[Bug 47044] New: 64-bit MRAC Anti-Cheat (My.Com Warface) kernel service fails in driver entry point due to missing ' ntoskrnl.exe.{ExAcquireFastMutex,ExReleaseFastMutex}'
https://bugs.winehq.org/show_bug.cgi?id=47044
Bug ID: 47044 Summary: 64-bit MRAC Anti-Cheat (My.Com Warface) kernel service fails in driver entry point due to missing 'ntoskrnl.exe.{ExAcquireFastMutex,ExReleaseFastMutex}' Product: Wine Version: 4.6 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
as it says.
Download:
https://web.archive.org/web/20190331063634/http://static.gc.my.com/WarfaceMy...
--- snip --- $ pwd /home/focht/.wine/drive_c/users/focht/Local Settings/Application Data/GameCenter
$ WINEDEBUG=+seh,+loaddll,+process,+relay,+ntoskrnl,+service wine ./GameCenter.exe >>log.txt 2>&1 ... 00d4:trace:ntoskrnl:ZwLoadDriver (L"\Registry\Machine\System\CurrentControlSet\Services\mracdrv") ... 00d4:trace:service:QueryServiceConfigW Image path = L"\SystemRoot\System32\drivers\mracdrv.sys" 00d4:trace:service:QueryServiceConfigW Group = L"" 00d4:trace:service:QueryServiceConfigW Dependencies = L"" 00d4:trace:service:QueryServiceConfigW Service account name = L"LocalSystem" 00d4:trace:service:QueryServiceConfigW Display name = L"MRAC Driver" ... 00d4:trace:ntoskrnl:load_driver loading driver L"C:\windows\System32\drivers\mracdrv.sys" 00d4:Call KERNEL32.LoadLibraryW(000277b0 L"C:\windows\System32\drivers\mracdrv.sys") ret=7f6da7d4ab3c 00d4:trace:loaddll:load_native_dll Loaded L"C:\windows\System32\drivers\mracdrv.sys" at 0x140000000: native 00d4:Ret KERNEL32.LoadLibraryW() retval=140000000 ret=7f6da7d4ab3c ... 00d4:Call driver init 0x140098005 (obj=0x27900,str=L"\Registry\Machine\System\CurrentControlSet\Services\mracdrv") ... 00d4:Call ntoskrnl.exe.MmGetSystemRoutineAddress(0002acb8) ret=140df04fe ... 00d4:Call KERNEL32.GetModuleHandleW(7f6da7d69280 L"ntoskrnl.exe") ret=7f6da7d572ec 00d4:Ret KERNEL32.GetModuleHandleW() retval=7f6da7d30000 ret=7f6da7d572ec 00d4:Call KERNEL32.GetProcAddress(7f6da7d30000,00010eb0 "ExAcquireFastMutex") ret=7f6da7d572f9 00d4:Ret KERNEL32.GetProcAddress() retval=00000000 ret=7f6da7d572f9 00d4:Call KERNEL32.GetModuleHandleW(7f6da7d69270 L"hal.dll") ret=7f6da7d57364 00d4:Ret KERNEL32.GetModuleHandleW() retval=00000000 ret=7f6da7d57364 ... 00d4:fixme:ntoskrnl:MmGetSystemRoutineAddress L"ExAcquireFastMutex" not found 00d4:Ret ntoskrnl.exe.MmGetSystemRoutineAddress() retval=00000000 ret=140df04fe 00d4:Call ntoskrnl.exe.MmGetSystemRoutineAddress(0002acb8) ret=140dde090 ... 00d4:Call KERNEL32.GetModuleHandleW(7f6da7d69280 L"ntoskrnl.exe") ret=7f6da7d572ec 00d4:Ret KERNEL32.GetModuleHandleW() retval=7f6da7d30000 ret=7f6da7d572ec 00d4:Call KERNEL32.GetProcAddress(7f6da7d30000,00010eb0 "ExReleaseFastMutex") ret=7f6da7d572f9 00d4:Ret KERNEL32.GetProcAddress() retval=00000000 ret=7f6da7d572f9 00d4:Call KERNEL32.GetModuleHandleW(7f6da7d69270 L"hal.dll") ret=7f6da7d57364 00d4:Ret KERNEL32.GetModuleHandleW() retval=00000000 ret=7f6da7d57364 ... 00d4:fixme:ntoskrnl:MmGetSystemRoutineAddress L"ExReleaseFastMutex" not found 00d4:Ret ntoskrnl.exe.MmGetSystemRoutineAddress() retval=00000000 ret=140dde090 ... 00d4:Ret driver init 0x140098005 (obj=0x27900,str=L"\Registry\Machine\System\CurrentControlSet\Services\mracdrv") retval=c0000001 ... 00d4:trace:ntoskrnl:init_driver init done for L"mracdrv" obj 0x27900 00d4:trace:ntoskrnl:init_driver - DriverInit = 0x140098005 00d4:trace:ntoskrnl:init_driver - DriverStartIo = (nil) 00d4:trace:ntoskrnl:init_driver - DriverUnload = (nil) 00d4:trace:ntoskrnl:init_driver - MajorFunction[0] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[1] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[2] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[3] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[4] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[5] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[6] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[7] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[8] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[9] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[10] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[11] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[12] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[13] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[14] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[15] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[16] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[17] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[18] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[19] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[20] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[21] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[22] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[23] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[24] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[25] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[26] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:init_driver - MajorFunction[27] = 0x7f6da7d514b0 00d4:trace:ntoskrnl:ObDereferenceObject (0x27900) ref=0 ... 00d4:err:ntoskrnl:ZwLoadDriver failed to create driver L"\Registry\Machine\System\CurrentControlSet\Services\mracdrv": c0000001 --- snip ---
Microsoft docs:
https://msdn.microsoft.com/en-us/library/windows/hardware/ff544337(v=vs.85)....
https://msdn.microsoft.com/en-us/library/windows/hardware/ff545549(v=vs.85)....
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/ntoskrnl...
You can leverage from existing 'ntoskrnl.exe.{ExAcquireFastMutexUnsafe,ExReleaseFastMutexUnsafe}' implementations.
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntoskrnl.exe/sync.c#l...
$ sha1sum WarfaceMycomLoader_805e0da40d16630c2fe73ed12399cb48_.exe b07e87a029d6697ad823dc03fdbf297c406a91b9 WarfaceMycomLoader_805e0da40d16630c2fe73ed12399cb48_.exe
$ du -sh WarfaceMycomLoader_805e0da40d16630c2fe73ed12399cb48_.exe 6.8M WarfaceMycomLoader_805e0da40d16630c2fe73ed12399cb48_.exe
$ wine --version wine-4.6-61-g085e58878f
Regards
https://bugs.winehq.org/show_bug.cgi?id=47044
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, obfuscation, | |win64 URL| |https://web.archive.org/web | |/20190331063634/http://stat | |ic.gc.my.com/WarfaceMycomLo | |ader.exe#0.7927247509897362
https://bugs.winehq.org/show_bug.cgi?id=47044
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Fixed by SHA1| |ed140a7ac5a57d8b64d2cf3afba | |3610b8c10698b Status|NEW |RESOLVED
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/ed140a7ac5a57d8b64d2cf3afb... ("ntoskrnl.exe: Implement ExAcquireFastMutex and ExReleaseFastMutex.")
Thanks Jacek
$ wine --version wine-4.8-163-g07e249e431
Regards
https://bugs.winehq.org/show_bug.cgi?id=47044
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #2 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 4.9.
-
wine-bugs@winehq.org