http://bugs.winehq.org/show_bug.cgi?id=9958
Summary: Albatross18 returns to the console immediately Product: Wine Version: CVS/GIT Platform: PC URL: http://download2.gamershell.com/cgi- bin/fhx.pl?auth=dJulWPE62z3m6&id=21281&ts=1191871805&cat =demo&filename=albatross18_setup.zip OS/Version: Linux Status: UNCONFIRMED Keywords: download Severity: normal Priority: P2 Component: wine-shdocvw AssignedTo: wine-bugs@winehq.org ReportedBy: xerox_xerox2000@yahoo.co.uk
I 've been seeing people sending in test reports for this app every now and then , so i decided to give it a go myself. The only thing it does is spit out a few fixme's (shdocvw) and then exits. With native shdocvw (and shlwapi) the update screen comes up fine and the update process goes fine. However , while trying to start the game it just hangs. (This bugreport is only for the first part)
http://bugs.winehq.org/show_bug.cgi?id=9958
--- Comment #1 from Louis Lenders xerox_xerox2000@yahoo.co.uk 2007-10-08 15:54:34 --- Created an attachment (id=8469) --> (http://bugs.winehq.org/attachment.cgi?id=8469) console output
http://bugs.winehq.org/show_bug.cgi?id=9958
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #2 from Anastasius Focht focht@gmx.net 2007-10-09 13:10:41 --- Hello,
sheesh .. too much stuff missing. You need the following native overrides: shdocvw, shlwapi, urlmon, wininet (and their dependencies) This should let the update client/loader get started.
Regards
http://bugs.winehq.org/show_bug.cgi?id=9958
--- Comment #3 from Anastasius Focht focht@gmx.net 2007-10-09 16:18:59 --- Hello,
the "hang" is a combination of wine bug and sloppy programming of game guard devs.
The hang occurs in gameguard.des process while trying to load a splash screen. Due to a bug in wine oleaut32 api function, a hang occurs because specific assumptions are not met/some code paths are not executed.
--- snip (spawned thread) --- ... 000d:Call user32.FindWindowA(00000000,1001f274 "GameGuard QA Redirector 1.0 ") ret=100033ee 000d:Call winex11.drv.CreateDesktopWindow(00010020) ret=60491bdb 000d:Ret winex11.drv.CreateDesktopWindow() retval=00000001 ret=60491bdb 000d:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,617ab884,ffffffff,00000040,00000000) ret=6046c3da --- snip ---
earlier:
--- snip --- ... 0033:Call oleaut32.OleLoadPicturePath(0034edcc L"C:\Program Files\OGPlanet\Albatross18\GameGuard\Splash.jpg",00000000,00000000,00000000,0041a398,00428158) ret=00404a75 0033:Call ole32.CreateBindCtx(00000000,0034ebe4) ret=605ea086 0033:Call ntdll.RtlAllocateHeap(00110000,00000000,00000034) ret=60675ee5 0033:Ret ntdll.RtlAllocateHeap() retval=00133990 ret=60675ee5 0033:Call KERNEL32.GetThreadLocale() ret=60675f3a 0033:Ret KERNEL32.GetThreadLocale() retval=00000409 ret=60675f3a 0033:Ret ole32.CreateBindCtx() retval=00000000 ret=605ea086 0033:Call KERNEL32.LoadLibraryA(60648660 "urlmon.dll") ret=6062fd50 ... 0033:Ret ole32.CoTaskMemFree() retval=00000001 ret=00672ed5 0033:Ret oleaut32.OleLoadPicturePath() retval=800401f0 ret=00404a75 0033:Call KERNEL32.CreateThread(00000000,00000000,00404810,00000000,00000000,0034fdd0) ret=00403bb7 0033:Ret KERNEL32.CreateThread() retval=000000a0 ret=00403bb7 ... --- snip ---
oleaut32.OleLoadPicturePath() returns with 0x800401F0 error -> "CoInitialize has not been called" - which is of course true. Due to that error, some (threaded) code is incorrectly skipped.
I wrote a small test client under windows xp to verify. It seems OleLoadPicturePath implicitly initializes OLE in its apartment (= no explicit CoInitialize() needed). So clearly a wine bug.
