[Bug 9484] New: Program refuses to run because of ProtectCD/ ProtectDISC copy-protection
http://bugs.winehq.org/show_bug.cgi?id=9484
Summary: Program refuses to run because of ProtectCD/ProtectDISC copy-protection Product: Wine Version: CVS/GIT Platform: All OS/Version: All Status: UNCONFIRMED Severity: major Priority: P2 Component: wine-loader AssignedTo: wine-bugs@winehq.org ReportedBy: klaus.layer@gmx.de
Created an attachment (id=7825) --> (http://bugs.winehq.org/attachment.cgi?id=7825) +all trace
Mathetrainer is a german educational software. It installs fine on Wine, but after starting it insists on inserting the original CD in the CD drive although it is in the drive. A scan of the main executable with a copy protection scanner reveals
Scanning -> c:\Programme\Klett\Mathetrainer 5\Mathetrainer.exe File Type : Exe, Size : 1231923 (012CC33h) Bytes -> File has 46094 (0B40Eh) bytes of appended data starting at offset 0121825h [!] Protect DiSC v6.2 - v6.8 (Build 12-07-2005) detected ! [!] exact version: Protect DiSC v6.2.5 ! [!] protection level: Basic
According to http://www.cdmediaworld.com/hardware/cdrom/cd_protections_protectcd.shtml this protection also refered as ProtectCD is a commonly used protection scheme. Other titles like "Need For Speed" and "Quake 3" make use of this protection scheme too.
The application Mathetrainer seems to be based on Delphi and flash would probably run if the copy protection check would succeed on Wine.
http://bugs.winehq.org/show_bug.cgi?id=9484
Vitaliy Margolen vitaliy@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|wine-loader |wine-kernel
--- Comment #1 from Vitaliy Margolen vitaliy@kievinfo.com 2007-08-27 07:46:21 --- Driver doesn't load because it wants some real information returned for ZwQuerySystemInformation(SystemHandleInformation):
0010:Call ntdll.ZwQuerySystemInformation(00000010,0011ce70,00002000,00000000) ret=00467d8c 0010:trace:ntdll:NtQuerySystemInformation (0x00000010,0x11ce70,0x00002000,(nil)) 0010:Ret ntdll.ZwQuerySystemInformation() retval=00000000 ret=00467d8c -- 0010:Ret driver init 0x4a3000 (obj=0x7ee86500,str=L"\Registry\Machine\System\CurrentControlSet\Services\ACEDRV05") retval=c000009a
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #2 from Klaus Layer klaus.layer@gmx.de 2007-10-06 09:27:49 --- I would like to nominate this bug for the 1.0 release, could someone please set the target release?
http://bugs.winehq.org/show_bug.cgi?id=9484
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dank@kegel.com Target Milestone|--- |1.0.0
--- Comment #3 from Dan Kegel dank@kegel.com 2007-10-06 10:48:23 --- Sure, why not... if it's too hard, we can bump it to 1.1 later.
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #4 from Dan Kegel dank@kegel.com 2007-10-06 10:50:53 --- Is this the product's URL? http://www.klett.de/projekte/extra/mathematik/mathetrainer-extra/ And is this the right appdb entry? http://appdb.winehq.org/objectManager.php?sClass=application&iId=4759
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #5 from Klaus Layer klaus.layer@gmx.de 2007-10-07 14:15:22 --- Yes, these are the links. Unfortunately there is no protected demo available. If someone would work on this I would send the original CD package via UPS.
http://bugs.winehq.org/show_bug.cgi?id=9484
Klaus Layer klaus.layer@gmx.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #6 from Klaus Layer klaus.layer@gmx.de 2007-10-07 14:21:51 --- *** This bug has been confirmed by popular vote. ***
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #7 from Klaus Layer klaus.layer@gmx.de 2007-10-17 14:43:39 --- I just noticed that sysinternals process explorer also uses ntdll function ntquerysysteminformation with info_class SYSTEM_HANDLE_INFORMATION to get handle information for processes. A fixme trace in ntdll/nt.c would at least make this more clear.
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #8 from Klaus Layer klaus.layer@gmx.de 2007-10-30 06:18:08 --- Created an attachment (id=8867) --> (http://bugs.winehq.org/attachment.cgi?id=8867) +tid,+seh,+loaddll,+ntoskrnl,+relay
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #9 from Austin English austinenglish@gmail.com 2008-03-24 12:43:54 --- Can anyone test this in wine 0.9.58? Some other copy protections are working better, and if this isn't working yet, we might want to delay it to wine 1.2...
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #10 from tiloem@gmx.net 2008-03-24 16:53:00 --- (In reply to comment #9)
Can anyone test this in wine 0.9.58? [..]
