http://bugs.winehq.org/show_bug.cgi?id=11344
Summary: XTrap does not work with wine Product: Wine Version: 0.9.53. Platform: PC OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: hramrach@centrum.cz
XTrap is a library that is used by numerous MMO* games (not sure all are MMORPG). It is supposed to fight bots (probably meaning programs that interact with the game instead of players).
I could not find the vendor of this module, web search only revealed some games using it.
Games using the module include:
Hero Online (in appdb), http://hero.netgame.com Scions of Fate (not in appdb), http://fate.netgame.com Japanese version of Nostale (only English in appdb) http://download.jalecoonline.jp/nostale/client/nostalesetup_003.exe Knights Online (not in appdb) http://knihgtonlineworld.com
Hero online catches its exceptions, and using winedbg is not very helpful either (it stops on one of the earlier exceptions, and the program would terminate afterwards).
However, both Scions and Nostale do not catch the unexpected exception, and it happens in the xtrapva module.
http://bugs.winehq.org/show_bug.cgi?id=11344
Michal Suchanek hramrach@centrum.cz changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hramrach@centrum.cz
--- Comment #1 from Michal Suchanek hramrach@centrum.cz 2008-01-26 08:07:02 --- There's some typo in the above url, the correct one is this: http://knightonlineworld.com/
The web page url of the Japanese Nostale is somewhat different from the download location http://nostale.jalecoonline.jp (in case somebody was interested in the Japanese description or they released a new client version - client download is spelled クライアント・ダウンロード)
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #2 from Michal Suchanek hramrach@centrum.cz 2008-01-26 09:21:33 --- logs (bugzilla does not allow attaching them):
http://hramrach.czweb.org/wine_hero.log.gz http://hramrach.czweb.org/wine_nostale_jp.log.gz http://hramrach.czweb.org/wine_scions.log.gz
http://bugs.winehq.org/show_bug.cgi?id=11344
Rick rickvip@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |rickvip@gmail.com
--- Comment #3 from Rick rickvip@gmail.com 2008-02-13 22:24:02 --- Slackware 11
wine 9.53 Kernel 2.6.23 glibc 2.5
When i try to connect to MIDRANDA server....
Xtrap try to open and close(crash)... =(
here is the output:
wine PsTale.exe
fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_CONNECT_TIMEOUT (3000): STUB root@nabucodonosor:~/.wine/drive_c/Program Files/KAIZEN Games/Priston Tale# fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 17/02/2008, dlt (d/m/y): 31/12/2008 wine: Unhandled page fault on read access to 0x001968e4 at address 0x4041e22a (thread 000f), starting debugger... fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 17/02/2008, dlt (d/m/y): 31/12/2008
http://bugs.winehq.org/show_bug.cgi?id=11344
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
--- Comment #4 from Austin English austinenglish@gmail.com 2008-02-15 18:48:40 --- Confirming.
http://bugs.winehq.org/show_bug.cgi?id=11344
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #5 from Austin English austinenglish@gmail.com 2008-02-15 18:48:52 --- For real this time :-P.
http://bugs.winehq.org/show_bug.cgi?id=11344
Roger rdfedor@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |rdfedor@gmail.com
--- Comment #6 from Roger rdfedor@gmail.com 2008-03-17 12:07:41 --- Cabal US is also affected by this problem. Same problems listed above. Uses XTrap but crashes on startup.
http://bugs.winehq.org/show_bug.cgi?id=11344
brian mscdex@sbcglobal.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mscdex@sbcglobal.net
--- Comment #7 from brian mscdex@sbcglobal.net 2008-04-03 23:46:27 --- This problem also seems to be affecting the game Fiesta made by Outspark.
http://bugs.winehq.org/show_bug.cgi?id=11344
Ten 10wattmindtrip@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |10wattmindtrip@gmail.com
--- Comment #8 from Ten 10wattmindtrip@gmail.com 2008-05-11 15:46:30 --- Knight Online (U.S Knight Online) doesn't seem to work either. Uses XTrap.
http://bugs.winehq.org/show_bug.cgi?id=11344
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |athaba@inode.at
--- Comment #9 from Austin English austinenglish@gmail.com 2008-05-22 18:30:49 --- *** Bug 12788 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=11344
Uriah hytek3000@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |hytek3000@yahoo.com
--- Comment #10 from Uriah hytek3000@yahoo.com 2008-12-08 21:27:47 --- Here is with the latest 1.1.10 compiled from src. This is the XTrap that comes with Cabal U.S. version.