You can either fix this by using native oleaut32.dll override or by explicitly calling CoInitialize() and CoUninitialize() before any CoCreateInstance() calls in that api function.
Regards
http://bugs.winehq.org/show_bug.cgi?id=9958
--- Comment #4 from Louis Lenders xerox_xerox2000@yahoo.co.uk 2007-10-09 16:24:54 --- Thanks for looking, i'm gonna try that tomorrow (threw away my ~/.wine again...)
http://bugs.winehq.org/show_bug.cgi?id=9958
--- Comment #5 from Anastasius Focht focht@gmx.net 2007-10-10 15:57:35 --- Created an attachment (id=8502) --> (http://bugs.winehq.org/attachment.cgi?id=8502) decrypted game log
Hello,
unfortunately they hide (encrypt) most of their stuff, starting with config/ini files, log files and the like - so it's kind of guessing what really happens.
Some modules have different kind of encryption mechanism for log files. Easy ones start with known key table (included in code) and use hash key stored in file for encrypt/decrypt. Others modules like gameguard engine/monitor are more sophisticated because they use asymmetric key encryption (RSA) to prevent direct decryption of log files (only public key known).
Attached is "npgl.dec" which is decrypted game module log, created by "ProjectG.exe" (former "npgl.erl" from "GameGuard" directory).
The last line says "21:58:29:312 InitNPGameMon: 114" Error 114 correlates to "GameMon.des" process/module not working.
Regards
http://bugs.winehq.org/show_bug.cgi?id=9958
--- Comment #6 from Louis Lenders xerox_xerox2000@yahoo.co.uk 2007-10-10 16:14:16 ---
The last line says "21:58:29:312 InitNPGameMon: 114" Error 114 correlates to "GameMon.des" process/module not working.
yeah, is saw that in a debug trace as well. that's the same bug Maplestory runs in too. If you need any debug-traces please let me know (though i think it might be easier to generate them yourself ;) )
http://bugs.winehq.org/show_bug.cgi?id=9958
--- Comment #7 from Anastasius Focht focht@gmx.net 2007-10-10 16:28:20 --- Created an attachment (id=8503) --> (http://bugs.winehq.org/attachment.cgi?id=8503) decrypted game guard module log
Hello,
another decrypted log produced by "GameGuard.des" process (RSA encrypted) - for sake of completeness.
The main target, GameGuard's "GameMon.des" process is protected by "Themida" 1.9.x - probably the best PE protector you can currently get for money, faciliating many latest generation anti-reversing, code morphing/VM technologies to date.
"GameMon.des" crashes somewhere in redirected code, no obvious wine API calls, looks like emulated VM code. Might be some kind of Themida bug, not related to GameGuard itself.
Although they state some degree of wine compatibility ("bugfixes") on their homepage/changelogs I never encountered a themida target which really works under wine (full version options used, excluding ring0 stuff). Prolly some marketing for potential linux/wine switchers ;-)
Regards
http://bugs.winehq.org/show_bug.cgi?id=9958
--- Comment #8 from Anastasius Focht focht@gmx.net 2007-10-11 05:39:26 --- Hello,
--- quote --- that's the same bug Maplestory runs --- quote ---
Maple Story/GameGuard:
http://bugs.winehq.org/show_bug.cgi?id=3488 http://bugs.winehq.org/show_bug.cgi?id=3952
(one should be marked as duplicate of other)
Mount & Blade:
http://bugs.winehq.org/show_bug.cgi?id=7923
They all suffer from same issue like this bug id: Themida PE protector.
