[Bug 45194] New: Painkiller game crashes at start

List overview All Threads

newer

older

[Bug 49701] New: Could you add a...

[Bug 50557] New: USVFS (Mod...

wine-bugs＠winehq.org

13 May 2018 13 May '18

3:31 p.m.

https://bugs.winehq.org/show_bug.cgi?id=45194

Bug ID: 45194 Summary: Painkiller game crashes at start Product: Wine Version: 3.7 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: b.wine.6883@indigo.re Distribution: ---

Created attachment 61407 --> https://bugs.winehq.org/attachment.cgi?id=61407 crash log

Game changes resolution and then crashes, see attached log

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

Show replies by date

wine-bugs＠winehq.org

13 May 13 May

4:50 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

joaopa jeremielapuree@yahoo.fr changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree@yahoo.fr

--- Comment #1 from joaopa jeremielapuree@yahoo.fr --- Does winetricks dotnet4.0 workaround the problem?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

4:56 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #2 from real name b.wine.6883@indigo.re --- It's already installed so it doesn't resolve.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

6:21 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #3 from joaopa jeremielapuree@yahoo.fr --- You surely did something wrong. With dotnet 40 installed the message wine: Call from 0x7b43d00c to unimplemented function mscoree.dll.CorIsLatestSvc, aborting

can not occur since native mscoree is used.

You should try again with a fresh wine prefix. In a fresh wine prefix, begin to install dotnet 40 and then painkiller.

Anyway, does the bug occur with the demo https://www.fileplanet.com/137061/130000/fileinfo/Painkiller-Single-Player-D... or https://www.fileplanet.com/143135/140000/fileinfo/Painkiller-Multiplayer-Dem...

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

14 May 14 May

5:12 a.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

tokktokk fdsfgs@krutt.org changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

2 Jun 2 Jun

9:20 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #4 from real name b.wine.6883@indigo.re --- After creating an empty wineprefix and running winetricks dotnet40 in it, I have the same crash.

The single player demo fails to start with another error which may be a game error. A dialog box appears and complains it cannot find some Data/LScripts/<something> and I can confirm there's no LScripts folder, only a LScripts.pak.

However, the multiplayer demo seems to crash in a similar way as the gog game. I'm attaching the log.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

9:23 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

real name b.wine.6883@indigo.re changed:

--- Comment #5 from real name b.wine.6883@indigo.re --- Created attachment 61544 --> https://bugs.winehq.org/attachment.cgi?id=61544 mp demo crash log

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

3 Jun 3 Jun

5:59 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #6 from joaopa jeremielapuree@yahoo.fr --- Both demo work fine for me, in a clean wineprefix, even without dotnet40 installed. Do you use the latest plain wine?

Anyways, that's not a user forum. Ask advice in the wine user forum to play this game

This bug can be closed as INVALID

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

4 Jun 4 Jun

6:48 a.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #7 from real name b.wine.6883@indigo.re --- It may work on your machine, that doesn't mean there's no bug. It doesn't work on mine, that surely means there's a bug. So it's definitely *NOT* invalid.

I've just retested in a clean WINEPREFIX, without dotnet40, and it **CRASHES**, and yes, it is a valid problem.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

6:53 a.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #8 from real name b.wine.6883@indigo.re --- I tested with https://packages.debian.org/buster/wine-development and https://packages.debian.org/buster/wine. They showed the same error.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

9:53 a.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

Anastasius Focht focht@gmx.net changed:

--- Comment #9 from Anastasius Focht focht@gmx.net --- Hello folks,

I can't reproduce either. Multiplayer works fine with Wine 3.9

--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/DreamCatcher/PainkillerMultiplayerDemo/Bin

$ file *.{dll,exe} binkw32.dll: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows D3Dev.dll: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows Engine.dll: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows mss32.dll: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows painkillerdemo.exe: PE32 executable (GUI) Intel 80386, for MS Windows

$ wine ./painkillerdemo.exe --- snip ---

OP attached a backtrace from an outdated (stable) Wine version (comment #5):

--- snip --- System information: Wine build: wine-3.0.1 (Debian 3.0.1-2) Platform: i386 (WOW64) Version: Windows 5.1 (0) Host system: Linux Host version: 4.15.0-1-amd64 --- snip ---

Make sure you *really* run the latest (dev) version of Wine. If it still crashes attach the console log + backtrace from the latest version.

Also .NET Framework 4.0 is not needed for this game. It shows you recycled an existing WINEPREFIX for multiple apps/games. Do that at your own risk - even if it's not an issue here.

