[Bug 34849] New: Eisenbahn.exe Pro 8 (EEP 8) train simulator crashes on startup (Themida & WinLicense 2.x software protection)
http://bugs.winehq.org/show_bug.cgi?id=34849
Bug #: 34849 Summary: Eisenbahn.exe Pro 8 (EEP 8) train simulator crashes on startup (Themida & WinLicense 2.x software protection) Product: Wine Version: 1.7.5 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net Classification: Unclassified
Hello folks,
this is a newer version of EEP which crashes for different reason than EPP version 5.0 (bug 24597).
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Trend/EEP8 ... $ wine ./EEP8.exe ... fixme:toolhelp:CreateToolhelp32Snapshot Unimplemented: heap list snapshot fixme:thread:GetThreadPreferredUILanguages 52, 0x11af7ac, 0x11af924 0x11af7b4 fixme:heap:HeapSetInformation (nil) 1 (nil) 0 fixme:win:EnumDisplayDevicesW ((null),0,0x119fe7c,0x00000000), stub! fixme:win:EnumDisplayDevicesW ((null),1,0x119fe6c,0x00000000), stub! err:x11settings:X11DRV_ChangeDisplaySettingsEx No matching mode found 2077032448x18482952x32 @60! (XRandR 1.2) wine: Unhandled page fault on read access to 0x00000004 at address 0x4f6001 (thread 0009), starting debugger... Unhandled exception: page fault on read access to 0x00000004 in 32-bit code (0x004f6001). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:004f6001 ESP:011a0628 EBP:011a063c EFLAGS:00010246( R- -- I Z- -P- ) EAX:00000000 EBX:05130469 ECX:04a91000 EDX:fbdc3330 ESI:00848bc0 EDI:05130254 Stack dump: 0x011a0628: 00854410 04f80bf5 00848bc0 00000000 0x011a0638: 00000000 011a0ba4 005064ad f31fed08 0x011a0648: 00848bc0 00848bc0 ffffffff ffffffff 0x011a0658: 011a0688 7bc39cf6 04a19064 00785b24 0x011a0668: 00000001 00000000 00000000 00000000 0x011a0678: 00000000 78e06564 78e06564 78e06564 000c: sel=0067 base=00000000 limit=00000000 16-bit --x Backtrace: =>0 0x004f6001 in eep8 (+0xf6001) (0x011a063c) 1 0x005064ad in eep8 (+0x1064ac) (0x011a0ba4) 2 0x78da86fc in mfc100 (+0x2486fb) (0x011a0bb8) 3 0x0070e86e in eep8 (+0x30e86d) (0x011a0c4c) 4 0x005801e9 in eep8 (+0x1801e8) (0x005807e8) 0x004f6001: movl 0x4(%eax),%ecx Modules: Module Address Debug info Name (104 modules) PE 400000- fb2000 Export eep8 PE 4350000- 436b000 Deferred sureparticles3 PE 4370000- 43d1000 Deferred surecommon3 PE 43e0000- 4403000 Deferred sureind PE 4740000- 477e000 Deferred ode PE 4780000- 47f9000 Deferred opcode PE 52a0000- 533d000 Deferred sprender PE 55b0000- 5672000 Deferred sutrack+ PE 10000000-101e5000 Deferred d3dx9_42 PE 78050000-780b9000 Deferred msvcp100 PE 78aa0000-78b5e000 Deferred msvcr100 PE 78b60000-78f8c000 Export mfc100 ... Threads: process tid prio (all id:s are in hex) 00000008 (D) C:\Program Files\Trend\EEP8\EEP8.exe 0000003b 0 ... 00000009 0 <== --- snip ---
"No matching mode found 2077032448x18482952x32 @60! (XRandR 1.2)"
Using +relay makes things worse ... checking the log we see this:
--- snip --- 0024:Call KERNEL32.OutputDebugStringA(00b55d82 "\r\n\n\n%s------------------------------------------------\n\r--- Themida Professional ---\n\r--- (c)2010 Oreans Technologies ---\n\r------------------------------------------------\r\n\n\n") ret=00b57c46 0024:Ret KERNEL32.OutputDebugStringA() retval=00000000 ret=00b57c46 --- snip ---
Yep, Themida doesn't like relay thunks.