fixme:msimtf:ActiveIMMApp_Deactivate Stub fixme:shdocvw:OleObject_Close (0x1531a0)->(1) fixme:mshtml:HlinkTarget_SetBrowseContext (0x1e1f60)->((nil)) fixme:shdocvw:OleObject_Close (0x1529a0)->(1) fixme:mshtml:HlinkTarget_SetBrowseContext (0x1ff9298)->((nil)) fixme:d3d:IWineD3DImpl_FillGLCaps OpenGL implementation supports 32 vertex samplers and 32 total samplers fixme:d3d:IWineD3DImpl_FillGLCaps Expected vertex samplers + MAX_TEXTURES(=8) > combined_samplers fixme:win:EnumDisplayDevicesW ((null),0,0x33da60,0x00000000), stub! fixme:wininet:InternetSetOptionW Option INTERNET_OPTION_CONNECT_TIMEOUT (3000): STUB fixme:urlmon:UrlMkSetSessionOption (0x26, 0x33c7c0, 0xc): stub fixme:urlmon:UrlMkSetSessionOption (0x25, (nil), 0): stub
You can see XTrap's loading screen in the default bottom right corner of the desktop, but then immediately closes. This seems related to the InternetSetOptionW (INTERNET_OPTION_CONNECT_TIMEOUT)
Anyone have any ideas for a patch for this specific part? I'm intersted to see what xtrap will do if it can connect.
Cheers.
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #11 from Uriah hytek3000@yahoo.com 2008-12-15 17:00:40 --- I was able to get XTrap to start and update using the following guide: (reference: http://www.backports.ubuntuforums.org/showpost.php?p=5317008&postcount=5)
1. download winetricks - http://wiki.winehq.org/winetricks 2. Install ies4linux - http://www.tatanka.com.br/ies4linux/page/Main_Page 3. Start with an untainted wine directory: 4. mkdir /some/new/directory 5. cd /some/new/directory 6. ies4linux --basedir $PWD --bindir ${PWD}/bin --downloaddir ${PWD}/download --no-desktop-icon --no-menu-icon --no-gui 7. cd ie6 8. export WINEPREFIX=$PWD 9. Now use winetricks to install mfc42 stuff. 10. /path/to/winetricks.sh mfc42 11. Install Cabal
This workaround gets rid of the INTERNET_OPTION_CONNECT_TIMEOUT problem and allows XTrap to update.
After XTrap updates and closes (this is when the game tries to start) I get the following UI prompt error: "CABAL Online Client has encountered a problem and needs to close."
This is the wine error: fixme:d3d:IWineD3DImpl_FillGLCaps OpenGL implementation supports 32 vertex samplers and 32 total samplers fixme:d3d:IWineD3DImpl_FillGLCaps Expected vertex samplers + MAX_TEXTURES(=8) > combined_samplers fixme:win:EnumDisplayDevicesW ((null),0,0x33da60,0x00000000), stub!
Maybe the game is crashing due to EnumDisplayDevicesW? Thoughts anyone?
Cheers.
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #12 from Dmitry Timoshkov dmitry@codeweavers.com 2008-12-16 05:38:51 --- (In reply to comment #11)
fixme:win:EnumDisplayDevicesW ((null),0,0x33da60,0x00000000), stub! Maybe the game is crashing due to EnumDisplayDevicesW? Thoughts anyone?
Most likely it's crashing due to the mess created by ies4linux, don't use it, or reference it in Wine bugzilla.
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #13 from Uriah hytek3000@yahoo.com 2008-12-16 10:44:37 --- It is the only way I was able to get past the INTERNET_OPTION_CONNECT_TIMEOUT issue, even with using winetricks.
If you review my last two troubleshooting post:
1st post: I did not use ie4linux, and only used 1.1.10 wine compiled from source. I STILL GOT fixme:win:EnumDisplayDevicesW ((null),0,0x33da60,0x00000000), stub! even before the connect_timeout, but could not continue due to the timeout issue.
2nd post: I used ie4linux and was able to get past the connect_timeout, BUT STILL GOT fixme:win:EnumDisplayDevicesW ((null),0,0x33da60,0x00000000), stub!
