[Bug 37449] New: Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

List overview All Threads

newer

older

[Bug 37494] New: Quicken 2014 -...

[Bug 9628] New: msiexec command...

wine-bugs＠winehq.org

25 Oct 2014 25 Oct '14

9:42 a.m.

https://bugs.winehq.org/show_bug.cgi?id=37449

Bug ID: 37449 Summary: Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support) Product: Wine Version: 1.7.29 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---

Hello folks,

as the summary says ...

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Lexware/Quicken/2014

$ WINEDEBUG=+tid,+seh,+relay wine ./QwStart.exe >>log.txt 2>&1 ... 007a:Call KERNEL32.LocalAlloc(00000040,0004d600) ret=1000140b 007a:Ret KERNEL32.LocalAlloc() retval=00772db8 ret=1000140b 007a:Call ntdll.RtlDecompressBuffer(00000002,00772db8,0004d600,100111b0,00032039,0033f5f8) ret=1000142d 007a:fixme:ntdll:RtlDecompressBuffer 0x0002, 0x772db8, 316928, 0x100111b0, 204857, 0x33f5f8 :stub 007a:Ret ntdll.RtlDecompressBuffer() retval=c0000002 ret=1000142d ... 007a:Call user32.LoadStringA(00400000,000000c8,0033fb88,00000100) ret=004013e1 007a:Ret user32.LoadStringA() retval=00000032 ret=004013e1 007a:Call user32.MessageBoxA(000300ec,0033f780 "Quicken 2014 konnte nicht gestartet werden! (Fehler: 0x0000054f)",00402218 "Quicken 2014",00000010) ret=00401483 ... --- snip ---

Source: http://source.winehq.org/git/wine.git/blob/0669a8aca2dec4eaf6632e368832a8aec...

--- snip --- 1246 NTSTATUS WINAPI RtlDecompressBuffer(USHORT CompressionFormat, PUCHAR UncompressedBuffer, 1247 ULONG UncompressedBufferSize, PUCHAR CompressedBuffer, 1248 ULONG CompressedBufferSize, PULONG FinalUncompressedSize) 1249 { 1250 FIXME("0x%04x, %p, %u, %p, %u, %p :stub\n", CompressionFormat, UncompressedBuffer, UncompressedBufferSize, 1251 CompressedBuffer, CompressedBufferSize, FinalUncompressedSize); 1252 1253 return STATUS_NOT_IMPLEMENTED; 1254 } --- snip ---

MSDN: http://msdn.microsoft.com/en-us/library/windows/hardware/ff552191%28v=vs.85%...

$ sha1sum Quicken_2014tb.exe 2374d907e2ee568f1f93dba48afd602723dcad6f Quicken_2014tb.exe

$ du -sh Quicken_2014tb.exe 319M Quicken_2014tb.exe

$ wine --version wine-1.7.29-57-gfbf2557

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

Show replies by date

wine-bugs＠winehq.org

25 Oct 25 Oct

9:42 a.m.

New subject: [Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

https://bugs.winehq.org/show_bug.cgi?id=37449

Anastasius Focht focht@gmx.net changed:

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

30 Oct 30 Oct

5:58 p.m.

New subject: [Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

https://bugs.winehq.org/show_bug.cgi?id=37449

Sebastian Lackner sebastian@fds-team.de changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de

--- Comment #1 from Sebastian Lackner sebastian@fds-team.de --- The following patchset implements RtlDecompressBuffer: https://github.com/wine-compholio/wine-staging/tree/master/patches/ntdll-LZN...

Unfortunately it doesn't really solve the problem. I am not sure if this is a remaining issue with the implementation, or if something else is going wrong. Could you maybe take a look?

I noticed that a couple of new lines appeared, but not sure if they are relevant:

--- snip --- [...] 0031:Call ntdll.LdrFindEntryForAddress(7b810000,0033f5b8) ret=10004889 0031:Ret ntdll.LdrFindEntryForAddress() retval=00000000 ret=10004889 0031:Call ntdll.RtlAcquirePebLock() ret=100041e0 0031:Ret ntdll.RtlAcquirePebLock() retval=00000000 ret=100041e0 0031:Call ntdll.RtlFindClearBitsAndSet(7bce606c,00000001,00000000) ret=100041fa 0031:Ret ntdll.RtlFindClearBitsAndSet() retval=00000006 ret=100041fa 0031:Call ntdll.RtlReleasePebLock() ret=10004263 0031:Ret ntdll.RtlReleasePebLock() retval=00000000 ret=10004263 [...] --- snip ---

The weird thing is the return address, the application seems to mess around manually with the TEB (in this case modifying the TlsBitmap) instead of using API calls?!

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

8:55 p.m.

New subject: [Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

https://bugs.winehq.org/show_bug.cgi?id=37449

--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello Sebastian,

the patch is fine, a PE is unpacked in memory (later started as process).

--- quote --- The weird thing is the return address, the application seems to mess around manually with the TEB (in this case modifying the TlsBitmap) instead of using API calls?! --- quote ---

Yes, the code messes with loader/internal data structures. In this case it reads/writes to TLS slots, bypassing native API.