ExeInfoPE scan of executable reveals:
--- snip --- Themida & WinLicense 2.0 - 2.1 - struct (Hide from PE scanners II-V) --- snip ---
So this might be one of Themida's virtual machine incompatibilities in win32 API emulation/wrapper and Wine. Requires further analysis (older versions might be even a wontfix).
Regards
http://bugs.winehq.org/show_bug.cgi?id=34849
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download, obfuscation URL| |http://spiele.download.t-on | |line.de/Eisenbahn.exe-8.0-E | |xpert-Demo/111308
--- Comment #1 from Anastasius Focht focht@gmx.net 2013-11-03 12:23:13 CST --- Hello folks,
filling fields ...
$ sha1sum Setup_EEP8_Expert_DEMO.exe b7c823b9979bf43ca67a7a88d323e68b967c39f1 Setup_EEP8_Expert_DEMO.exe
$ du -sh Setup_EEP8_Expert_DEMO.exe 761M Setup_EEP8_Expert_DEMO.exe
$ wine --version wine-1.7.5-251-gbcf4ded
Regards
http://bugs.winehq.org/show_bug.cgi?id=34849
--- Comment #2 from Anastasius Focht focht@gmx.net 2013-11-03 13:16:37 CST --- Hello folks,
a quick debugging session reveals this _might_ be a similar or same issue as bug 24597 (MDI app -> child menu modifications).
That strange/invalid X11DRV_ChangeDisplaySettingsEx prior seems harmless.
Running without +relay but +menu:
--- snip --- ... 0024:err:x11settings:X11DRV_ChangeDisplaySettingsEx No matching mode found 2077032448x18482952x32 @60! (XRandR 1.2) 0024:trace:menu:GetMenu for 0x100c6 returning 0x10070 0024:trace:menu:ModifyMenuW 0x10070 0 0400 0000 L"&Datei" 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common from: { ID=0x100d8, Sub=0x100d8, fType=bit,pop, hbitmap=0x2007f } 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common to : { ID=0x0, Sub=0x100d8, fType=pop, Text=L"&Datei" } 0024:trace:menu:GetMenu for 0x100c6 returning 0x10070 0024:trace:menu:ModifyMenuW 0x10070 1 0400 0001 L"&Einf\00fcgen" 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common from: { ID=0x10072, Sub=0x10072, fType=own,pop, Text=L"&File", ItemData=0x00130000 } 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common to : { ID=0x1, Sub=0x10072, fType=pop, Text=L"&Einf\00fcgen", ItemData=0x00130000 } 0024:trace:menu:GetMenu for 0x100c6 returning 0x10070 0024:trace:menu:ModifyMenuW 0x10070 2 0400 0002 L"&Ansicht" 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common from: { ID=0x10074, Sub=0x10074, fType=own,pop, Text=L"&Edit", ItemData=0x00140000 } 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common to : { ID=0x2, Sub=0x10074, fType=pop, Text=L"&Ansicht", ItemData=0x00140000 } 0024:trace:menu:GetMenu for 0x100c6 returning 0x10070 0024:trace:menu:ModifyMenuW 0x10070 3 0400 0003 L"&Bearbeiten" 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common from: { ID=0x10076, Sub=0x10076, fType=own,pop, Text=L"&View", ItemData=0x00190000 } 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common to : { ID=0x3, Sub=0x10076, fType=pop, Text=L"&Bearbeiten", ItemData=0x00190000 } 0024:trace:menu:GetMenu for 0x100c6 returning 0x10070 0024:trace:menu:ModifyMenuW 0x10076 1 0400 0001 L"&Landschaftsrelief" 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common from: { ID=0x8be0, Text=L"&3D View" } 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common