$ sha1sum PainkillerMultiplayerDemo.exe c97263f12edd7e8ed7da07d439bb03da239fae1e PainkillerMultiplayerDemo.exe

$ du -sh PainkillerMultiplayerDemo.exe 137M PainkillerMultiplayerDemo.exe

$ wine --version wine-3.9-149-ge3648c7a61

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

10 Jun 10 Jun

4:03 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #10 from real name b.wine.6883@indigo.re --- Well, I already tried with 3.9 and had the same result. I just retried now to give you a 3.9 log, but it's (mostly) the same thing. Same crash and resolution change. I'm attaching the log anyway.

Now that we confirm I *really* experience the bug with *any* painkiller version and *any* wine version, how can we troubleshoot the problem?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

4:03 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

real name b.wine.6883@indigo.re changed:

--- Comment #11 from real name b.wine.6883@indigo.re --- Created attachment 61594 --> https://bugs.winehq.org/attachment.cgi?id=61594 mp demo crash log 3.9

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

5:25 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #12 from joaopa jeremielapuree@yahoo.fr --- You do not do things correctly.

...

/tmp/plop-29298/drive_c/Program Files (x86)/DreamCatcher/PainkillerMultiplayerDemo % wine-development Bin/painkillerdemo.exe

What mea

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

5:31 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #13 from joaopa jeremielapuree@yahoo.fr --- You do not do things correctly.

...

/tmp/plop-29298/drive_c/Program Files (x86)/DreamCatcher/PainkillerMultiplayerDemo % wine-development Bin/painkillerdemo.exe

What means that?

Don't use third party wine. Use plain wine. Do not install in a ntfs partition If you create your own wineprefix, you have a .wine folder. Install the game there. And then change the directory completely. cd .wine/drive_c/Program Files (x86)/DreamCatcher/PainkillerMultiplayerDemo/Bin

wine Painkiller.exe

That works.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

5:41 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #14 from real name b.wine.6883@indigo.re ---

...

/tmp/plop-29298/drive_c/Program Files (x86)/DreamCatcher/PainkillerMultiplayerDemo

This is my prompt. The first part is the current directory.

It's a temp empty dir I created and set as WINEPREFIX. Then I run the painkiller demo installer and used the default c: path. So there's nothing in it except files that wine generated because $WINEPREFIX was an empty dir and painkiller files.

...

Don't use third party wine. Use plain wine.

What does that mean? Not debian's packages? Should I use those: https://wiki.winehq.org/Debian ?

BTW, if there's a difference between debian packages and winehq packages, shouldn't we try to find out where is the bug exactly?

...

Do not install in a ntfs partition

I didn't.

...

If you create your own wineprefix, you have a .wine folder.

I don't have a .wine in the said $WINEPREFIX, I only have:

./ ../ dosdevices/ drive_c/ system.reg .update-timestamp userdef.reg user.reg

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

5:50 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

Zebediah Figura z.figura12@gmail.com changed:

--- Comment #15 from Zebediah Figura z.figura12@gmail.com --- It seems there's some hostility here; please let's try working with each other and not against each other, and not assuming that the bug is invalid just because you can't reproduce it.

In particular, although this might be an obvious misdiagnosis, the FPE exception makes me wonder if there's a bug related to specific graphics drivers. Perhaps a +d3d log would be useful.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

6:18 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #16 from real name b.wine.6883@indigo.re --- Created attachment 61595 --> https://bugs.winehq.org/attachment.cgi?id=61595 crash log with +d3d

I'm not sure how to enable it, I exported WINEDEBUG=+d3d, here's the output attached.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

7:11 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #17 from joaopa jeremielapuree@yahoo.fr --- To be sure, it is a nvidia driver bug, switch to Nouveau driver.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

12 Jun 12 Jun

4:45 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #18 from Matteo Bruni matteo.mystral@gmail.com --- (In reply to joaopa from comment #17)

...

To be sure, it is a nvidia driver bug, switch to Nouveau driver.

Maybe, but how do you know that?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

6:38 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #19 from joaopa jeremielapuree@yahoo.fr --- In ubuntu, if all the nvidia* packages are removed, the additional driver utility proposes nouveau as driver.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

9:45 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

Olivier F. R. Dierick o.dierick@piezo-forte.be changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |o.dierick@piezo-forte.be

--- Comment #20 from Olivier F. R. Dierick o.dierick@piezo-forte.be --- The PainkillerMultiplayerDemo.exe works for me.

If nobody is able to reproduce the bug but the OP, I guess there is something specific in his computer that is causing the issue.

Here's my setup for comparison:

plain wine 3.9 (Shared WoW64; Compiled from git, tag: wine-3.9)

fresh wine prefix: 32bit, default win7 mode. virtual desktop+lock mouse in full-screen: enabled. managed+decorated by Window Manager: disabled. winetricks: none. registry imports: none.