If we follow what I have done, both troubleshooting post I've done come up with the EnumDisplayDevicesW problem REGARDLESS OF ie4linux.
What this means is that (at least from what I can tell) is this EnumDisplayDevicesW is the culprit since it has the exact same error regardless of ie4linux.
I'm not trying to condone ie4linux, I used it as a troubleshooting tool to narrow down the scope of the problem. Which I did.
Cheers.
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #14 from Austin English austinenglish@gmail.com 2008-12-16 12:03:19 --- Can you try using 'winetricks wininet' instead?
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #15 from Uriah hytek3000@yahoo.com 2008-12-17 10:56:01 --- Bug 15546 should be marked as a duplicate.
Cheers
http://bugs.winehq.org/show_bug.cgi?id=11344
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bazin.cz@gmail.com
--- Comment #16 from Austin English austinenglish@gmail.com 2008-12-17 11:16:49 --- *** Bug 15546 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #17 from Uriah hytek3000@yahoo.com 2009-01-10 16:49:18 --- Created an attachment (id=18622) --> (http://bugs.winehq.org/attachment.cgi?id=18622) Cabal & XTrap output with wine-1.1.12-420-gae48e09
Here is the latest output from Cabal with XTrap.
Cabal installs fine, then proceeds to update fine, then XTrap loads and updates fine, and right after XTrap updates the game closes with an error.
Attached is the output using wine-1.1.12-420-gae48e09
winetricks installed: gecko ie6 wininet corefonts
Using Nvidia 8800GTS Driver: 177 kernel: 2.6.27
Here is a question from the attachment:
1. Is the game itself crashing? or 2. Is XTrap crashing causing the game to error?
Cheers.
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #18 from Uriah hytek3000@yahoo.com 2009-01-10 16:50:43 --- (From update of attachment 18622) The same output has came up in a few different versions of wine.
fixme:d3d:IWineD3DImpl_FillGLCaps OpenGL implementation supports 32 vertex samplers and 32 total samplers
and fixme:d3d:IWineD3DImpl_FillGLCaps Expected vertex samplers + MAX_TEXTURES(=8) > combined_samplers
http://bugs.winehq.org/show_bug.cgi?id=11344
Uriah hytek3000@yahoo.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #18622|0 |1 is obsolete| |
--- Comment #19 from Uriah hytek3000@yahoo.com 2009-01-16 20:43:55 --- Created an attachment (id=18742) --> (http://bugs.winehq.org/attachment.cgi?id=18742) Debug=d3d of Cabal with XTrap on wine 1.1.13
Here is the debug of Cabal with XTrap using wine 1.1.13.
At the top there are some err: but those are before XTrap starts and the game crashes.
Notice at the bottom the d3d trace/warn: trace:d3d:IWineD3DDeviceImpl_GetAvailableTextureMem (0x13e040) : simulating 512MB, returning 512MB left warn:d3d:IWineD3DDeviceImpl_GetDeviceCaps (0x13e040) : stub, calling idirect3d for nowHere
Is XTrap making the d3d calls? or is Cabal?
Anyways, hopefully this will help.
Cheers.
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #20 from brian mscdex@sbcglobal.net 2010-07-18 00:20:43 --- Created an attachment (id=29678) --> (http://bugs.winehq.org/attachment.cgi?id=29678) debug from XTrap with Fiesta on wine 1.2 final
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #21 from brian mscdex@sbcglobal.net 2010-07-18 00:22:12 --- I've uploaded the latest debug info from Fiesta and XTrap with wine 1.2 final if it's any help.
http://bugs.winehq.org/show_bug.cgi?id=11344
Jeff Zaroyko jeffz@jeffz.name changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |systemofdown@gmail.com
--- Comment #22 from Jeff Zaroyko jeffz@jeffz.name 2011-03-12 18:14:56 CST --- *** Bug 26395 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #23 from killown systemofdown@gmail.com 2011-03-12 19:50:58 CST --- Created an attachment (id=33613) --> (http://bugs.winehq.org/attachment.cgi?id=33613) priston tale game.exe error
http://bugs.winehq.org/show_bug.cgi?id=11344
Dmitry Timoshkov dmitry@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |adripillo14@hotmail.com
--- Comment #24 from Dmitry Timoshkov dmitry@codeweavers.com 2011-03-30 23:34:18 CDT --- *** Bug 26607 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=11344
Ruben van Os omnicrox@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |omnicrox@gmail.com
http://bugs.winehq.org/show_bug.cgi?id=11344
joaopa jeremielapuree@yahoo.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jeremielapuree@yahoo.fr
--- Comment #25 from joaopa jeremielapuree@yahoo.fr 2011-08-06 04:44:31 CDT --- still a bug in current Wine?