I just tested it. It still doesn't start because of copy protection. (Programm I tested: mediscript 2.ÄP 8/2006)
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #11 from Klaus Layer klaus.layer@gmx.de 2008-03-25 06:47:16 --- Created an attachment (id=11636) --> (http://bugs.winehq.org/attachment.cgi?id=11636) +all trace Mathetrainer5
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #12 from Klaus Layer klaus.layer@gmx.de 2008-03-25 07:04:58 --- Created an attachment (id=11637) --> (http://bugs.winehq.org/attachment.cgi?id=11637) +all trace Mathetrainer6
http://bugs.winehq.org/show_bug.cgi?id=9484
Klaus Layer klaus.layer@gmx.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |focht@gmx.net
--- Comment #13 from Klaus Layer klaus.layer@gmx.de 2008-03-25 07:13:33 --- Tested with two different versions with wine 0.9.58. In both on trying to load the copy protection driver ACEDRV*.sys a SEH occurs. Maybe focht can take a look.
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #14 from Anastasius Focht focht@gmx.net 2008-03-25 09:49:23 --- Hello,
send me the kernel driver binaries
"C:\windows\system32\drivers\ACEDRV05.sys" (Mathetrainer 5) "C:\windows\system32\drivers\ACEDRV07.sys" (Mathetrainer 6)
in a .zip archive to my email address (hover over my nick).
Regards
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #15 from Klaus Layer klaus.layer@gmx.de 2008-03-25 10:10:25 --- Done. If you need the original CD media please let me know. I will send you by snail mail. Thnx
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #16 from Anastasius Focht focht@gmx.net 2008-03-25 16:09:56 --- Created an attachment (id=11646) --> (http://bugs.winehq.org/attachment.cgi?id=11646) patch which enables relocation fixups on kernel drivers
Hello,
the crash in kernel driver init routine is due to missing relocation fixups.
I've already explained the issue because this is also needed for SecuROM 4.8 copy protection driver:
http://bugs.winehq.org/show_bug.cgi?id=7065#c74
Actually I'd like to see *both* problems described there fixed in GIT - the relocation fixups and having a fake mountmgr.sys in system32\drivers.
Maybe AJ has some objections regarding the fixes but I think I've already provided enough in-depth information/proof.
For convenience I attached the reloc fix which should let the driver init routine succeed. The kernel driver itself is encrypted which is a bit of nuisance but not problem at all :-)
Regards
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #17 from Klaus Layer klaus.layer@gmx.de 2008-03-25 19:26:39 --- Created an attachment (id=11653) --> (http://bugs.winehq.org/attachment.cgi?id=11653) +all trace with relocation patch mathetrainer5
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #18 from Klaus Layer klaus.layer@gmx.de 2008-03-25 19:35:26 --- Created an attachment (id=11654) --> (http://bugs.winehq.org/attachment.cgi?id=11654) +all trace with relocation patch mathetrainer6
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #19 from Klaus Layer klaus.layer@gmx.de 2008-03-25 19:44:51 --- thnx focht for analyzing. I applied the relocation fixup patch to latest git and created a fake mountmgr.sys in system32/drivers. Both mathetrainer versions now load the acedrv* drivers without crashing. But the copy protection still seems not to like the wine environment. I attach new +all traces. Maybe it gives you a hint what it going wrong.
regards
http://bugs.winehq.org/show_bug.cgi?id=9484
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|1.0.0 |1.2.0
--- Comment #20 from Alexandre Julliard julliard@winehq.org 2008-04-19 03:58:07 --- The relocation bug is fixed, the rest is not going to happen for 1.0, deferring.
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #21 from Austin English austinenglish@gmail.com 2008-10-22 14:24:56 --- Is this still an issue in current (1.1.6 or newer) wine?
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #22 from Klaus Layer klaus.layer@gmx.de 2008-10-24 03:34:26 --- Yes, the copy protection still rejects to run the program with original CD in drive with latest git.
In the last trace I attached I see a SEH after GetProcAddress which is called with LoadLibraryA. Could this be some sort of entry point checking as known from punkbuster? Focht what do you think?
0009:trace:module:LdrGetDllHandle L"Kernel32.dll" -> 0x7ee00000 (load path L"C:\Programme\Klett\Mathetrainer 6;.;C:\windows\system32;C:\windows\system;C:\windows;C:\windows\system32;C:\windows") 0009:Ret KERNEL32.GetModuleHandleA() retval=7ee00000 ret=0043a61f 0009:Call KERNEL32.GetProcAddress(7ee00000,0043a5ae "LoadLibraryA") ret=0043a63a 0009:Ret KERNEL32.GetProcAddress() retval=7ee0a0ec ret=0043a63a 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0x443546 0009:trace:seh:raise_exception info[0]=00000001 0009:trace:seh:raise_exception info[1]=00000000 0009:trace:seh:raise_exception eax=00000000 ebx=7ee90be8 ecx=00400000 edx=00400000 esi=ffffffa8 edi=00405000 0009:trace:seh:raise_exception ebp=00004d14 esp=0034feec cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00010206 0009:trace:seh:call_stack_handlers calling handler at 0x441d79 code=c0000005 flags=0 0009:trace:seh:call_stack_handlers handler at 0x441d79 returned 0
http://bugs.winehq.org/show_bug.cgi?id=9484
Michael Karpukhin triada123@pochta.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |triada123@pochta.ru
http://bugs.winehq.org/show_bug.cgi?id=9484
Henrik Steffen henrik-steffen@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |henrik-steffen@web.de
http://bugs.winehq.org/show_bug.cgi?id=9484
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|CVS/GIT |unspecified
--- Comment #23 from Austin English austinenglish@gmail.com 2009-01-15 10:53:39 --- Removing deprecated CVS/GIT version tag. Please retest in current git. If still present, update version field to earliest known version of wine that had this bug. Thanks!