$ uname -a Linux [edited] 3.16.0-6-amd64 #1 SMP Debian 3.16.56-1+deb8u1 (2018-05-08) x86_64 GNU/Linux

$ gcc --version | head -n 1 gcc (Debian 4.9.2-10+deb8u1) 4.9.2

GPU: NVidia GeForce GTX 970 (4GB) Debian nvidia-driver package (from jessie/backports): 384.130-1~bpo8+1

CPU: Intel® Core™ i7-4930K CPU @ 3.40GHz × 12 RAM: 8 GB

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

27 Nov 27 Nov

4:33 a.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #21 from joaopa jeremielapuree@yahoo.fr --- What to do with bug? It is surely invalid. Leaving it open for ever?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

4:43 a.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #22 from Zebediah Figura z.figura12@gmail.com --- (In reply to joaopa from comment #21)

...

What to do with bug? It is surely invalid. Leaving it open for ever?

Maybe, but how do you know that?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

26 Sep 26 Sep

3:48 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

Henri Kemppainen wine@guu.fi changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |wine@guu.fi

--- Comment #23 from Henri Kemppainen wine@guu.fi --- It's a bug in the game. Reboot should fix it.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

25 Feb 25 Feb

8:46 p.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

Anastasius Focht focht@gmx.net changed:

--- Comment #24 from Anastasius Focht focht@gmx.net --- Hello folks,

adding stable download link via Internet Archive:

https://web.archive.org/web/20210225180649/http://download.fileplanet.com/ft...

I've tried to reconstruct the code flow using OP's backtrace from comment #16 and a debugger.

--- snip --- wine: Unhandled division by zero at address 0x100013d3 (thread 0009), starting debugger... Unhandled exception: divide by zero in 32-bit code (0x100013d3). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:006b GS:0063 EIP:100013d3 ESP:0032f9b4 EBP:00000000 EFLAGS:00210246( R- -- I Z- -P- ) EAX:0eac62d3 EBX:ffffffff ECX:00976340 EDX:00554a30 ESI:00974850 EDI:01f5ad70 Stack dump: 0x0032f9b4: 0000007f 002adb42 1001b71f 00974850 0x0032f9c4: 00402a19 00976338 00974850 0032fb18 0x0032f9d4: 00440e5b 00000000 1004c61d 00000000 0x0032f9e4: 00b8a315 00976338 ffffffff 01f1c7f8 0x0032f9f4: 00000001 003b0008 00000000 003f7b90 0x0032fa04: 00000000 00000000 00000000 00000000 Backtrace: =>0 0x100013d3 in engine (+0x13d3) (0x00000000) 0x100013d3: divl 0x4(%esp),%eax --- snip ---

0x1004c61d:

--- snip --- 1004C5F4 | mov dword ptr ss:[esp+140],ebx | 1004C5FB | mov dword ptr ds:[esi+D8],eax | 1004C601 | cmp dword ptr ds:[esi+DC],ebp | 1004C607 | mov dword ptr ds:[esi+EC],2 | 1004C611 | jne engine.1004C7DF | 1004C617 | call dword ptr ds:[<?OurGame@@3P6APAVEngineGame@@XZA>] | <--- 1004C61D | push 17E4 | 1004C622 | mov dword ptr ds:[esi+DC],eax | 1004C628 | call engine.1025181B | --- snip ---

0x00402a19:

--- snip --- 004029E0 | push FFFFFFFF | 004029E2 | push painkillerdemo.440E5B | 004029E7 | mov eax,dword ptr fs:[0] | 004029ED | push eax | 004029EE | mov dword ptr fs:[0],esp | 004029F5 | push ecx | 004029F6 | push esi | 004029F7 | push 1C | 004029F9 | call painkillerdemo.42E51B | 004029FE | mov esi,eax | 00402A00 | add esp,4 | 00402A03 | mov dword ptr ss:[esp+4],esi | 00402A07 | xor eax,eax | 00402A09 | cmp esi,eax | 00402A0B | mov dword ptr ss:[esp+10],eax | 00402A0F | je painkillerdemo.402A21 | 00402A11 | mov ecx,esi | 00402A13 | call dword ptr ds:[<&??0EngineGame@@QAE@XZ>] | <--- 00402A19 | mov dword ptr ds:[esi],painkillerdemo.4449E0 | 00402A1F | mov eax,esi | 00402A21 | mov ecx,dword ptr ss:[esp+8] | 00402A25 | pop esi | 00402A26 | mov dword ptr fs:[0],ecx | 00402A2D | add esp,10 | 00402A30 | ret | --- snip ---

0x1001b71f:

--- snip --- 1001B700 | push esi | 1001B701 | mov esi,ecx | 1001B703 | xor al,al | 1001B705 | mov dword ptr ds:[esi],<engine.??_7EngineGame@@6B@> | 1001B70B | mov byte ptr ds:[esi+10],al | 1001B70E | mov byte ptr ds:[esi+11],al | 1001B711 | mov ecx,dword ptr ds:[<?GEngine@@3PAVPCFSystem@@A>] | 1001B717 | add ecx,8 | 1001B71A | call <engine.?GetCurrentTimeMS@SystemDriver@@QBEKXZ> | <--- 1001B71F | mov dword ptr ds:[esi+14],eax | 1001B722 | mov eax,esi | 1001B724 | pop esi | 1001B725 | ret | --- snip ---

