http://bugs.winehq.org/show_bug.cgi?id=24159
Summary: sigcheck -a outputs garbage in comments for WoW.exe Product: Wine Version: 1.3.1 Platform: x86 URL: http://technet.microsoft.com/en-us/sysinternals/bb8974 41.aspx OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: adys.wh@gmail.com
Created an attachment (id=30403) --> (http://bugs.winehq.org/attachment.cgi?id=30403) WINEDEBUG=+ver wine sigcheck wow.exe
Download sigcheck (url) and run it on WoW.exe with wine sigcheck -a wow.exe. Comments (the last line) is supposed to be empty. Instead, I get "NCompanyName" (two invisible bytes between N and Company).
http://bugs.winehq.org/show_bug.cgi?id=24159
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
http://bugs.winehq.org/show_bug.cgi?id=24159
--- Comment #1 from Jerome Leclanche adys.wh@gmail.com 2010-08-26 08:07:13 --- http://source.winehq.org/source/dlls/version/info.c
The defines are ugly... there needs to be length checking done.
http://bugs.winehq.org/show_bug.cgi?id=24159
Jerome Leclanche adys.wh@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #2 from Jerome Leclanche adys.wh@gmail.com 2012-04-28 09:39:08 CDT --- Still in wine-1.5.3.
https://bugs.winehq.org/show_bug.cgi?id=24159
--- Comment #3 from Jerome Leclanche adys.wh@gmail.com --- Still in wine-1.7.22
https://bugs.winehq.org/show_bug.cgi?id=24159
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net Summary|sigcheck -a outputs garbage |Windows Sysinternals |in comments for WoW.exe |'sigcheck -a' outputs | |garbage for 'WoW.exe' | |version info 'comments' | |(version info 'null' values | |need special treatment)
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
The 'wow.exe' binary can be downloaded here (no need for full game install):
http://filebeam.com/4fb29bad4de4f6d82f2ea26538335a80
Version info resource dumped with 'Resource hacker' tool:
--- snip --- 1 VERSIONINFO FILEVERSION 3,3,5,12340 PRODUCTVERSION 3,3,0,0 FILEOS 0x4 FILETYPE 0x1 { BLOCK "StringFileInfo" { BLOCK "000004b0" { VALUE "Comments", "" VALUE "CompanyName", "Blizzard Entertainment" VALUE "FileDescription", "World of Warcraft Retail" VALUE "FileVersion", "3, 3, 5, 12340" VALUE "InternalName", "World of Warcraft" VALUE "LegalCopyright", "Copyright © 2004" VALUE "LegalTrademarks", "" VALUE "OriginalFilename", "WoW.exe" VALUE "PrivateBuild", "" VALUE "ProductName", "World of Warcraft" VALUE "ProductVersion", "Version 3.3" VALUE "SpecialBuild", "" } }
BLOCK "VarFileInfo" { VALUE "Translation", 0x0000 0x04B0 } } --- snip ---
Source: http://source.winehq.org/git/wine.git/blob/05b3d7b69bf183ef879dc42bd11c65923...
--- snip --- 566 typedef struct 567 { 568 WORD wLength; 569 WORD wValueLength; 570 WORD wType; /* 1:Text, 0:Binary */ 571 WCHAR szKey[1]; 572 #if 0 /* variable length structure */ 573 /* DWORD aligned */ 574 BYTE Value[]; 575 /* DWORD aligned */ 576 VS_VERSION_INFO_STRUCT32 Children[]; 577 #endif 578 } VS_VERSION_INFO_STRUCT32; 579 580 #define VersionInfoIs16( ver ) \ 581 ( ((const VS_VERSION_INFO_STRUCT16 *)ver)->szKey[0] >= ' ' ) 582 583 #define DWORD_ALIGN( base, ptr ) \ 584 ( (LPBYTE)(base) + ((((LPBYTE)(ptr) - (LPBYTE)(base)) + 3) & ~3) ) 585 586 #define VersionInfo16_Value( ver ) \ 587 DWORD_ALIGN( (ver), (ver)->szKey + strlen((ver)->szKey) + 1 ) 588 #define VersionInfo32_Value( ver ) \ 589 DWORD_ALIGN( (ver), (ver)->szKey + strlenW((ver)->szKey) + 1 ) --- snip ---
Annotated memory dump of 'comments' block and follow up (returned by 'VersionInfo32_FindChild'):
--- snip --- 004622C0 00000018 .... ; wLength = 0x18, wValueLength=0 004622C4 00430001 ..C. ; wType=1 (text), szKey[] 004622C8 006D006F o.m. 004622CC 0065006D m.e. 004622D0 0074006E n.t. 004622D4 00000073 s... 004622D8 0017004E N... ; wLength = 0x4E, wValueLength=0x17 004622DC 00430001 ..C. ; wType=1 (text), szKey[] 004622E0 006D006F o.m. 004622E4 00610070 p.a. 004622E8 0079006E n.y. 004622EC 0061004E N.a. 004622F0 0065006D m.e. 004622F4 00000000 .... 004622F8 006C0042 B.l. 004622FC 007A0069 i.z. 00462300 0061007A z.a. 00462304 00640072 r.d. 00462308 00450020 .E. 0046230C 0074006E n.t. 00462310 00720065 e.r. 00462314 00610074 t.a. 00462318 006E0069 i.n. 0046231C 0065006D m.e. 00462320 0074006E n.t. 00462324 00000000 .... ... --- snip ---
Source: http://source.winehq.org/git/wine.git/blob/05b3d7b69bf183ef879dc42bd11c65923...