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #24 from Henrik Steffen henrik-steffen@web.de 2009-01-15 19:29:23 --- Created an attachment (id=18720) --> (http://bugs.winehq.org/attachment.cgi?id=18720) debug of latest wine-git 1.1.12-629-g1608cb9
Hello!
Bug is still present, in current wine. Trying to run Mediscript.exe from original cd, which also use ProtectDisc copy protection. When wine is started there appears a window, which tells about installing ProtectDisc drivers, but nothing happens, wine seems caught in a loop.
Thank you in advance!
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #25 from Alexander Opitz opi@gmx.at 2009-06-25 16:36:52 --- Created an attachment (id=22021) --> (http://bugs.winehq.org/attachment.cgi?id=22021) console output with wine 1.1.24
This is the console output of wine (1.1.24) run the "WesternStar" game after installation. The game uses ProtectDisc. Will help if needed.
http://bugs.winehq.org/show_bug.cgi?id=9484
Alexander Opitz opi@gmx.at changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |opi@gmx.at
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #26 from Klaus Layer klaus.layer@gmx.de 2009-06-26 01:34:08 --- Can you please add what version of ProtectDisc is being used
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #27 from Klaus Layer klaus.layer@gmx.de 2009-12-08 14:47:56 --- When loading the device driver winedevice.exe crashes at
0x683feae3 load_driver_module+0x283 [/home/d023868/make/wine-git/programs/winedevice/device.c:103] in winedevice: movl $0x0,0xa0(%edx) 103 nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress = 0;
This occurs in current git as well as in older versions. Test back til wine-1.1.15.
Any idea?
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #28 from Klaus Layer klaus.layer@gmx.de 2009-12-08 15:06:24 --- Created an attachment (id=25132) --> (http://bugs.winehq.org/attachment.cgi?id=25132) backtrace
http://bugs.winehq.org/show_bug.cgi?id=9484
Luke Bratch l_bratch@yahoo.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |l_bratch@yahoo.co.uk
http://bugs.winehq.org/show_bug.cgi?id=9484
Austin Lund austin.lund@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |austin.lund@gmail.com
--- Comment #29 from Austin Lund austin.lund@gmail.com 2010-07-07 23:50:13 --- Code was checked into git with commit fe136025 dated 2010-06-15 which should stop the last protection fault.
Can you please check this?
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #30 from Klaus Layer klaus.layer@gmx.de 2010-07-11 04:34:46 --- I can confirm that the crash in winedevice no longer occurs.
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #31 from Austin Lund austin.lund@gmail.com 2010-07-11 06:05:24 --- I'm getting confused with the above comments. Is the original bug still present even though it's not crashing?
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #32 from Klaus Layer klaus.layer@gmx.de 2010-07-11 16:48:58 --- Yes, the original bug is still present. Only the crash reported in http://bugs.winehq.org/show_bug.cgi?id=9484#c27 seems to be resolved.
http://bugs.winehq.org/show_bug.cgi?id=9484
Dmitry Timoshkov dmitry@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Platform|All |Other Target Milestone|1.2.0 |--- OS/Version|All |other Severity|major |normal
http://bugs.winehq.org/show_bug.cgi?id=9484
anakinpendragon anakinpendragon@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |anakinpendragon@gmail.com
--- Comment #33 from anakinpendragon anakinpendragon@gmail.com 2010-07-12 08:06:53 --- There are no more problem for me in Wine1.2-rc7.Work for me in the game Lord of Ring's the return of king. I am using Mandriva 2010 32bits, My machine is a notebook atlhon dual core with a video card ati radean 3200. Unfortunately after the game to load, stop in the logo of EA. But with crack for no cd there are the same bug.
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #34 from Klaus Layer klaus.layer@gmx.de 2010-07-12 12:18:24 --- Can you please check with protectionID which copy protection sceme plus version is being used by "Lord of Ring's the return of king" and paste the result to this bug report.
