https://bugs.winehq.org/show_bug.cgi?id=49052
Bug ID: 49052 Summary: Japanese Visual Novel "natural Vacation" doesn't start (ENIGMA 5.X protected) Product: Wine Version: 5.7 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: dark.shadow4@web.de Distribution: ---
The program reportedly just exits instead of starting.
Reported on the forums at https://forum.winehq.org/viewtopic.php?f=2&t=33776
Pretty sure this is a deficiency in wine regarding the ENIGMA protector. The demo of the game works just fine, but the full game doesn't.
I don't own the game, and don't know of another affected program, any ideas on how to investigate this? What kind of logs would help? Though I fear ENIGMA might fight debugging...
Note: This needs staging because of bug 43548 (aka bug 21232).
https://bugs.winehq.org/show_bug.cgi?id=49052
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Japanese Visual Novel |Japanese Visual Novel |"natural Vacation" doesn't |"Natural Vacation" doesn't |start (ENIGMA 5.X |start (ENIGMA 5.X |protected) |protected) Keywords| |obfuscation
https://bugs.winehq.org/show_bug.cgi?id=49052
lcrndrrr lcrndrrr@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |lcrndrrr@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=49052
--- Comment #1 from Fabian Maurer dark.shadow4@web.de --- Created attachment 67057 --> https://bugs.winehq.org/attachment.cgi?id=67057 Hack to get it to run
So, I managed to create a hack to get it to start up. Only tested with the download version from DMM though.
Instructions: - Apply wine-staging winebuild-Fake_Dlls patchset, e.g. patchinstall.sh --backend=git-am --force-autoconf winebuild-Fake_Dlls - Apply hack - winetricks d3dcompiler_47 - Run with LC_ALL=ja_JP.UTF-8
The hack covers multiple issues I think, might split up this bugreport once I know more.
Main problem here is that ZwOpenFile relay does not work with the copy protection. What this about plugin.dll is, I don't know for sure.
https://bugs.winehq.org/show_bug.cgi?id=49052
--- Comment #2 from Fabian Maurer dark.shadow4@web.de --- Created attachment 67058 --> https://bugs.winehq.org/attachment.cgi?id=67058 Relay log
Further insight: On windows the game creates two temporary files, under c:/users/USER/Temp with the format evbXXXX.tmp. One of them is empty, the other is a dll which is then loaded. Under wine, only the empty file is created, the temporary dll is not created/loaded and I guess this causes problems.
Adding a +relay log if someone wants to take a look...
https://bugs.winehq.org/show_bug.cgi?id=49052
Paul Gofman pgofman@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |pgofman@codeweavers.com
--- Comment #3 from Paul Gofman pgofman@codeweavers.com --- ZwOpenFile seems to be the same function as NtOpenFile on Windows, so making it a separate entry point looks not quite correct. I guess the effect it does can also be achieved by reverting the last patch of winebuild-Fake_Dlls patchset, but that's would be bringing Wine further away from how it works on Windows. I think the right fix will likely involve making NtOpenFile, NtWriteFile, NtCreateSection, NtMapViewOfSection NtClose and maybe some more functions go through syscall thunks when called from ntdll (as Enigma hotpatches those and apparently expects the patched ones to be called). It is also possible it is more complicated than just that as it may happen to depend on the closer Windows match on how Nt... functions are used from kernelbase and inside ntdll itself.
Regarding missing dll, Enigma provides some (application) dlls through hotpatched ntdll file I/O and mapping functions. Wine loader currently relies on the executable residing on disk (see also Bug #33236 but I am not sure that bug is about exactly the same issue).
Is there any way I can get this game to test?
https://bugs.winehq.org/show_bug.cgi?id=49052
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
from your comments it pretty much looks like standard application virtualization/sandboxing using native API hooking.
Paul already mentioned bug 33236, there are others as well. It could be a combination of multiple issues. Some of these sandboxing schemes rely on the native API call sequence(s) matching Windows loader.