The protector creates a pile of threads (5-10), probably to countermeasure anti-debugging, anti-dumping whatever and it's main thread dies due to unhandled exception:
--- snip mount & blade --- ... 0040:Ret KERNEL32.SetEvent() retval=00000001 ret=038a943c 0040:Call KERNEL32.Sleep(00000000) ret=038a9469 0040:Ret KERNEL32.Sleep() retval=00000000 ret=038a9469 0040:Call KERNEL32.Sleep(00000000) ret=038a9469 0040:Ret KERNEL32.Sleep() retval=00000000 ret=038a9469 0040:Call KERNEL32.Sleep(00000000) ret=038a9469 0040:Ret KERNEL32.Sleep() retval=00000000 ret=038a9469 0040:Call KERNEL32.Sleep(00000000) ret=038a9469 0040:Ret KERNEL32.Sleep() retval=00000000 ret=038a9469 0028:Call KERNEL32.WaitForSingleObject(000000ac,ffffffff) ret=036d3670 0040:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4c80efe 0040:trace:seh:raise_exception info[0]=00000000 0040:trace:seh:raise_exception info[1]=04d0c0d5 0040:trace:seh:raise_exception eax=04d0c0d1 ebx=f72ae9f7 ecx=036bf720 edx=03cafee4 esi=03cafdc8 edi=00000094 0040:trace:seh:raise_exception ebp=03cafed8 esp=03cafdb4 cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00210202 0040:trace:seh:call_stack_handlers calling handler at 0x4f208c code=c0000005 flags=0 0040:trace:seh:call_stack_handlers handler at 0x4f208c returned 1 0040:trace:seh:call_stack_handlers calling handler at 0x36bc1fa code=c0000005 flags=0 0040:trace:seh:call_stack_handlers handler at 0x36bc1fa returned 0 --- snip mount & blade ---
--- snip maple story gamemon.des --- ... 0026:Call KERNEL32.VirtualProtect(00400000,00001000,00000004,006b352e) ret=008e438e 0026:Ret KERNEL32.VirtualProtect() retval=00000001 ret=008e438e 0026:Call KERNEL32.VirtualProtect(00400000,00001000,00000002,006b220e) ret=008e4692 0026:Ret KERNEL32.VirtualProtect() retval=00000001 ret=008e4692 0026:Call KERNEL32.SetEvent(000000a8) ret=008e4922 0026:Ret KERNEL32.SetEvent() retval=00000001 ret=008e4922 0026:Call KERNEL32.Sleep(00000000) ret=008e4936 0026:Ret KERNEL32.Sleep() retval=00000000 ret=008e4936 0026:Call KERNEL32.Sleep(00000000) ret=008e4936 0026:Ret KERNEL32.Sleep() retval=00000000 ret=008e4936 0026:Call KERNEL32.Sleep(00000000) ret=008e4936 0026:Ret KERNEL32.Sleep() retval=00000000 ret=008e4936 0026:Call KERNEL32.Sleep(00000000) ret=008e4936 0026:Ret KERNEL32.Sleep() retval=00000000 ret=008e4936 0026:Call KERNEL32.Sleep(00000000) ret=008e4936 0026:warn:seh:setup_exception exception outside of stack limits in thread 0026 eip 00b0e2a5 esp 00351fe8 stack 0x241000-0x350000 0026:trace:seh:raise_exception code=c0000005 flags=0 addr=0xb0e2a5 0026:trace:seh:raise_exception info[0]=00000001 0026:trace:seh:raise_exception info[1]=0000f19c 0026:trace:seh:raise_exception eax=0000f19c ebx=c39fa401 ecx=00000001 edx=1c9e25c5 esi=00351ff8 edi=0000f19c 0026:trace:seh:raise_exception ebp=00000000 esp=00351fe8 cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00010246 0026:trace:seh:call_stack_handlers calling handler at 0x7b82c030 code=c0000005 flags=0 0026:trace:seh:start_debugger Starting debugger "winedbg --auto 37 260" 0026:trace:seh:call_stack_handlers handler at 0x7b82c030 returned 1 0026:warn:seh:setup_exception exception outside of stack limits in thread 0026 eip 00b0e2a5 esp 00351fe8 stack 0x241000-0x3500 ... 0026:err:seh:raise_exception Exception frame is not in stack limits => unable to dispatch exception. --- snip maple story gamemon.des ---
Same goes for albatross18 S3. The only suspicious thing I found in all three logs:
--- snip mount & blade --- 0040:Call KERNEL32.GetModuleHandleA(035bfe3c "Th") ret=0370a7e2 0040:Ret KERNEL32.GetModuleHandleA() retval=00000000 ret=0370a7e2 0040:Call KERNEL32.LoadLibraryA(03cafe10 "u\x0e\x02`\x10\xfe\xca\x03\xff\xff\xff\xff\x10\x11\xc5{<\xfe[\x038\xfe\xca\x03\xa4V\xc8{|\xfe\xca\x03o"\xc5{\x10\xfe\xca\x03\xff\xff\xff\xff") ret=0370a815 0040:Ret KERNEL32.LoadLibraryA() retval=00000000 ret=0370a815 --- snip mount & blade ---
--- snip maple story gamemon.des --- 0026:Call KERNEL32.GetModuleHandleA(006b26fe "Th") ret=007fa64d 0026:Ret KERNEL32.GetModuleHandleA() retval=00000000 ret=007fa64d 0026:Call KERNEL32.LoadLibraryA(006b26fe "Th") ret=007fa76c 0026:Ret KERNEL32.LoadLibraryA() retval=00000000 ret=007fa76c --- snip maple story gamemon.des ---
Pretty much messed up. Several calls before the crash.