Thanks
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #35 from Klaus Layer klaus.layer@gmx.de 2010-07-19 15:04:51 --- (In reply to comment #33) It would be really good to know which copy protection is being used by this game. Please check with protectionID which can be downloaded from here:
Thanks
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #36 from anakinpendragon anakinpendragon@gmail.com 2010-07-19 18:19:12 --- (In reply to comment #35)
(In reply to comment #33) It would be really good to know which copy protection is being used by this game. Please check with protectionID which can be downloaded from here:
Thanks
I think is this: )
Scanning -> C:\Arquivos de programas\EA GAMES\O Regresso do Rei tm\ROTK.exe-bkp File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 2874232 (02BDB78h) Byte(s) -> File has 1170296 (011DB78h) bytes of appended data starting at offset 01A0000h [File Heuristics] -> Flag : 00000000000000000100010100000111 (0x00004507) [!] Safedisc v3.10.020 detected ! [i] Appended data contents.... [.] o: 0x001A0028 / t: <0xA8726B03> <0xEF01996C> <0x00000001> / s: 00190206 byte(s) -> ~deb86d.tmp [.] o: 0x001CE74D / t: <0xA8726B03> <0xEF01996C> <0x0000044C> / s: 00011923 byte(s) -> clcd32.dll [.] o: 0x001D1607 / t: <0xA8726B03> <0xEF01996C> <0x0000044C> / s: 00004122 byte(s) -> clcd16.dll [.] o: 0x001D2645 / t: <0xA8726B03> <0xEF01996C> <0x0000044D> / s: 00037971 byte(s) -> mcp.dll [.] o: 0x001DBABF / t: <0xA8726B03> <0xEF01996C> <0x00000002> / s: 00007064 byte(s) -> SECDRV.SYS [.] o: 0x001DD67E / t: <0xA8726B03> <0xEF01996C> <0x00000002> / s: 00019048 byte(s) -> DrvMgt.dll [.] o: 0x001E210F / t: <0xA8726B03> <0xEF01996C> <0x0000000B> / s: 00005446 byte(s) -> SecDrv04.VxD [.] o: 0x001E367D / t: <0xA8726B03> <0xEF01996C> <0x00000000> / s: 00073276 byte(s) -> ~e5d141.tmp [.] o: 0x001F54E0 / t: <0xA8726B03> <0xEF01996C> <0x00000000> / s: 00045056 byte(s) -> PfdRun.txt [.] o: 0x00200508 / t: <0xA8726B03> <0xEF01996C> <0x00000000> / s: 00775708 byte(s) -> ~df394b.tmp [CompilerDetect] -> Visual C++ 7.0 (Visual Studio 2002) - Scan Took : 0.61 Second(s)
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #37 from Klaus Layer klaus.layer@gmx.de 2011-06-08 07:12:19 CDT --- retested mathetrainer 5 with current GIT wine-1.3.21-255-g38a2139
protectionID reveals
Scanning -> Z:\home\user\wine\mathetrainer5\drive_c\Programme\Klett\Mathetrainer 5\Mathetrainer.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 1231923 (012CC33h) Byte(s) [x] Warning - FileAlignment seems wrong.. is 0x00000200, calculated 0x00000400 -> File has 46094 (0B40Eh) bytes of appended data starting at offset 0121825h [File Heuristics] -> Flag : 00000000000001001000001000100101 (0x00048225) [!] Protect DiSC v6.2.5 [Build 0xC618 / 50712] detected! - Scan Took : 0.174 Second(s)
program still complains about original CD
+all log can be loaded from here:
http://www.galuptanum.net/mt5.txt.bz2
http://bugs.winehq.org/show_bug.cgi?id=9484
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Program refuses to run |ProtectDISC 6.x: media |because of |validation fails |ProtectCD/ProtectDISC |(Mathetrainer 5) |copy-protection |
--- Comment #38 from Anastasius Focht focht@gmx.net 2011-06-08 15:28:37 CDT --- Hello,
targeting major version and adjusting summary a bit... If that helper kernel driver (filter) is really needed (currently fails in driver entry), it might require some "pseudo" kernel infrastructure currently not present.
Regards
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #39 from Klaus Layer klaus.layer@gmx.de 2011-06-09 08:52:56 CDT --- Can you please explain what "pseudo" kernel infrastructure is missing.
Thanks
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #40 from Austin Lund austin.lund@gmail.com 2011-06-09 19:15:28 CDT --- The first call to CreateServiceA call on line 228368 of that log fails with error code ERROR_SERVICE_EXISTS which means that the call to scmdatabase_find_service in the svcctl_CreateServiceW function of programs/services/rpc.c failed.
Is this meant to be like this?
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #41 from Austin Lund austin.lund@gmail.com 2011-06-10 05:12:39 CDT --- (In reply to comment #40)
Is this meant to be like this?
Seems the answer is yes. It's started earlier.
Could the solution be in this request for handle information? i.e. this bit:
0017:Call ntdll.ZwQuerySystemInformation(00000010,00129810,00002000,00000000) ret=00557d8c 0017:trace:ntdll:NtQuerySystemInformation (0x00000010,0x129810,0x00002000,(nil)) 0017:fixme:ntdll:NtQuerySystemInformation info_class SYSTEM_HANDLE_INFORMATION 0017:Ret ntdll.ZwQuerySystemInformation() retval=00000000 ret=00557d8c
The return value indicates success, but the implementation doesn't actually seem to do anything useful in terms of output.
