[Bug 48981] New: Riot Vanguard (Riot Games) needs Microsoft Kernel Mode Cryptographic Primitives Library 'cng.sys'
https://bugs.winehq.org/show_bug.cgi?id=48981
Bug ID: 48981 Summary: Riot Vanguard (Riot Games) needs Microsoft Kernel Mode Cryptographic Primitives Library 'cng.sys' Product: Wine Version: 5.6 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
as it says. There are some fixes required prior to come to this place. I'll create/reference more bug reports later for them.
There is a public document which describes the module and the API:
https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-pr...
--- quote --- Microsoft Windows7 Kernel Mode Cryptographic Primitives Library (cng.sys)
Microsoft Windows 7 Operating System
FIPS 140-2 Security Policy Document
This document specifies the security policy for the Microsoft Kernel Mode Cryptographic Primitives Library (CNG.SYS) as described in FIPS PUB 140-2.
January 16, 2013
Document Version: 2.2 --- quote ---
--- snip --- ... The vgk service is starting. 002d:trace:loaddll:load_native_dll Loaded L"C:\windows\system32\kernelbase.dll" at 0x7b000000: PE builtin 002d:trace:loaddll:load_so_dll Loaded L"C:\windows\system32\kernel32.dll" at 0x7b410000: builtin 002d:trace:loaddll:load_native_dll Loaded L"C:\windows\system32\winedevice.exe" at 0x140000000: PE builtin 002d:trace:loaddll:load_so_dll Loaded L"C:\windows\system32\advapi32.dll" at 0x7f39a2c80000: builtin 002d:trace:loaddll:load_so_dll Loaded L"C:\windows\system32\msvcrt.dll" at 0x7f39a2aa0000: builtin 002d:trace:loaddll:load_native_dll Loaded L"C:\windows\system32\ntoskrnl.exe" at 0x180000000: PE builtin 002d:trace:loaddll:load_so_dll Loaded L"C:\windows\system32\ucrtbase.dll" at 0x7f39a2970000: builtin 002d:trace:loaddll:load_native_dll Loaded L"C:\windows\system32\rpcrt4.dll" at 0x9b0000: PE builtin 002f:trace:ntoskrnl:ZwLoadDriver (L"\Registry\Machine\System\CurrentControlSet\Services\vgk") 002f:trace:ntoskrnl:open_driver opened service for driver L"\Registry\Machine\System\CurrentControlSet\Services\vgk" 002f:trace:ntoskrnl:IoCreateDriver (L"\Driver\vgk", 00000001800132F0) 002f:trace:ntoskrnl:load_driver loading driver L"C:\Program Files\Riot Vanguard\vgk.sys" 002f:err:module:import_dll Library cng.sys (which is needed by L"C:\Program Files\Riot Vanguard\vgk.sys") not found 002f:trace:ntoskrnl:IoDeleteDriver (0000000000723070) 002f:trace:ntoskrnl:ObDereferenceObject (0000000000723070) ref=0 002f:err:ntoskrnl:ZwLoadDriver failed to create driver L"\Registry\Machine\System\CurrentControlSet\Services\vgk": c0000142 DLL initialization failed. --- snip ---
Only two 'cng.sys' functions are currently imported:
--- snip --- $ winedump -j import vgk.sys Contents of vgk.sys: 3196560 bytes
Import Table size: 00000050 offset 0001e090 cng.sys Hint/Name Table: 00022108 TimeDateStamp: 00000000 (Thu Jan 1 01:00:00 1970) ForwarderChain: 00000000 First thunk RVA: 0001B028 Thunk Ordn Name 0001b028 8 BCryptDestroyHash 0001b030 1 BCryptCloseAlgorithmProvider
...
Done dumping vgk.sys --- snip ---
$ wine --version wine-5.6-258-gf31a29b8d1
Regards
https://bugs.winehq.org/show_bug.cgi?id=48981
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, obfuscation URL| |https://riot-client.secure. | |dyn.riotcdn.net/channels/pu | |blic/rccontent/vanguard/0.3 | |.2.2/setup.exe
https://bugs.winehq.org/show_bug.cgi?id=48981
Andrew Wesie awesie@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |awesie@gmail.com
--- Comment #1 from Andrew Wesie awesie@gmail.com --- There are likely more imports required. A dump of the kernel driver contains these imports within its address space:
cng BCryptOpenAlgorithmProvider cng BCryptGetProperty cng BCryptCreateHash cng BCryptHashData cng BCryptFinishHash
I posted a full list here: https://gist.github.com/awesie/618eb15e9f57e1fff4efb2786febec3f. I haven't done any substantial analysis yet, so these could be a false flag.