They all seem to use different versions of Themida, but I have no signatures to pin down the exact version used. The game makers would have to repackage their binaries with newer Themida versions and republish/push updates. Only feasible with GameGuard (that gets regularly updated). For other games it is a very unlikely event in case of wine "compatibility" (wine does not exist for them).
Regards
http://bugs.winehq.org/show_bug.cgi?id=9958
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1 Keywords| |obfuscation
--- Comment #9 from Austin English austinenglish@gmail.com 2008-05-18 11:51:33 --- Confirming.
http://bugs.winehq.org/show_bug.cgi?id=9958
Raul Sanchez falotron@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |falotron@gmail.com
--- Comment #10 from Raul Sanchez falotron@gmail.com 2008-07-29 06:23:01 ---
Any advance with this?
http://bugs.winehq.org/show_bug.cgi?id=9958
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|CVS/GIT |unspecified
--- Comment #11 from Austin English austinenglish@gmail.com 2009-01-15 10:54:20 --- Removing deprecated CVS/GIT version tag. Please retest in current git. If still present, update version field to earliest known version of wine that had this bug. Thanks!
http://bugs.winehq.org/show_bug.cgi?id=9958
--- Comment #12 from Anastasius Focht focht@gmx.net 2010-01-03 09:04:12 --- Hello,
revisiting, wine-1.1.35
Although the game client "Albatross18_Setup_4xx.exe" can be still downloaded from various sites, the game itself seem to have been abandoned. The updater fails to resolve "a18.ogplanet.com" hence Albatross18 game won't further work for testing purpose.
---
My analysis from comment #3 still applies.
A simple test case should reveal that OleLoadPicturePath() initializes COM apartment on its own if not previously done.
Change component to: oleaut32 Wine version: 0.9.42 (last GIT release tag before report date).
The other issues (like Gameguard/Themida) are covered by other bug reports.
Regards
http://bugs.winehq.org/show_bug.cgi?id=9958
Louis Lenders xerox_xerox2000@yahoo.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|shdocvw |oleaut32 Version|unspecified |0.9.42. Summary|Albatross18 returns to the |OleLoadPicturePath() should |console immediately |initialize COM apartment on | |its own if not previously | |done.
--- Comment #13 from Louis Lenders xerox_xerox2000@yahoo.co.uk 2010-01-03 12:18:20 ---
My analysis from comment #3 still applies.
A simple test case should reveal that OleLoadPicturePath() initializes COM apartment on its own if not previously done.
Change component to: oleaut32 Wine version: 0.9.42 (last GIT release tag before report date).
Done. Regards
http://bugs.winehq.org/show_bug.cgi?id=9958
--- Comment #14 from Andrew Nguyen arethusa26@gmail.com 2010-05-19 22:39:35 --- I've sent a patch:
http://source.winehq.org/patches/data/61831
http://bugs.winehq.org/show_bug.cgi?id=9958
Andrew Nguyen arethusa26@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #15 from Andrew Nguyen arethusa26@gmail.com 2010-05-20 11:25:36 --- This should be fixed by 96dbdcb8c9a8f028d1d1e40191a75db5a84bedfa.
http://bugs.winehq.org/show_bug.cgi?id=9958
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #16 from Alexandre Julliard julliard@winehq.org 2010-05-21 14:38:33 --- Closing bugs fixed in 1.2-rc1.
http://bugs.winehq.org/show_bug.cgi?id=9958
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |96dbdcb8c9a8f028d1d1e40191a | |75db5a84bedfa
-
wine-bugs@winehq.org