to : { ID=0x1, Text=L"&Landschaftsrelief" } 0024:trace:menu:GetMenu for 0x100c6 returning 0x10070 0024:trace:menu:ModifyMenuW 0x10076 2 0400 0002 L"&Oberfl\00e4chenbeschaffenheit" 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common from: { ID=0x8c75, Text=L"Full &window" } 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common to : { ID=0x2, Text=L"&Oberfl\00e4chenbeschaffenheit" } 0024:trace:menu:GetMenu for 0x100c6 returning 0x10070 0024:trace:menu:ModifyMenuW 0x10076 7 0400 0007 L"&Verkehrswegesysteme" 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common from: { ID=0x8d60, Text=L"Center Section" } 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common to : { ID=0x7, Text=L"&Verkehrswegesysteme" } 0024:trace:menu:GetMenu for 0x100c6 returning 0x10070 0024:trace:menu:ModifyMenuW 0x10076 8 0400 0008 L"Gleis&kombinationen" 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common from: { ID=0x8d61, State=check, Text=L"Auto Scroll" } 0024:trace:menu:do_debug_print_menuitem SetMenuItemInfo_common to : { ID=0x8, Text=L"Gleis&kombinationen" } 0024:trace:menu:GetMenu for 0x100c6 returning 0x10070 0024:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4f6001 ip=004f6001 tid=0024 0024:trace:seh:raise_exception info[0]=00000000 0024:trace:seh:raise_exception info[1]=00000004 0024:trace:seh:raise_exception eax=00000000 ebx=05130000 ecx=04a91000 edx=fbdc32e8 esi=00848bc0 edi=05120cb6 0024:trace:seh:raise_exception ebp=011a063c esp=011a0628 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 ... --- snip ---
Disassembly around crash location:
--- snip --- ... 004F5FDB 8B50 04 MOV EDX,DWORD PTR DS:[EAX+4] 004F5FDE 6A 08 PUSH 8 004F5FE0 52 PUSH EDX 004F5FE1 FFD3 CALL EBX 004F5FE3 50 PUSH EAX 004F5FE4 E8 0D702100 CALL EEP8.0070CFF6 004F5FE9 68 08687800 PUSH EEP8.00786808 ; "POPUP3_3_0" 004F5FEE 68 60687800 PUSH EEP8.00786860 ; "IDR_MAINFRAME" 004F5FF3 8BCE MOV ECX,ESI 004F5FF5 8945 FC MOV DWORD PTR SS:[EBP-4],EAX 004F5FF8 E8 5C97F1FF CALL EEP8.0040F759 004F5FFD 50 PUSH EAX 004F5FFE 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 004F6001 8B48 04 MOV ECX,DWORD PTR DS:[EAX+4] ; *boom* 004F6004 6A 06 PUSH 6 004F6006 68 00040000 PUSH 400 004F600B 6A 06 PUSH 6 004F600D 51 PUSH ECX 004F600E FFD7 CALL EDI 004F6010 68 00687800 PUSH EEP8.00786800 ; "POPUP4" 004F6015 68 60687800 PUSH EEP8.00786860 ; "IDR_MAINFRAME" 004F601A 8BCE MOV ECX,ESI 004F601C E8 3897F1FF CALL EEP8.0040F759 ... --- snip ---
Regards
http://bugs.winehq.org/show_bug.cgi?id=34849
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Component|-unknown |user32 Resolution| |DUPLICATE
--- Comment #3 from Anastasius Focht focht@gmx.net 2013-11-07 03:19:37 CST --- Hello folks,
resolving this as dupe of bug 24597 because Dmitry's patch (http://bugs.winehq.org/attachment.cgi?id=46477) helps here too and lets the app start. There are still other issues that should be tracked separately.
Regards
*** This bug has been marked as a duplicate of bug 24597 ***
http://bugs.winehq.org/show_bug.cgi?id=34849
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Austin English austinenglish@gmail.com 2013-11-13 15:40:35 CST --- Closing.
-
wine-bugs@winehq.org