https://bugs.winehq.org/show_bug.cgi?id=48981
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|https://riot-client.secure. |https://web.archive.org/web |dyn.riotcdn.net/channels/pu |/20200421165713/https://rio |blic/rccontent/vanguard/0.3 |t-client.secure.dyn.riotcdn |.2.2/setup.exe |.net/channels/public/rccont | |ent/vanguard/0.3.2.2/setup. | |exe
https://bugs.winehq.org/show_bug.cgi?id=48981
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Fixed by SHA1| |d09d4d97e02a724c98df9a6cacc | |8d8f4e545ee0e Status|NEW |RESOLVED
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/d09d4d97e02a724c98df9a6cac... ("cng.sys: New dll.").
Thanks Alistair
--- snip --- $ WINEDEBUG=+seh,+loaddll,+ntoskrnl,+module,+imports wine net start vgk
log.txt 2>&1
... 0118:trace:module:map_image_into_view mapping PE file L"\??\C:\Program Files\Riot Vanguard\vgk.sys" at 0xdb0000-0x10b7000 0118:trace:module:map_image_into_view mapping L"\??\C:\Program Files\Riot Vanguard\vgk.sys" section .text at 0xdb1000 off 400 size 1a000 virt 19ec2 flags 68000020 0118:trace:module:map_image_into_view mapping L"\??\C:\Program Files\Riot Vanguard\vgk.sys" section .rdata at 0xdcb000 off 1a400 size 2000 virt 1ea4 flags 48000040 0118:trace:module:map_image_into_view mapping L"\??\C:\Program Files\Riot Vanguard\vgk.sys" section .data at 0xdcd000 off 1c400 size 600 virt 146c flags c8000040 0118:trace:module:map_image_into_view clearing 0xdcd600 - 0xdce000 0118:trace:module:map_image_into_view mapping L"\??\C:\Program Files\Riot Vanguard\vgk.sys" section .pdata at 0xdcf000 off 1ca00 size 1400 virt 1320 flags 48000040 0118:trace:module:map_image_into_view clearing 0xdd0400 - 0xdd1000 0118:trace:module:map_image_into_view mapping L"\??\C:\Program Files\Riot Vanguard\vgk.sys" section .edata at 0xdd1000 off 1de00 size 200 virt 3e flags 40000040 0118:trace:module:map_image_into_view clearing 0xdd1200 - 0xdd2000 0118:trace:module:map_image_into_view mapping L"\??\C:\Program Files\Riot Vanguard\vgk.sys" section INIT at 0xdd2000 off 1e000 size 600 virt 442 flags 60000020 0118:trace:module:map_image_into_view clearing 0xdd2600 - 0xdd3000 0118:trace:module:map_image_into_view mapping L"\??\C:\Program Files\Riot Vanguard\vgk.sys" section .stub0 at 0xdd3000 off 1e600 size 2dcc00 virt 2dcb6c flags 68000060 0118:trace:module:map_image_into_view clearing 0x10afc00 - 0x10b0000 0118:trace:module:map_image_into_view mapping L"\??\C:\Program Files\Riot Vanguard\vgk.sys" section .reloc at 0x10b0000 off 2fb200 size 200 virt e0 flags 42000040 0118:trace:module:map_image_into_view clearing 0x10b0200 - 0x10b1000 0118:trace:module:map_image_into_view mapping L"\??\C:\Program Files\Riot Vanguard\vgk.sys" section .rsrc at 0x10b1000 off 2fb400 size 5e00 virt 5d3c flags 42000040 0118:trace:module:map_image_into_view clearing 0x10b6e00 - 0x10b7000 0118:warn:module:set_security_cookie security cookie 000000014001D5E8 outside of image 0000000000DB0000-00000000010B7000 0118:trace:module:load_dll looking for L"cng.sys" in L"C:\Program Files\Riot Vanguard;C:\windows\system32;C:\windows\system32\drivers;C:\windows\system32\" 0118:trace:module:get_load_order looking for L"C:\windows\system32\drivers\cng.sys" 0118:trace:module:get_load_order got hardcoded default for L"C:\windows\system32\drivers\cng.sys" 0118:trace:module:map_image_into_view mapping PE file L"\??\C:\windows\system32\drivers\cng.sys" at 0x10c0000-0x10c6000 0118:trace:module:map_image_into_view mapping L"\??