0b\x07%\x0b\x01%\n\x04%\x0b\x07%\x0b\x07%\n\x0f%\n\x04%\r\x03%\n\x04%\x0b\x0b") ret=006314d1 0023:Ret KERNEL32.lstrlenA() retval=00000042 ret=006314d1 0023:Call KERNEL32.lstrlenA(008bb4b0 "\xa4\xb8\xa4\xa9\xb4\xf5\xb4\xfa\xa4\xb8\xb4\xd9\xb7\xb1\xa4\xb7\xb7\xaf\xa4\xd3\xa4\xbb") ret=006314d1 0023:Ret KERNEL32.lstrlenA() retval=00000016 ret=006314d1 0023:Call KERNEL32.InterlockedDecrement(008bb4a4) ret=00631053 0023:Ret KERNEL32.InterlockedDecrement() retval=00000000 ret=00631053 0023:Call KERNEL32.InterlockedDecrement(008bc81c) ret=00631053 0023:Ret KERNEL32.InterlockedDecrement() retval=00000000 ret=00631053 0023:Call KERNEL32.lstrlenA(008bb550 "User32.dll") ret=006314d1 0023:Ret KERNEL32.lstrlenA() retval=0000000a ret=006314d1 0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x10012ed8 ip=10012ed8 tid=0023 0023:trace:seh:raise_exception info[0]=00000000 0023:trace:seh:raise_exception info[1]=ffffffff 0023:trace:seh:raise_exception eax=00000000 ebx=0033fd69 ecx=008bb550 edx=00781310 esi=00002fff edi=005ddbe2 0023:trace:seh:raise_exception ebp=0033f53c esp=0033f2ec cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210202 0023:trace:seh:call_stack_handlers calling handler at 0x64b5f6 code=c0000005 flags=0 0023:Call KERNEL32.GetLastError() ret=0061883c 0023:Ret KERNEL32.GetLastError() retval=00000000 ret=0061883c 0023:trace:seh:call_stack_handlers handler at 0x64b5f6 returned 1 0023:trace:seh:call_stack_handlers calling handler at 0x613830 code=c0000005 flags=0 ... Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:10012ed8 ESP:0033f2ec EBP:0033f53c EFLAGS:00210202( R- -- I - - - ) EAX:00000000 EBX:0033fd69 ECX:008bb550 EDX:00781310 ESI:00002fff EDI:005ddbe2 ... Backtrace: =>0 0x10012ed8 (0x0033f53c) 1 0x005d55c4 in chaoshead (+0x1d55c3) (0x0033f558) 2 0x005cfa3e in chaoshead (+0x1cfa3d) (0x0033f658) 3 0x005cbdb0 in chaoshead (+0x1cbdaf) (0x0033f670) 4 0x005c91f9 in chaoshead (+0x1c91f8) (0x0033f688) 5 0x005efc9b in chaoshead (+0x1efc9a) (0x0033f6a0) 6 0x00587a9c in chaoshead (+0x187a9b) (0x0033f968) 7 0x00584ffb in chaoshead (+0x184ffa) (0x0033fd70) 8 0x0063879f in chaoshead (+0x23879e) (0x0033fe20) 9 0x7b8643b0 call_process_entry+0xb() in kernel32 (0x0033fe38) ... 0x10012ed8: pop %es Modules: Module Address Debug info Name (78 modules) PE 400000- 79b000 Export chaoshead ELF 7b800000-7ba61000 Dwarf kernel32<elf> -PE 7b810000-7ba61000 \ kernel32 ... Threads: process tid prio (all id:s are in hex) ... 00000022 (D) C:\Program Files\Nitroplus\CHAOS;HEAD\ChaosHead.exe 00000023 0 <== --- snip ---
The protection scheme populates the PE export directory of the in-memory core dlls ('kernel32.dll', 'user32.dll', ...) to calculate API entry offsets. It then maps the on-disk core dlls into memory and uses the calculated offsets to retrieve the API entry points from the newly mapped files.
This obviously can't work with Wine.
Bug 15437 is about a similar problem which can be worked around - unlike this one.
$ wine --version wine-1.7.20-102-g889cce4
Regards
https://bugs.winehq.org/show_bug.cgi?id=29688
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX
--- Comment #4 from Austin English austinenglish@gmail.com --- WONTFIX.
https://bugs.winehq.org/show_bug.cgi?id=29688
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Austin English austinenglish@gmail.com --- Closing.
-
wine-bugs@winehq.org