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #42 from Austin Lund austin.lund@gmail.com 2011-06-12 19:03:04 CDT --- Created an attachment (id=35114) --> (http://bugs.winehq.org/attachment.cgi?id=35114) Very rudimentary implementation of SystemHandleInformation for NtQuerySystemInformation()
It is hard to know what the program actually wants. But here is a patch which adds in some of that handle information (just the pid value and count really).
The program probably wants more info, but I think getting more information would involve either a change to the wineserver protocol or a nasty hack. Both of which I'm not sure about. At the end of the day, however, the structure has a pointer to a kernel memory structure for the handle which seems to be totally undocumented. But how to emulate this userspace/kernel interface is confusing to me.
So before any further work, can you please test this patch and resend the log, just to see what it complains about. (My guess is it will segfault).
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #43 from Klaus Layer klaus.layer@gmx.de 2011-06-13 05:07:22 CDT --- Thanks for the patch. I applied and retested. You can find a +all log here:
http://www.galuptanum.net/mt5+patch.log.bz2
Regards
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #44 from Austin Lund austin.lund@gmail.com 2011-06-13 07:55:29 CDT --- (In reply to comment #43)
Thanks for the patch. I applied and retested.
Dang. Segfault it is. But no backtrace. I cannot seem to piece together a backtrace from what is in the log file. Hard to know if it is the object pointer that cases it or the zero handle (or something else again).
http://bugs.winehq.org/show_bug.cgi?id=9484
Austin Lund austin.lund@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #35114|0 |1 is obsolete| |
--- Comment #45 from Austin Lund austin.lund@gmail.com 2011-06-14 00:05:42 CDT --- Created an attachment (id=35127) --> (http://bugs.winehq.org/attachment.cgi?id=35127) Implementation which checks for null pointers
Aww.. damn! I forgot to check if the ReturnLength pointer is null (which it is here). That'll be why it is crashing here. Can you please try this new one?
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #46 from Klaus Layer klaus.layer@gmx.de 2011-06-14 08:28:37 CDT --- With the new patch the crash no longer occurs. Now it tries to call NtQueryObject with a info class which is currently not supported by Wine.
You can find the new +all trace here:
http://www.galuptanum.net/mt5+patch2.log.bz2
Thanks
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #47 from Austin Lund austin.lund@gmail.com 2011-06-15 01:00:26 CDT --- Great! It just seems to use the NtQuerySystemInformation call to get a full list of handles then calls NtQueryObject on them one by one. Not sure exactly what it's looking for.
Nevertheless, I think this will need a new wineserver call to get the handle values to work. Unless there is another way of doing it which is already in the source.
http://bugs.winehq.org/show_bug.cgi?id=9484
Austin Lund austin.lund@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #35127|0 |1 is obsolete| |
--- Comment #48 from Austin Lund austin.lund@gmail.com 2011-06-21 06:18:19 CDT --- Created an attachment (id=35220) --> (http://bugs.winehq.org/attachment.cgi?id=35220) Patch to add handles to SystemHandleInfo and type names to NtQueryObject
This patch now adds a wineserver call to get the process handles and also has a rough implementation of the type info for NtQueryObject. I'll try and get these changes into git, but it might take a quite.
The service calls wcslen() on the type string and it doesn't like the length of the default string I've used. I've tried a few but cannot seem to figure out what it wants from the type string.
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #49 from Klaus Layer klaus.layer@gmx.de 2011-06-21 10:58:18 CDT --- After applying the patch I but get build errors:
gcc -c -I. -I. -I../../include -I../../include -D__WINESRC__ -D_NTSYSTEM_ -D_REENTRANT -fPIC -Wall -pipe -fno-strict-aliasing -Wdeclaration-after-statement -Wempty-body -Wstrict-prototypes -Wtype-limits -Wwrite-strings -Wpointer-arith -g -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -o nt.o nt.c nt.c: In function ‘NtQuerySystemInformation’: nt.c:1736: error: ‘union generic_request’ has no member named ‘next_handle_request’ nt.c:1736: error: ‘union generic_reply’ has no member named ‘next_handle_reply’ nt.c:1736: error: ‘REQ_next_handle’ undeclared (first use in this function) nt.c:1736: error: (Each undeclared identifier is reported only once nt.c:1736: error: for each function it appears in.) nt.c:1738: error: dereferencing pointer to incomplete type nt.c:1739: error: dereferencing pointer to incomplete type nt.c:1741: error: dereferencing pointer to incomplete type nt.c:1742: error: dereferencing pointer to incomplete type make[1]: *** [nt.o] error 1
Are the patches you submitted to git a precondition for this patch?