0x100013d3:

demangled class member function name:

public: unsigned long __thiscall SystemDriver::GetCurrentTimeMS(void) const

--- snip --- 10001390 | sub esp,8 | 10001393 | fld st(0),qword ptr ds:[10278538] | st(0) = 0.001 10001399 | sub esp,8 | 1000139C | fdiv st(0),qword ptr ds:[ecx+48] | st(0) / this->dblUnkVal 1000139F | fstp qword ptr ss:[esp],st(0) | st(0) -> arg0 100013A2 | call engine.10251B50 | floor(arg0) 100013A7 | fnstcw word ptr ss:[esp+8] | 100013AB | movzx eax,word ptr ss:[esp+8] | 100013B0 | add esp,8 | 100013B3 | or ah,C | 100013B6 | mov dword ptr ss:[esp+4],eax | 100013BA | fldcw word ptr ss:[esp+4] | x87ControlWord = 0xC7F 100013BE | fistp dword ptr ss:[esp+4],st(0) | var = (int) st(0) 100013C2 | mov eax,dword ptr ss:[esp+4] | 100013C6 | mov dword ptr ss:[esp+4],eax | 100013CA | fldcw word ptr ss:[esp] | 100013CD | xor eax,eax | 100013CF | xor edx,edx | 100013D1 | rdtsc | 100013D3 | div dword ptr ss:[esp+4] | div by zero 100013D7 | mov dword ptr ss:[esp],eax | 100013DA | mov eax,dword ptr ss:[esp] | 100013DD | add esp,8 | 100013E0 | ret | --- snip ---

0x10278538 dq 0.001 == constant

ECX: 0x01887188 (dynamic driver class instance (+8) on heap)

--- snip --- $ ==> 01887188 01B43380 $+4 0188718C 00000001 ... $+48 018871D0 3490CDC1 $+4C 018871D4 3DFCB31C --- snip ---

[ecx+48] = [018871D0] = this->dblUnkVal = 4.17635e-10

after floor(arg0): st(0) = 40149225100000000000 -> 2394435.0 (int) st(0) -> 2394435

'GetCurrentTimeMS' subroutine essentially does this:

rdtsc() / (int) floor(0.001 / this->dblUnkVal);

floor = round down the nearest integer

0.001 is an engine constant hence you only get division by zero if 'this->dblUnkVal' > 0.001

This is assuming that 'this->dblUnkVal' == 0.0 case doesn't occur.

===

Tidbit: Using the subroutine name I found the following reference:

https://raw.githubusercontent.com/SuiMachine/LiveSplit.ASLScripts/master/Pai...

--- snip --- state("painkiller", "Steam") { //To find addresses, reverse LoadingScreen::Render and get GEngine address for that //"Engine.dll", 0x4FEBE68 -> *PCFSystem

//Then X-ref back to World::Init. There you can find a first offset for GEngine and a bool value //Do keep in mind that for example IDA says *((_DWORD *)GEngine + 0x3C), but it's a DWORD, so it's 4 times 3C, so 0xF0 (now we base and offset) //"Engine.dll", 0x4FEBE68, 0xF0

//Now find LoadingScreen::Progress(v23, 1) in that function and get pointer for a bool value from that //"Engine.dll", 0x4FEBE68, 0xF0, 0x5D6BD4 -> *LoadingScreen (identical case for other games, just different offsets) //"Engine.dll", 0x4FEBE68, 0xF0, 0x5D6BD4, 0x88-> Bool value telling whatever loading is happening

//And then if you want to be bothered there is: //"Engine.dll", 0x4FEBE68, 0xF0, 0x5D6BD4, 0x88 + 0xC-> Float value for the progress indicator (aka % of completion - but we don't use it) bool pLoadingScreen : "Engine.dll", 0x4FEBE68, 0xF0, 0x5D6BD4, 0x88;

//To get a tick, find an extern function PCFSystem::TickEngine //In it, somewhere after middle you'll find a call to a function SystemDriver::GetCurrentTimeMS //It returns the time in MS and above has an int variable that is getting incremeneted with each tick and is set to 0 (below one of the calls to SystemDriver::GetCurrentTimeMS) int pTick : "Engine.dll", 0x3E9D2C;

//Name of a level you get by solving out pointer in World::Init string25 pLevelName : "Engine.dll", 0x4FEBE68, 0xE8, 0x01888, 0x0; } --- snip ---

It doesn't tell more information I already had gathered though.

I could try to track all write accesses to the member variable (class instance on heap) and check how a condition > 0.001 could be reached from various code paths but that's wasting a bit too much time for my taste with little value gain. Maybe if I run out of more interesting bugs which likely never happens.