Lexware uses 'Promon Shield SDK' to protect their app:

--- snip --- -=[ ProtectionID v0.6.5.5 OCTOBER]=- (c) 2003-2013 CDKiLLER & TippeX Build 31/10/13-21:09:09 Ready... Scanning -> C:\Program Files\Lexware\Quicken\2014\HmgShield.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 282480 (044F70h) Byte(s) -> File Appears to be Digitally Signed @ Offset 043800h, size : 01770h / 06000 byte(s) [File Heuristics] -> Flag : 00000100000001001001000100000100 (0x04049104) [Entrypoint Section Entropy] : 6.56 [Debug Info] Characteristics : 0x0 | TimeDateStamp : 0x503F76CD | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 -> CodeView | Size : 0x60 (96) AddressOfRawData : 0xFAD0 | PointerToRawData : 0xEED0 CvSig : 0x53445352 | SigGuid 94848F81-2D3F-4915-9D4EBAB4605DCADB Age : 0x1 | Pdb : d:\dev\shield\2.3-win8\src\shield-sdk-dll\release\promon-shield-sdk.pdb ---- snip ---

Anyway, those are different issues.

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

31 Oct 31 Oct

2:29 p.m.

New subject: [Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

https://bugs.winehq.org/show_bug.cgi?id=37449

Michael Müller michael@fds-team.de changed:

What |Removed |Added ---------------------------------------------------------------------------- Blocks| |37487

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

7:47 p.m.

New subject: [Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

https://bugs.winehq.org/show_bug.cgi?id=37449

Michael Müller michael@fds-team.de changed:

What |Removed |Added ---------------------------------------------------------------------------- Blocks| |37488

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

1 Nov 1 Nov

11:22 p.m.

New subject: [Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

https://bugs.winehq.org/show_bug.cgi?id=37449

--- Comment #3 from Sebastian Lackner sebastian@fds-team.de --- Michael told me that he found a note, that all Promon Shield issues can be worked around by adding:

--- snip --- [DEBUG] PROMONSHIELD=0 --- snip ---

at the end of

$WINEPREFIX/drive_c/users/Public/Application\ Data/Lexware/Quicken/2014/QUICKEN.INI

The main application starts up (without needing LZNT1 decompression), but then crashes because of a different issue. Will open a separate bug report for that.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

11 Feb 11 Feb

4:07 p.m.

New subject: [Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

https://bugs.winehq.org/show_bug.cgi?id=37449

Sebastian Lackner sebastian@fds-team.de changed:

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

10 Jul 10 Jul

5:33 p.m.

New subject: [Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

https://bugs.winehq.org/show_bug.cgi?id=37449

--- Comment #4 from Sebastian Lackner sebastian@fds-team.de --- This should be fixed by http://source.winehq.org/git/wine.git/commit/e3503799d975a0adfcad2ef961ec898...

Could you please retest?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

11:42 p.m.

New subject: [Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (Promon Shield DRM needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

https://bugs.winehq.org/show_bug.cgi?id=37449

Anastasius Focht focht@gmx.net changed:

--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,

this is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/e3503799d975a0adfcad2ef961...

Thanks Sebastian

--- snip --- ... 002d:Ret wintrust.WinVerifyTrust() retval=00000000 ret=10001929 002d:Call KERNEL32.LocalAlloc(00000040,0004d600) ret=1000140b 002d:Ret KERNEL32.LocalAlloc() retval=00786f58 ret=1000140b 002d:Call ntdll.RtlDecompressBuffer(00000002,00786f58,0004d600,100111b0,00032039,0032f608) ret=1000142d 002d:trace:ntdll:RtlDecompressBuffer 0x0002, 0x786f58, 316928, 0x100111b0, 204857, 0x32f608 002d:trace:ntdll:RtlDecompressFragment 0x0002, 0x786f58, 316928, 0x100111b0, 204857, 0, 0x32f608, (nil) 002d:Ret ntdll.RtlDecompressBuffer() retval=00000000 ret=1000142d 002d:Call ntdll.memset(100438ec,00000000,00000034) ret=1000c4b3 002d:Ret ntdll.memset() retval=100438ec ret=1000c4b3 002d:Call ntdll.NtCreateEvent(100438f8,00100003,00000000,00000001,00000000) ret=10003fcd 002d:Ret ntdll.NtCreateEvent() retval=00000000 ret=10003fcd 002d:Call ntdll.NtCreateSemaphore(10043908,00100003,00000000,00000000,7fffffff) ret=1000c4e4 002d:Ret ntdll.NtCreateSemaphore() retval=00000000 ret=1000c4e4 002d:Call ntdll.NtCreateSemaphore(1004390c,00100003,00000000,00000000,7fffffff) ret=1000c4fa 002d:Ret ntdll.NtCreateSemaphore() retval=00000000 ret=1000c4fa 002d:Call ntdll.wcsstr(1000e2fc L"kernel32.dll",1000e2e8 L"ntdll.dll") ret=10004580 002d:Ret ntdll.wcsstr() retval=00000000 ret=10004580 002d:Call ntdll.RtlInitUnicodeString(0032f580,1000e2fc L"kernel32.dll") ret=100045ba 002d:Ret ntdll.RtlInitUnicodeString() retval=0032f580 ret=100045ba 002d:Call ntdll.LdrGetDllHandle(00000000,00000000,0032f580,0032f588) ret=1000464c 002d:Ret ntdll.LdrGetDllHandle() retval=00000000 ret=1000464c 002d:Call ntdll.LdrFindEntryForAddress(7b820000,0032f5b8) ret=10004889 002d:Ret ntdll.LdrFindEntryForAddress() retval=00000000 ret=10004889 ... --- snip ---