* bug 33236 ("Multiple application virtualization schemes rely on LdrLoadDll to behave like native Windows loader (NtOpenFile, NtXXXSection) (VMWare ThinApp 4.x, BoxedApp)")
* bug 38950 ("Creo Elements/Direct Modeling Express 6.0 .NET based licensing tool crashes on startup (Xenocode VM, 'load_native_dll' must also allow imports resolving for 'EXECUTABLE_IMAGE')")
* bug 23451 ("VMWare Thinapps (packaged with version >4.5) and XenoCode wrapped apps fail to run (differences in process creation sequence at native API level)")
If registry virtualization is involved:
* bug 38956 ("Multiple applications wrapped with Xenocode fail with .NET Framework error (Creo Elements, Neuro-Programmer v2.5)(registry virtualization fails to intercept Wine's root key handles)")
Regards
https://bugs.winehq.org/show_bug.cgi?id=49052
--- Comment #5 from Fabian Maurer dark.shadow4@web.de --- @Anastasius, @Paul Thanks for your comments. I'm not sure what it does, but to be it seems pretty strange. As a small note, the fake "plugin.dll" and "executeAPI" from the patch are enough to get the game to run. Note that on windows, there is no plugin.dll either - only that temporary DLL. Maybe a fallback when the temporary DLL can't be loaded? It only seems need that ZwOpenFile patch when actually having a real DLL called plugin.dll in the folder.
from your comments it pretty much looks like standard application virtualization/sandboxing using native API hooking.
Mh, could be, ENIGMA is known to do that. I don't know how I would debug something like that though - I hope'd it'd be simpler.
Is there any way I can get this game to test?
It's a bit difficult, since it's a paid game. However, I'd be willing to share my account temporarily for debugging purposes, if that'd be ok. Just know that the client is all Japanese and that you might need a VM to download, since the client doesn't work too well on Wine.
https://bugs.winehq.org/show_bug.cgi?id=49052
--- Comment #6 from Paul Gofman pgofman@codeweavers.com --- (In reply to Fabian Maurer from comment #5)
It's a bit difficult, since it's a paid game. However, I'd be willing to share my account temporarily for debugging purposes, if that'd be ok. Just know that the client is all Japanese and that you might need a VM to download, since the client doesn't work too well on Wine.
(In reply to Fabian Maurer from comment #5)
@Anastasius, @Paul Thanks for your comments. I'm not sure what it does, but to be it seems pretty strange. As a small note, the fake "plugin.dll" and "executeAPI" from the patch are enough to get the game to run. Note that on windows, there is no plugin.dll either - only that temporary DLL. Maybe a fallback when the temporary DLL can't be loaded? It only seems need that ZwOpenFile patch when actually having a real DLL called plugin.dll in the folder.
This DLL must be spoofed by Enigma through hooking ntdll API, Wine needs to work through hooked NtOpenFile, file and section I/O entirely to get that DLL loaded like on Windows. It is strange that the game works without, maybe it is needed later.
from your comments it pretty much looks like standard application virtualization/sandboxing using native API hooking.
Mh, could be, ENIGMA is known to do that. I don't know how I would debug something like that though - I hope'd it'd be simpler.
Yes, it is known, but it would maybe be interesting to debug what exactly it needs to work and maybe fix these, as lining up just every API to depend on the other calls exactly like on on Windows is somewhat hard to approach at once. Part of this work has been done when moving the functions to kernelbase, but Enigma depends on some calls been correctly routed to hooks within ntdll itself.
Is there any way I can get this game to test?
It's a bit difficult, since it's a paid game. However, I'd be willing to share my account temporarily for debugging purposes, if that'd be ok. Just know that the client is all Japanese and that you might need a VM to download, since the client doesn't work too well on Wine.
I can probably buy it, I just need an exact link to the correct game and version, and maybe some exact install instructions to avoid spending time for bypassing unrelated problems.
https://bugs.winehq.org/show_bug.cgi?id=49052
--- Comment #7 from Fabian Maurer dark.shadow4@web.de --- The game must be downloaded over their installer (http://dl-gameplayer.dmm.com/admin/win/installer/DMMGamePlayerSetup.exe)
I got the game itself from (NFSW) https://dlsoft.dmm.co.jp/en/detail/akbs_0100/ with my credit card, though it's a bit of pain to navigate since it's all Japanese. Not sure if I can make instructions to navigate that, but of course I could try to help. Otherwise, as noted, I could borrow my account which has everything already setup, you'd only need an activation code that's sent to my mail. Either way, feel free to send me a mail for details.
maybe some exact install instructions to avoid spending time for bypassing unrelated problems.