Maybe OP can retest again with recent Wine 6.x release?

$ wine --version wine-6.2-360-g1649389edca

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

26 Feb 26 Feb

9:43 a.m.

New subject: [Bug 45194] Painkiller game crashes at start

https://bugs.winehq.org/show_bug.cgi?id=45194

du.wine@guu.fi changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |du.wine@guu.fi

--- Comment #25 from du.wine@guu.fi --- It's not a divide by zero. Take a look at the stack dump, the divisor at esp+4 is not zero.

The problem here is overflow, which also triggers the same divide exception that you get when when you divide by zero, i.e. you get SIGFPE and crash.

This happens when your uptime is too high: rdtsc returns a 64-bit result but result of division must fit in a 32-bit register. That's why I said a reboot will fix it.

https://c9x.me/x86/html/file_module_x86_id_72.html

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

12:48 p.m.

New subject: [Bug 45194] Painkiller Multiplayer demo (Dreamcatcher) 1.0 crashes at start (overflow in game engine time calculation)

https://bugs.winehq.org/show_bug.cgi?id=45194

Anastasius Focht focht@gmx.net changed:

--- Comment #26 from Anastasius Focht focht@gmx.net --- Hello Henri,

--- quote --- It's not a divide by zero. Take a look at the stack dump, the divisor at esp+4 is not zero.

This happens when your uptime is too high: rdtsc returns a 64-bit result but result of division must fit in a 32-bit register. That's why I said a reboot will fix it. --- quote ---

my bad, I missed that part. Thanks for the correction.

EDX = 0x00554a30 is indeed too large.

The demo was probably never patched (re-released) again but the real game.

https://www.pcgamingwiki.com/wiki/Painkiller

Protection ID scan for documentation:

Scanning -> C:\Program Files (x86)\DreamCatcher\PainkillerMultiplayerDemo\Bin\painkillerdemo.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 1167360 (011D000h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x40F2B4AF -> Mon 12th Jul 2004 15:56:31 (GMT) [TimeStamp] 0x40F2B4AF -> Mon 12th Jul 2004 15:56:31 (GMT) | PE Header | - | Offset: 0x00000120 | VA: 0x00400120 | - [TimeStamp] 0x40F2B4AF -> Mon 12th Jul 2004 15:56:31 (GMT) | DebugDirectory | - | Offset: 0x000447F4 | VA: 0x004447F4 | - [LoadConfig] Struct determined as v2 (Expected size 72 | Actual size 72) [!] Executable uses SEH Tables (/SAFESEH) (253 calculated 253 recorded... 0 invalid addresses) [File Heuristics] -> Flag #1 : 00000100000000000000000000000000 (0x04000000) [Entrypoint Section Entropy] : 6.52 (section #0) ".text " | Size : 0x420CB (270539) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 5 (0x5) | ImageSize 0x122000 (1187840) byte(s) [VersionInfo] Company Name : People Can Fly [VersionInfo] Product Name : Painkiller [VersionInfo] Product Version : 1.0.0.0 [VersionInfo] File Description : Painkiller [VersionInfo] File Version : 0.0.1.5 [VersionInfo] Original FileName : PainGame.exe [VersionInfo] Internal Name : PainGame.exe [VersionInfo] Legal Copyrights : (c) People Can Fly. All rights reserved. [ModuleReport] [IAT] Modules -> Engine.dll | KERNEL32.dll | USER32.dll | GDI32.dll | comdlg32.dll | WINSPOOL.DRV | ADVAPI32.dll | SHELL32.dll | COMCTL32.dll | SHLWAPI.dll | OLEAUT32.dll | WS2_32.dll [ModuleReport] [DelayImport] Modules -> OLEACC.dll [Debug Info] (record 1 of 1) (file offset 0x447F0) Characteristics : 0x0 | TimeDateStamp : 0x40F2B4AF (Mon 12th Jul 2004 15:56:31 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x58 (88) AddressOfRawData : 0x4F760 | PointerToRawData : 0x4F760 CvSig : 0x53445352 | SigGuid DFCC8F5B-44B6-462E-8424798D4993EC86 Age : 0x1 (1) | Pdb : c:\painkiller\Game\Bin\ObjectsRelease\PainEditor\PainEditor.pdb [CompilerDetect] -> Visual C++ 7.1 (Visual Studio 2003) [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.847 Second(s) [00000034Fh (847) tick(s)] [506 of 580 scan(s) done] --- snip ---

Marking 'INVALID' then since this is a bug in the game demo.

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

1:09 p.m.

New subject: [Bug 45194] Painkiller Multiplayer demo (Dreamcatcher) 1.0 crashes at start (overflow in game engine time calculation)

https://bugs.winehq.org/show_bug.cgi?id=45194

--- Comment #27 from Henri Kemppainen du.wine@guu.fi ---

...