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #50 from Austin Lund austin.lund@gmail.com 2011-06-21 17:48:02 CDT --- (In reply to comment #49)
nt.c: In function ‘NtQuerySystemInformation’: nt.c:1736: error: ‘union generic_request’ has no member named ‘next_handle_request’
Sorry. You have to run 'tools/make_requests' for this to build. I have changed server/protocol.def and you need to do that.
After having a good nights sleep, I've found that it is looking for "File" as the type string (duh, should have thought of that before). It then calls NtQueryInformationFile on the handle asking for FileNameInformation. It then calls wcslen on the name. The only time I see it do anything more than this is for L"\windows\system32\drivers\ACEDRV05.sys" where it does some tolower() calls and some TlsGetValue calls, but then continues on it's merry way looping through all the handles.
At the end of all this the driver init still returns with code STATUS_INSUFFICIENT_RESOURCES, which is an highly unenlightening error code.
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #51 from Klaus Layer klaus.layer@gmx.de 2011-06-22 02:26:03 CDT --- Thanks for the hint. After calling tools/make_request it builds.
With you new patch copy protect still complains about missing media. I added a new +all trace:
http://www.galuptanum.net/mt5+patch3.log.bz2
http://bugs.winehq.org/show_bug.cgi?id=9484
Austin Lund austin.lund@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #35220|0 |1 is obsolete| |
--- Comment #52 from Austin Lund austin.lund@gmail.com 2011-06-26 23:25:08 CDT --- Created an attachment (id=35299) --> (http://bugs.winehq.org/attachment.cgi?id=35299) Include previous changes and make KdDebuggerEnabled symbol as BOOLEAN in ntoskrnl.exe
Please try this patch. I can get the driver to successfully initialise with it, so it may work.
All this patch does (on top of everything else) is make the KdDebuggerEnabled in ntoskrnl.exe a BOOLEAN, export it as such, and initialise it to FALSE.
It should apply to current git and you'll need to run tools/make_requests, as in the previous one, to get it to build.
http://bugs.winehq.org/show_bug.cgi?id=9484
tiloem@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |tiloem@gmx.net
--- Comment #53 from tiloem@gmx.net 2011-06-27 00:13:57 CDT --- I suggest to contact the developers of daemon-tools.cc as they have included some emulation of protect disk in their product. They might share some details. Thanks for your efforts anyway.
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #54 from Klaus Layer klaus.layer@gmx.de 2011-06-27 02:11:00 CDT --- Great. Thanks for your work. The driver now seems to initialize properly. Later it crashes inside acedrv5 with the backtrace below.
I uploaded the full log to http://www.galuptanum.net/mt5+patch4.log.bz2
err:int:emulate_instruction Unsupported DR register, eip+2 is f8 wine: Unhandled privileged instruction at address 0x5653d0 (thread 0017), starting debugger... Unhandled exception: privileged instruction in 32-bit code (0x005653d0). Register dump: CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b EIP:005653d0 ESP:0053e7cc EBP:0053e818 EFLAGS:00010206( R- -- I - -P- ) EAX:00000400 EBX:0053e960 ECX:00000398 EDX:00000001 ESI:00000000 EDI:0053e880 Stack dump: 0x0053e7cc: 005736d8 0053e880 00110f88 681e0ff4 0x0053e7dc: 680b815e 014c850a 00000000 00002710 0x0053e7ec: 74e1725e 00000000 0053e9a8 894a6b4e 0x0053e7fc: 01cc3498 680b8119 681e0ff4 0053e818 0x0053e80c: 681cdf10 0053e960 00110f88 0053e9c8 0x0053e81c: 681cf13a 00110f88 0053e880 00000000 Backtrace: =>0 0x005653d0 in acedrv05.sys (+0x253d0) (0x0053e818) 1 0x681cf13a wine_ntoskrnl_main_loop+0x2f9(stop_event=0x34) [/home/d023868/make/wine-git/dlls/ntoskrnl.exe/ntoskrnl.c:175] in ntoskrnl (0x0053e9c8) 2 0x7a4fa541 ServiceMain+0x1e0(argc=0x1, argv=0x110ae8) [/home/d023868/make/wine-git/programs/winedevice/device.c:297] in winedevice (0x0053ea18) 3 0x6818dd24 service_thread+0xf3(arg=0x1108b8) [/home/d023868/make/wine-git/dlls/advapi32/service.c:294] in advapi32 (0x0053ea68) 4 0x680aa328 call_thread_func+0xb() in ntdll (0x0053ea78) 5 0x680aa4fe call_thread_entry_point+0x6d(entry=0x6818dc30, arg=0x1108b8) [/home/d023868/make/wine-git/dlls/ntdll/signal_i386.c:2499] in ntdll (0x0053eb48) 6 0x680b40c5 start_thread+0xf4(info=0x7ffd0fb8) [/home/d023868/make/wine-git/dlls/ntdll/thread.c:404] in ntdll (0x0053f398) 7 0x6802296e start_thread+0xbd() in libpthread.so.0 (0x0053f498) 0x005653d0: movl %eax,%dr7 Modules: Module Address Debug info Name (27 modules) PE 540000- 59f000 Export acedrv05.sys ELF 20000000-20018000 Deferred hal<elf> -PE 20010000-20018000 \ hal ELF 5625e000-562e2000 Deferred msvcrt<elf> -PE 56270000-562e2000 \ msvcrt ELF 5f411000-5f485000 Deferred rpcrt4<elf> -PE 5f420000-5f485000 \ rpcrt4 ELF 68000000-6801d000 Deferred ld-linux.so.2 ELF 6801d000-68036000 Dwarf libpthread.so.0 ELF 68036000-6803a000 Deferred libdl.so.2 ELF 6803a000-680f3000 Dwarf ntdll<elf> -PE 68050000-680f3000 \ ntdll ELF 680f3000-68119000 Deferred libm.so.6 ELF 68119000-68121000 Deferred libnss_compat.so.2 ELF 68121000-68138000 Deferred libnsl.so.1 ELF 68138000-68142000 Deferred libnss_nis.so.2 ELF 68142000-6814e000 Deferred libnss_files.so.2 ELF 6814e000-681ab000 Dwarf advapi32<elf> -PE 68160000-681ab000 \ advapi32 ELF 681ab000-681f1000 Dwarf ntoskrnl<elf> -PE 681b0000-681f1000 \ ntoskrnl ELF 74e12000-74f53000 Dwarf libwine.so.1 ELF 7a4e8000-7a4fd000 Dwarf winedevice<elf> -PE 7a4f0000-7a4fd000 \ winedevice ELF 7bf00000-7bf04000 Deferred <wine-loader> ELF 7c0b1000-7c252000 Deferred kernel32<elf> -PE 7c0c0000-7c252000 \ kernel32 Threads: process tid prio (all id:s are in hex) 00000008 Mathetrainer.exe 00000009 0 0000000e services.exe 00000021 0 0000001b 0 00000016 0 00000015 0 00000014 0 00000010 0 0000000f 0 00000011 (D) C:\windows\system32\winedevice.exe 00000017 0 <== 00000013 0 00000012 0 00000018 winedevice.exe 0000001d 0 0000001c 0 0000001a 0 00000019 0 0000001e plugplay.exe 00000022 0 00000020 0 0000001f 0
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #55 from Austin Lund austin.lund@gmail.com 2011-06-27 19:23:09 CDT --- Created an attachment (id=35318) --> (http://bugs.winehq.org/attachment.cgi?id=35318) Bypass debug register setting instructions
You could try this patch on top of the previous one. It looks like it does something but it really doesn't. The debug registers need to be set in kernel mode.
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #56 from Austin Lund austin.lund@gmail.com 2011-06-27 22:18:55 CDT --- (In reply to comment #55)
You could try this patch on top of the previous one. It looks like it does something but it really doesn't. The debug registers need to be set in kernel mode.
OK. So it seems this is wrong. The context is reset by the exception handler and the value of the debug registers is stored in wine's TEB. However, turning ON the debugging features will be problematic, but it appears that this service wants to turn OFF debugging (and set db0-db3 to bizzare values within a reserved region). That we can probably handle. So try adding the last patch, it will probably work (and cause another ferret to pop out of a different hole).
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #57 from Klaus Layer klaus.layer@gmx.de 2011-06-28 01:46:15 CDT --- With your additional patch the crash no longer occurs but in the end the copy protection still complains about missing media. The trace shows two new fixme messages:
fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\DosDevices\D:" 80 0x53e664 0x53e668 fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\DosDevices\D:" 80 0x53e664 0x53e668
The symlinks point to the location where the CD is mounted.
Regards
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #58 from Klaus Layer klaus.layer@gmx.de 2011-06-28 01:47:11 CDT --- I uploaded the full log to http://www.galuptanum.net/mt5+patch5.log.bz2
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #59 from Austin Lund austin.lund@gmail.com 2011-06-28 18:06:30 CDT --- That function obviously needs to be implemented. The current state of implementation for what is linked in from ntoskrnl.exe is:-
stubs:
KeSetAffinityThread IoGetAttachedDevice IoBuildSynchronousFsdRequest MmUnlockPages IoFreeMdl ExQueueWorkItem
stub implementations:
ObfDereferenceObject KeSetEvent IoGetDeviceObjectPointer KeInitializeEvent KeWaitForSingleObject
partial implementations:
IoCreateSymbolicLink PsGetCurrentProcessId ExAllocatePoolWithTag
http://bugs.winehq.org/show_bug.cgi?id=9484
--- Comment #60 from Anastasius Focht focht@gmx.net 2011-07-03 15:05:38 CDT --- Hello,
good work so far ... if you get the "kernel" debug register emulation patch committed in GIT the easy part is done.
--- snip --- fixme:ntoskrnl:IoGetDeviceObjectPointer stub: L"\DosDevices\D:" --- snip ---
That's where the hard part begins. Wine needs to support/implement layered driver infrastructure because this driver depends on it.