\C:\windows\system32\drivers\cng.sys" section .text at 0x10c1000 off 1000 size 1000 virt 376 flags 60000020 0118:trace:module:map_image_into_view mapping L"\??\C:\windows\system32\drivers\cng.sys" section .rdata at 0x10c2000 off 2000 size 1000 virt c7c flags 40000040 0118:trace:module:map_image_into_view mapping L"\??\C:\windows\system32\drivers\cng.sys" section .buildid at 0x10c3000 off 3000 size 1000 virt 79 flags 40000040 0118:trace:module:map_image_into_view mapping L"\??\C:\windows\system32\drivers\cng.sys" section .pdata at 0x10c4000 off 4000 size 1000 virt 24 flags 40000040 0118:trace:module:map_image_into_view mapping L"\??\C:\windows\system32\drivers\cng.sys" section .rodata at 0x10c5000 off 5000 size 1000 virt 2c5 flags c0000040 0118:trace:module:load_dll looking for L"kernel32.dll" in L"C:\Program Files\Riot Vanguard;C:\windows\system32;C:\windows\system32\drivers;C:\windows\system32\" 0118:trace:module:load_dll Found L"C:\windows\system32\kernel32.dll" for L"kernel32.dll" at 000000007B600000, count=-1 0118:trace:imports:import_dll --- DisableThreadLibraryCalls kernel32.dll.193 = 000000007B60C434 0118:trace:imports:import_dll --- RaiseException kernel32.dll.885 = 000000007B60E7D4 0118:trace:module:build_module loaded L"\??\C:\windows\system32\drivers\cng.sys" 000000000014AB00 00000000010C0000 0118:trace:loaddll:build_module Loaded L"C:\windows\system32\drivers\cng.sys" at 00000000010C0000: builtin 0118:trace:module:load_dll Loaded module L"\??\C:\windows\system32\drivers\cng.sys" at 00000000010C0000 0118:trace:module:find_forwarded_export delay loading L"bcrypt.dll" for 'bcrypt.BCryptDestroyHash' 0118:trace:module:load_dll looking for L"bcrypt.dll" in L"C:\Program Files\Riot Vanguard;C:\windows\system32;C:\windows\system32\drivers;C:\windows\system32\" 0118:trace:module:get_load_order looking for L"C:\windows\system32\bcrypt.dll" 0118:trace:module:get_load_order got hardcoded default for L"bcrypt.dll" 0118:trace:module:map_image_into_view mapping PE file L"\??\C:\windows\system32\bcrypt.dll" at 0x10d0000-0x10e2000 ... 0118:trace:module:MODULE_InitDLL (00000000010D0000,PROCESS_ATTACH,0000000000000000) - RETURN 1 0118:trace:module:process_attach (L"bcrypt.dll",0000000000000000) - END 0118:trace:imports:import_dll --- BCryptDestroyHash cng.sys.8 = 00000000010D2B00 0118:trace:imports:import_dll --- BCryptCloseAlgorithmProvider cng.sys.1 = 00000000010D2300 ... 0118:trace:module:process_attach (L"vgk.sys",0000000000000000) - START 0118:trace:module:process_attach (L"cng.sys",0000000000000000) - START 0118:trace:ntoskrnl:ldr_notify_callback loading L"cng.sys" 0118:trace:module:MODULE_InitDLL (00000000010C0000 L"cng.sys",PROCESS_ATTACH,0000000000000000) - CALL 0118:trace:module:MODULE_InitDLL (00000000010C0000,PROCESS_ATTACH,0000000000000000) - RETURN 1 0118:trace:module:process_attach (L"cng.sys",0000000000000000) - END 0118:trace:ntoskrnl:ldr_notify_callback loading L"vgk.sys" 0118:trace:ntoskrnl:ldr_notify_callback relocating from 0000000140000000-0000000140307000 to 0000000000DB0000-00000000010B7000 0118:trace:module:process_attach (L"vgk.sys",0000000000000000) - END ---- snip ---
$ wine --version wine-6.20-61-gababea0fd70
Regards
https://bugs.winehq.org/show_bug.cgi?id=48981
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #3 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 6.21.
-
WineHQ Bugzilla