The demo was probably never patched (re-released) again but the real game.

...

Marking 'INVALID' then since this is a bug in the game demo.

I'm not sure what the first sentence here is supposed to say, but I can confirm that this bug is also present in the full version (GOG, single player, did not test multiplayer), which is how I first encountered the issue a few months back. Of course it's still not a wine bug.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

2:20 p.m.

New subject: [Bug 45194] Painkiller (Dreamcatcher original, Multiplayer demo, GOG.com Black Edition 1.64) crashes at start on systems with high uptime (overflow in game engine time calculation)

https://bugs.winehq.org/show_bug.cgi?id=45194

Anastasius Focht focht@gmx.net changed:

--- Comment #28 from Anastasius Focht focht@gmx.net --- Hello Henri,

--- quote --- I can confirm that this bug is also present in the full version (GOG, single player, did not test multiplayer), --- quote ---

The GOG release is mentioned as "Black Edition" here:

https://www.gog.com/game/painkiller

It seems the latest official version of the game is 1.64, according to this comment:

https://www.gog.com/forum/painkiller_series/installing_mega_patch_and_unoffi...

--- quote --- I have not played Painkiller for a long time but I have decided to play it again, with unofficial 1.65 patch, everything was fine until the City on Water level, where it breaked the game for me. I can not proceed to fountain area, as 3 monster do not spawn so the game does not open the door to the next area. I do not know if anyone else experiencied this, just saying, I was forced to return to original 1.64 version of game.

Win10, GOG Black Edition of the game. --- quote ---

WineHQ appdb

https://appdb.winehq.org/objectManager.php?sClass=version&iId=16200

"Painkiller: Black Edition 1.64 (GOG)"

====

The original 'engine.dll' from the multiplayer demo in this bug report:

--- snip --- $ ll Engine.dll -rw-rw-r--. 1 focht focht 4173824 Jul 12 2004 Engine.dll

$ sha1sum Engine.dll 3f3c5d744613cfa684ab2934b9d1ca86f55dc01c Engine.dll --- snip ---

Protection ID scan:

--- snip --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> C:\Program Files (x86)\DreamCatcher\PainkillerMultiplayerDemo\Bin\Engine.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 4173824 (03FB000h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x40F2B47A -> Mon 12th Jul 2004 15:55:38 (GMT) [TimeStamp] 0x40F2B47A -> Mon 12th Jul 2004 15:55:38 (GMT) | PE Header | - | Offset: 0x00000120 | VA: 0x10000120 | - [TimeStamp] 0x40F2B479 -> Mon 12th Jul 2004 15:55:37 (GMT) | Export | - | Offset: 0x00388644 | VA: 0x10388644 | - [TimeStamp] 0x40F2B47A -> Mon 12th Jul 2004 15:55:38 (GMT) | DebugDirectory | - | Offset: 0x00278494 | VA: 0x10278494 | - [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00000100000000000000000100000000 (0x04000100) [Entrypoint Section Entropy] : 6.59 (section #0) ".text " | Size : 0x276A45 (2583109) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 5 (0x5) | ImageSize 0x4C4C000 (80003072) byte(s) [Export] 98% of function(s) (2707 of 2759) are in file | 0 are forwarded | 2613 code | 146 data | 0 uninit data | 0 unknown | [ModuleReport] [IAT] Modules -> DINPUT8.dll | WS2_32.dll | mss32.dll | WINMM.dll | binkw32.dll | KERNEL32.dll | USER32.dll | ADVAPI32.dll | SHELL32.dll | ole32.dll [Debug Info] (record 1 of 1) (file offset 0x278490) Characteristics : 0x0 | TimeDateStamp : 0x40F2B47A (Mon 12th Jul 2004 15:55:38 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x50 (80) AddressOfRawData : 0x37085C | PointerToRawData : 0x37085C CvSig : 0x53445352 | SigGuid 889426AE-8628-48B4-BA86829EC7AD5718 Age : 0x1 (1) | Pdb : c:\painkiller\Game\Bin\ObjectsRelease\Engine\Engine.pdb [CdKeySerial] found "CDKey" @ VA: 0x0027C6F0 / Offset: 0x0027C6F0 [CdKeySerial] found "CDKey" @ VA: 0x0027C6FB / Offset: 0x0027C6FB [CdKeySerial] found "CDKey" @ VA: 0x0027D3A8 / Offset: 0x0027D3A8 [CdKeySerial] found "Invalid code" @ VA: 0x002A21BC / Offset: 0x002A21BC [CdKeySerial] found "CDKey" @ VA: 0x003A0605 / Offset: 0x003A0605 [CdKeySerial] found "CDKey" @ VA: 0x003A490C / Offset: 0x003A490C [CdKeySerial] found "CDKey" @ VA: 0x003A49D2 / Offset: 0x003A49D2 [CdKeySerial] found "CDKey" @ VA: 0x003A8F9F / Offset: 0x003A8F9F [CdKeySerial] found "CDKey" @ VA: 0x003A9227 / Offset: 0x003A9227 [CompilerDetect] -> Visual C++ 7.1 (Visual Studio 2003) [!] File appears to have no protection or is using an unknown protection - Scan Took : 1.828 Second(s) [000000494h (1172) tick(s)] [246 of 580 scan(s) done] --- snip ---