Judging from the list Austin Lund posted in comment #59 the sequence for this driver would be:
(1) get target device object (topmost attached device in stack) -> IoGetDeviceObjectPointer (\DosDevices\D: or more general \DosDevices\CdRom0) (2) get attached device -> IoGetAttachedDevice (target device object from (1) ) (3) build IRP for device -> IoBuildSynchronousFsdRequest (for attached device) (4) call the lower layer driver -> IoCallDriver (IRP) (5) wait for IRP to be completed (needs KeWaitForXXX with kevent) (6) profit!
That's simplified but should be basically what the driver expects.
You need an extra "disk" driver which "houses" the device objects and processes ioctls (not mountmgr).
You could join forces with people trying to get USB stack into Wine ;-)
---
Some hints to improve trace log generation...
Disable automatic ProtectDisc kernel driver start -> set to manual start (so it gets started by app):
--- snip --- $ wine reg add "HKLM\System\CurrentControlSet\Services\ACEDRV05" /v Start /t REG_DWORD /d 3 /f --- snip ---
When doing app start with tracing:
-> disable winemenubuilder -> use "append" mode
--- snip --- $ WINEDLLOVERRIDES="winemenubuilder.exe=d" WINEDEBUG=+tid,+seh,+relay,+ntoskrnl wine ./Mathetrainer.exe >>log.txt 2>&1 --- snip ---
This should get you smaller and better readable logs ;-)
Regards
http://bugs.winehq.org/show_bug.cgi?id=9484
fracting fracting@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fracting@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=9484
Vitaliy Margolen vitaliy-bugzilla@kievinfo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |maxmusterm@gmail.com
--- Comment #61 from Vitaliy Margolen vitaliy-bugzilla@kievinfo.com 2012-02-27 08:31:30 CST --- *** Bug 30024 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=9484
Saulius K. saulius2@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |saulius2@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=9484
hanska2@luukku.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hanska2@luukku.com
--- Comment #62 from hanska2@luukku.com --- stubs:
KeSetAffinityThread IoGetAttachedDevice IoBuildSynchronousFsdRequest
1578 /*********************************************************************** 1579 * MmUnmapIoSpace (NTOSKRNL.EXE.@) 1580 */ 1581 VOID WINAPI MmUnmapIoSpace( PVOID BaseAddress, SIZE_T NumberOfBytes ) 1582 { 1583 FIXME( "stub: %p, %lu\n", BaseAddress, NumberOfBytes ); 1584 }
454 VOID WINAPI IoFreeMdl(PMDL mdl) 455 { 456 FIXME("partial stub: %p\n", mdl); 457 458 HeapFree(GetProcessHeap(), 0, mdl); 459 }
@ stub ExQueueWorkItem
I didnt even look at those all which were listed. So much code is still missing.
wine 1.7.23
https://bugs.winehq.org/show_bug.cgi?id=9484
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation Hardware|Other |x86 Version|unspecified |0.9.58. OS|other |Linux
--- Comment #63 from Anastasius Focht focht@gmx.net --- Hello folks,
from the comments it's unclear what the current status is, how many patches actually went in.
@Klaus Layer can you re-test with recent Wine version, preferably Wine 1.7.27?
I just want to know if there is still patching needed prior to 'IoGetDeviceObjectPointer' stub.
All other stubs mentioned after 'IoGetDeviceObjectPointer' don't really belong here, they just mess the bug further up.
Thanks
Regards
https://bugs.winehq.org/show_bug.cgi?id=9484
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish@gmail.com
--- Comment #64 from Austin English austinenglish@gmail.com --- There was another commit that may have helped: commit 68f23a1138ed697257c348011d77ec8519b44294 Author: Erich E. Hoover erich.e.hoover@wine-staging.com Date: Sun Jun 14 18:58:20 2015 -0600
ntoskrnl.exe: Improve IoGetDeviceObjectPointer stub to appease SecuROM 5.x.
that was first in 1.7.48 (currently we're on 1.7.53). Could you retest Klaus?
https://bugs.winehq.org/show_bug.cgi?id=9484
mirh mirh@protonmail.ch changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mirh@protonmail.ch
https://bugs.winehq.org/show_bug.cgi?id=9484
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |ABANDONED Status|NEW |RESOLVED
--- Comment #65 from Anastasius Focht focht@gmx.net --- Hello folks,
this ticket has already been used multiple times for different issues. To avoid this ticket getting stuck for many more years because of being a meta-bug, resolving here as 'abandoned' due to lack of response.
If the problem still persists, create new tickets as needed, targeting individual stubs. Please ensure you checked Bugzilla for potential duplicates/collector tickets.
Again: no meta-bugs ("get X to work").
Regards
https://bugs.winehq.org/show_bug.cgi?id=9484
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED CC| |nerv@dawncrow.de
--- Comment #66 from André H. nerv@dawncrow.de --- closing abandoned
-
wine-bugs@winehq.org