Wine returns 0x004622D8 in *lplpBuffer which is the start of next block. The application tries to stringify it, causing the garbage printout - even with 'info->wValueLength == 0'.
It seems "null" values are a special case and need to be treated differently.
In order to have the app see a single wide-char null terminator you need to check if the value address returned from 'VersionInfo32_Value' is outside of the current block (which is the case here) and instead return a pointer to either the null terminator of the key string -> 0x004622D6 or to 'wValueLength' -> 0x004622C2 (which could also serve as wide-char null "replacement" because it's WORD type and has zero value).
Yes, both would violate the 32-bit alignment constraint for values but I don't see other ways here to have the app looking at a null terminator which is located within resource block boundaries.
$ sha1sum Sigcheck.zip 9d2e414bc5d71a9d6162fb955474c60cc9086c03 Sigcheck.zip
$ du -sh Sigcheck.zip 172K Sigcheck.zip
$ wine --version wine-1.7.23-2-g69e95ac
Regards
https://bugs.winehq.org/show_bug.cgi?id=24159
--- Comment #5 from Gijs Vermeulen gijsvrm@gmail.com --- Still present with wine-5.4.
Download link for Wow.rar: https://web.archive.org/web/20150321172940/http://filebeam.com/download2.php...
https://bugs.winehq.org/show_bug.cgi?id=24159
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://technet.microsoft.co |https://docs.microsoft.com/ |m/en-us/sysinternals/bb8974 |en-us/sysinternals/download |41.aspx |s/sigcheck
--- Comment #6 from Anastasius Focht focht@gmx.net --- Hello Gijs,
thanks for testing and providing a stable link.
Link to snapshot of Sysinternals Sigcheck v2.73 (just in case):
https://web.archive.org/web/20200115104509/http://download.sysinternals.com/...
--- snip --- $ wine ./sigcheck.exe -a wow.exe
Sigcheck v2.73 - File version and signature viewer Copyright (C) 2004-2019 Mark Russinovich Sysinternals - www.sysinternals.com
005b:fixme:ver:GetFileVersionInfoSizeExW flags 0x2 ignored 005b:fixme:ver:GetFileVersionInfoExW flags 0x2 ignored Z:\home\focht\Downloads\Wow.exe: Verified: Signed Signing date: 8:21 AM 6/25/2010 Publisher: Blizzard Entertainment, Inc. Company: Blizzard Entertainment Description: World of Warcraft Retail Product: World of Warcraft Prod version: Version 3.3 File version: 3, 3, 5, 12340 MachineType: 32-bit Binary Version: 3.3.5.12340 Original Name: WoW.exe Internal Name: World of Warcraft Copyright: Copyright ⌐ 2004 Comments: NCompanyName Entropy: 6.733 005b:fixme:ver:GetCurrentPackageId (0x32fe94 (nil)): stub --- snip ---
$ sha1sum Sigcheck.zip 8154a0f6b056a84be242e8e71ec1202a4258394d Sigcheck.zip $ du -sh Sigcheck.zip 800K Sigcheck.zip
$ sha1sum Wow.rar 3b51f6df5cc611885934bcc21e15aa610a349c17 Wow.rar
$ du -sh Wow.rar 2.7M Wow.rar
$ wine --version wine-5.4-255-g00e55c8fc0
Regards
https://bugs.winehq.org/show_bug.cgi?id=24159
--- Comment #7 from Gijs Vermeulen gijsvrm@gmail.com --- Still present with wine-8.4.
-
wine-bugs@winehq.org -
WineHQ Bugzilla