====

Unofficial Patch v1.65 for Painkiller

http://pkzone.org/unofficial-patch-v1-65/

--- snip --- $ ll Engine.dll -rw-rw-r--. 1 focht focht 4440064 Feb 17 2005 Engine.dll

$ sha1sum Engine.dll e124d3bbd364e060e019201c1154a83c6a9d027f Engine.dll --- snip ---

Although the engine dll seems newer/updated, the code in the function didn't change (potential overflow still present):

--- snip --- 10001450 | sub esp,8 | 10001453 | fld st(0),qword ptr ds:[102AE578] | 10001459 | sub esp,8 | 1000145C | fdiv st(0),qword ptr ds:[ecx+50] | 1000145F | fstp qword ptr ss:[esp],st(0) | 10001462 | call engine.10286760 | floor() 10001467 | fnstcw word ptr ss:[esp+8] | 1000146B | movzx eax,word ptr ss:[esp+8] | 10001470 | add esp,8 | 10001473 | or ah,C | 10001476 | mov dword ptr ss:[esp+4],eax | 1000147A | fldcw word ptr ss:[esp+4] | 1000147E | fistp dword ptr ss:[esp+4],st(0) | 10001482 | mov eax,dword ptr ss:[esp+4] | 10001486 | mov dword ptr ss:[esp+4],eax | 1000148A | fldcw word ptr ss:[esp] | 1000148D | xor eax,eax | 1000148F | xor edx,edx | 10001491 | rdtsc | 10001493 | div dword ptr ss:[esp+4] | 10001497 | mov dword ptr ss:[esp],eax | 1000149A | mov eax,dword ptr ss:[esp] | 1000149D | add esp,8 | 100014A0 | ret | --- snip ---

Scanning -> C:\Program Files (x86)\DreamCatcher\PainkillerMultiplayerDemo\Bin\Painkiller.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 1474560 (0168000h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x4214B256 -> Thu 17th Feb 2005 15:03:50 (GMT) [TimeStamp] 0x4214B256 -> Thu 17th Feb 2005 15:03:50 (GMT) | PE Header | - | Offset: 0x00000120 | VA: 0x00400120 | - [TimeStamp] 0x4214B256 -> Thu 17th Feb 2005 15:03:50 (GMT) | DebugDirectory | - | Offset: 0x0006E904 | VA: 0x0046E904 | - [LoadConfig] Struct determined as v2 (Expected size 72 | Actual size 72) [!] Executable uses SEH Tables (/SAFESEH) (388 calculated 388 recorded... 0 invalid addresses) [File Heuristics] -> Flag #1 : 00000100000000000000000000000000 (0x04000000) [Entrypoint Section Entropy] : 6.51 (section #0) ".text " | Size : 0x6C9F6 (444918) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 5 (0x5) | ImageSize 0x16D000 (1495040) byte(s) [VersionInfo] Company Name : People Can Fly [VersionInfo] Product Name : Painkiller [VersionInfo] Product Version : 1.0.0.0 [VersionInfo] File Description : Painkiller [VersionInfo] File Version : 0.0.1.5 [VersionInfo] Original FileName : PainGame.exe [VersionInfo] Internal Name : PainGame.exe [VersionInfo] Legal Copyrights : (c) People Can Fly. All rights reserved. [ModuleReport] [IAT] Modules -> Engine.dll | KERNEL32.dll | USER32.dll | GDI32.dll | comdlg32.dll | WINSPOOL.DRV | ADVAPI32.dll | SHELL32.dll | COMCTL32.dll | SHLWAPI.dll | ole32.dll | OLEAUT32.dll | WS2_32.dll | WINMM.dll | oledlg.dll [ModuleReport] [DelayImport] Modules -> OLEACC.dll [Debug Info] (record 1 of 1) (file offset 0x6E900) Characteristics : 0x0 | TimeDateStamp : 0x4214B256 (Thu 17th Feb 2005 15:03:50 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x58 (88) AddressOfRawData : 0x81D00 | PointerToRawData : 0x81D00 CvSig : 0x53445352 | SigGuid 87465267-0864-4DB7-AC389EC65DF46F2A Age : 0x3 (3) | Pdb : w:\Painkiller\Game\Bin\ObjectsRelease\PainEditor\PainEditor.pdb [CompilerDetect] -> Visual C++ 7.1 (Visual Studio 2003) [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.925 Second(s) [00000039Dh (925) tick(s)] [506 of 580 scan(s) done]