Install instructions I could provide. Though, as said, the client only works in a VM. You can copy the game out and it should give a message that "The game is not installed properly" because of the DRM. But it doesn't even get that far.
https://bugs.winehq.org/show_bug.cgi?id=49052
Chris Moeller chris@kode54.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |chris@kode54.net
--- Comment #8 from Chris Moeller chris@kode54.net --- Another potentially Enigma protected title, and this one is in English, Spanish, French, and German: Blossom Tales: The Sleeping King. It's on Steam, and it's 60% off for the next 25 hours from this posting. It's also a .NET Framework 4.x application, using the XNA 4.0 framework. Also totally safe for the whole family, if you're looking for a test title that isn't porn.
It also appears to use its hooking to bundle and import the invisible libraries, SlimDX.DirectInput, and the Steamworks api for handling achievements. All resources are bundled into a single monolithic 600mb executable.
https://bugs.winehq.org/show_bug.cgi?id=49052
Anya maniikarabera@protonmail.ch changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |maniikarabera@protonmail.ch
https://bugs.winehq.org/show_bug.cgi?id=49052
--- Comment #9 from Paul Gofman pgofman@codeweavers.com --- Created attachment 68331 --> https://bugs.winehq.org/attachment.cgi?id=68331 Bypass NtOpenFile in NtGetNlsSectionPtr()
I've tested the Blossom Tales: The Sleeping King with the latest Wine and it is almost there. The following upstream changes made the hidden DLLs load ok now: - moving most of Nt... functions to the Unix part of ntdll; - reworking loader so that it fully works through Nt functions now and thus does not depend on the dll being placed as a Unix disk file.
Still with mainstream Wine the game hits stack overflow exception at start. That happens because NtGetNlsSectionPtr() is not in the Unix part yet. It calls NtOpenFile which is hotpatched by Enigma, and Enigma uses kernelbase locale functions to handle the file name. This results in infinite recursion. The attached proof of concept hack makes the game start fine for me. So this should work in a proper way once NtGetNlsSectionPtr gets moved to the Unix part.
I also tested 'The Rising of the Shield Hero Relive The Animation' which had the same issues and it is also working fine for me with the attached hack.
https://bugs.winehq.org/show_bug.cgi?id=49052
--- Comment #10 from Paul Gofman pgofman@codeweavers.com --- Should be working now after 54c31d5332a71d785db1b73cf3be41818adeab8a
https://bugs.winehq.org/show_bug.cgi?id=49052
--- Comment #11 from Fabian Maurer dark.shadow4@web.de --- For this issue, I can only test until I hit the" Not installed properly" message, because the DMM Launcher doesn't work yet...
Anyways, that works since wine-5.16.
https://bugs.winehq.org/show_bug.cgi?id=49052
François Gouget fgouget@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |patch CC| |fgouget@codeweavers.com
https://bugs.winehq.org/show_bug.cgi?id=49052
--- Comment #12 from Rafał Mużyło galtgendo@o2.pl --- Well, I'm not 100% sure it's a regression or a new issue, but a *trial* of this game crashes now without even displaying the window...
https://bugs.winehq.org/show_bug.cgi?id=49052
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends on| |47747
--- Comment #13 from Fabian Maurer dark.shadow4@web.de --- The trial works fine for me, see bug 49037. If you encounter crashes, please open a new issue.
Regarding this copy protecting thing, I'll leave it open until I can really test with DMM Game Player...
https://bugs.winehq.org/show_bug.cgi?id=49052
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Fixed by SHA1| |54c31d5332a71d785db1b73cf3b | |e41818adeab8a Resolution|--- |FIXED
--- Comment #14 from Fabian Maurer dark.shadow4@web.de --- Marking fixed. Just tested with the DMM client, and it can run the copy-protected game just fine. There's other issues, but this one is fixed.
https://bugs.winehq.org/show_bug.cgi?id=49052
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #15 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 7.10.