The PE (dll) is successfully uncompressed to memory. I dumped the buffer from memory to disk.

--- snip --- -=[ ProtectionID v0.6.6.7 DECEMBER]=- (c) 2003-2015 CDKiLLER & TippeX Build 24/12/14-22:48:13 Ready... Scanning -> Z:\home\focht\Downloads\promon-shield-dumped.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 316929 (04D601h) Byte(s) Compilation TimeStamp : 0x503F76CA -> Thu 30th Aug 2012 14:20:58 (GMT) [TimeStamp] 0x503F76CA -> Thu 30th Aug 2012 14:20:58 (GMT) | PE Header | - | Offset: 0x000000E8 | VA: 0x100000E8 | - [TimeStamp] 0x503F76CA -> Thu 30th Aug 2012 14:20:58 (GMT) | DebugDirectory | - | Offset: 0x00028EE4 | VA: 0x1002A4E4 | - [File Heuristics] -> Flag #1 : 00000100000001001101000000000000 (0x0404D000) [Entrypoint Section Entropy] : 6.69 (section #0) ".text " | Size : 0x28564 (165220) byte(s) [DllCharacteristics] -> Flag : (0x0140) -> ASLR | DEP [SectionCount] 5 (0x5) | ImageSize 0x59000 (364544) byte(s) [Debug Info] (record 1 of 1) (file offset 0x28EE0) Characteristics : 0x0 | TimeDateStamp : 0x503F76CA (Thu 30th Aug 2012 14:20:58 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x59 (89) AddressOfRawData : 0x3B520 | PointerToRawData : 0x39F20 CvSig : 0x53445352 | SigGuid 3F4A4B99-C516-4F0B-916D806598EC9BE2 Age : 0x1 | Pdb : d:\dev\shield\2.3-win8\src\shield-core\release\promon-shield.pdb [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.406 Second(s) [000000196h (406) tick(s)] [244 of 573 scan(s) done] --- snip ---

The error message "Quicken 2014 konnte nicht gestartet werden! (Fehler: 0x0000054f)" following is a different issue.

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

28 Jul 28 Jul

6:31 p.m.

New subject: [Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (Promon Shield DRM needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

https://bugs.winehq.org/show_bug.cgi?id=37449

Alexandre Julliard julliard@winehq.org changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED

--- Comment #6 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.48.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

26 Jul 26 Jul

9:53 a.m.

New subject: [Bug 37449] Lexware Quicken 2014 Deluxe reports error 0x0000054f on startup (Promon Shield DRM needs RtlDecompressBuffer with COMPRESSION_FORMAT_LZNT1 support)

https://bugs.winehq.org/show_bug.cgi?id=37449

Anastasius Focht focht@gmx.net changed:

--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello folks,

adding stable download links via Internet Archive for documentation.

https://web.archive.org/web/20210726093437/https://www.pc-magazin.de/filedow...

$ sha1sum Quicken_2014tb.exe 2374d907e2ee568f1f93dba48afd602723dcad6f Quicken_2014tb.exe

$ du -sh Quicken_2014tb.exe 319M Quicken_2014tb.exe

I found the original vendor download link as well (wraps the installer in .zip) and created a snapshot.

https://web.archive.org/web/20210726093207/http://download.lexware.de/pub/se...

$ sha1sum quicken-2014-jahresversion.zip eb3bae957bd0ba25d76788e02a136e707fe00691 quicken-2014-jahresversion.zip

$ du -sh quicken-2014-jahresversion.zip 319M quicken-2014-jahresversion.zip

--- snip --- $ 7z l quicken-2014-jahresversion.zip

Listing archive: quicken-2014-jahresversion.zip

-- Path = quicken-2014-jahresversion.zip Type = zip Physical Size = 333528827

Date Time Attr Size Compressed Name ------------------- ----- ------------ ------------ ------------------------ 2013-12-12 16:05:11 ....A 333528657 333528657 Quicken 2014tb.exe ------------------- ----- ------------ ------------ ------------------------ 2013-12-12 16:05:11 333528657 333528657 1 files --- snip ---

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

1264

Age (days ago)

3730

Last active (days ago)

wine-bugs@winehq.org

11 comments

2 participants

tags (0)

participants (2)

wine-bugs＠winehq.org
WineHQ Bugzilla