Scanning -> C:\Program Files (x86)\DreamCatcher\PainkillerMultiplayerDemo\Bin\Engine.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 4440064 (043C000h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x4214B251 -> Thu 17th Feb 2005 15:03:45 (GMT) [TimeStamp] 0x4214B251 -> Thu 17th Feb 2005 15:03:45 (GMT) | PE Header | - | Offset: 0x00000118 | VA: 0x10000118 | - [TimeStamp] 0x4214B250 -> Thu 17th Feb 2005 15:03:44 (GMT) | Export | - | Offset: 0x003C2504 | VA: 0x103C2504 | - [TimeStamp] 0x4214B251 -> Thu 17th Feb 2005 15:03:45 (GMT) | DebugDirectory | - | Offset: 0x002AE4D4 | VA: 0x102AE4D4 | - [LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0 [LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848) [LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008) [LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C [LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360 [LoadConfig] UnknownZero1 0x8000011 [File Heuristics] -> Flag #1 : 00000100000000000000000100000000 (0x04000100) [Entrypoint Section Entropy] : 6.58 (section #0) ".text " | Size : 0x2ACD75 (2805109) byte(s) [DllCharacteristics] -> Flag : (0x0000) -> NONE [SectionCount] 5 (0x5) | ImageSize 0x5045000 (84168704) byte(s) [Export] 98% of function(s) (2813 of 2867) are in file | 0 are forwarded | 2718 code | 149 data | 0 uninit data | 0 unknown | [ModuleReport] [IAT] Modules -> DINPUT8.dll | WS2_32.dll | mss32.dll | WINMM.dll | binkw32.dll | KERNEL32.dll | USER32.dll | ADVAPI32.dll | SHELL32.dll | ole32.dll [Debug Info] (record 1 of 1) (file offset 0x2AE4D0) Characteristics : 0x0 | TimeDateStamp : 0x4214B251 (Thu 17th Feb 2005 15:03:45 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x50 (80) AddressOfRawData : 0x3A8D7C | PointerToRawData : 0x3A8D7C CvSig : 0x53445352 | SigGuid BEC5D164-2B0A-4A0E-A6B5DAE9643DCDA6 Age : 0x3 (3) | Pdb : w:\Painkiller\Game\Bin\ObjectsRelease\Engine\Engine.pdb [CdKeySerial] found "CDKey" @ VA: 0x002B2D14 / Offset: 0x002B2D14 [CdKeySerial] found "CDKey" @ VA: 0x002B2D1F / Offset: 0x002B2D1F [CdKeySerial] found "CDKey" @ VA: 0x002B39D0 / Offset: 0x002B39D0 [CdKeySerial] found "Invalid code" @ VA: 0x002DA6DC / Offset: 0x002DA6DC [CdKeySerial] found "CDKey" @ VA: 0x003D9784 / Offset: 0x003D9784 [CdKeySerial] found "CDKey" @ VA: 0x003DB9CF / Offset: 0x003DB9CF [CdKeySerial] found "CDKey" @ VA: 0x003DFB7C / Offset: 0x003DFB7C [CdKeySerial] found "CDKey" @ VA: 0x003E4398 / Offset: 0x003E4398 [CdKeySerial] found "CDKey" @ VA: 0x003E4623 / Offset: 0x003E4623 [CompilerDetect] -> Visual C++ 7.1 (Visual Studio 2003) [!] File appears to have no protection or is using an unknown protection - Scan Took : 1.757 Second(s) [0000004DBh (1243) tick(s)] [246 of 580 scan(s) done] --- snip ---

Unofficial Patch v1.66 for Painkiller

https://www.moddb.com/mods/painkiller-black-edition-unofficial-patch-166/dow...

I've checked the v1.66 patch 'engine.dll' and it's identical to v1.65 patch.

GOG.com and/or the original publisher Dreamcatcher were apparently never made aware of the problem. They probably wouldn't do anything as the effort to fix the problem and provide an updated version is not worth the cost. Only a negligible number of users encountered this problem and an easy workaround exists.

I've updated the summary again. Thanks for the information on the GOG version.

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

WineHQ Bugzilla

23 Apr 23 Apr

3:16 p.m.

New subject: [Bug 45194] Painkiller (Dreamcatcher original, Multiplayer demo, GOG.com Black Edition 1.64) crashes at start on systems with high uptime (overflow in game engine time calculation)

https://bugs.winehq.org/show_bug.cgi?id=45194

Gijs Vermeulen gijsvrm@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED

--- Comment #29 from Gijs Vermeulen gijsvrm@gmail.com --- Closing INVALID.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

1367

Age (days ago)

2443

Last active (days ago)

wine-bugs@winehq.org

30 comments

2 participants

tags (0)

participants (2)

wine-bugs＠winehq.org
WineHQ Bugzilla