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #26 from Michal Suchanek hramrach@gmail.com 2011-08-06 05:45:32 CDT --- I have not heard about anybody starting a XTrap game in Wine yet.
I recently downloaded something that used XTrap and it failed.
As mentioned earlier it is hard to tell if the game itself or XTrap is the issue but eg. Fiesta has a variant without XTrap which does run in Wine but earlier reports suggest that the Outspark variant with XTrap still does not work.
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #27 from Rico kgbricola@web.de 2011-10-02 00:50:13 CDT --- Created attachment 36646 --> http://bugs.winehq.org/attachment.cgi?id=36646 XTrap Unhandled exception in LastChaos
This is a crash log from XTrap, which is shipped by LastChaos German version.
http://bugs.winehq.org/show_bug.cgi?id=11344
Rico kgbricola@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |17299
http://bugs.winehq.org/show_bug.cgi?id=11344
Rico kgbricola@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |19738
http://bugs.winehq.org/show_bug.cgi?id=11344
Rico kgbricola@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #36646|application/octet-stream |text/plain mime type| |
http://bugs.winehq.org/show_bug.cgi?id=11344
Rico kgbricola@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #33613|application/octet-stream |text/plain mime type| |
http://bugs.winehq.org/show_bug.cgi?id=11344
Dmitry Timoshkov dmitry@baikal.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|XTrap does not work with |XTrap crashes |wine |
http://bugs.winehq.org/show_bug.cgi?id=11344
Rosanne DiMesio dimesio@earthlink.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |shyningcrow@yahoo.it
--- Comment #28 from Rosanne DiMesio dimesio@earthlink.net 2011-11-12 17:11:12 CST --- *** Bug 22309 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=11344
Rico kgbricola@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |whoedwin11@yahoo.com
--- Comment #29 from Rico kgbricola@web.de 2012-01-30 02:15:00 CST --- *** Bug 29745 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=11344
Rico kgbricola@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |marco_barbaro@msn.com
--- Comment #30 from Rico kgbricola@web.de 2012-02-16 05:37:19 CST --- *** Bug 29909 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=11344
Ivan Machado Vieira ivanmetalcore@hotmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |ivanmetalcore@hotmail.com
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #31 from wineuser sickam@mail.ru 2012-12-18 08:48:15 CST --- Created attachment 42840 --> http://bugs.winehq.org/attachment.cgi?id=42840 Output-Msg_after_crash_LastChaosGER
bug still present in wine version 1.5.19-1 under archlinux_x64. After installing the game and the first game-update (including xtrap-update) the title-screen freezed. Have to kill it via terminal. after restart and clicking "start" it crashes.
It's the german version LastChaosGER. http://lastchaos.gamigo.com/de
anybody has a solution for this?
http://bugs.winehq.org/show_bug.cgi?id=11344
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jean_roll@hotmail.com
--- Comment #32 from Austin English austinenglish@gmail.com 2013-08-26 17:20:08 CDT --- *** Bug 34361 has been marked as a duplicate of this bug. ***
http://bugs.winehq.org/show_bug.cgi?id=11344
ax 34noff otaku@rambler.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |otaku@rambler.ru
http://bugs.winehq.org/show_bug.cgi?id=11344
--- Comment #33 from ax 34noff otaku@rambler.ru 2013-10-17 03:47:57 CDT --- Created attachment 46326 --> http://bugs.winehq.org/attachment.cgi?id=46326 crash of exactly xtrapva
Elsword is also affected Wine 1.7.4, Xubuntu 13.04 I used "winetricks mfc42" to run the game I don't know is my log useful
http://bugs.winehq.org/show_bug.cgi?id=11344
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation Status|NEW |RESOLVED URL| |http://client.cdn.gamigo.co | |m/lc/de/LastChaos_DE_Setup. | |exe CC| |focht@gmx.net Resolution|--- |WONTFIX Summary|XTrap crashes |All XTrap (Online Game | |Security Solution) bundled | |games crash on startup | |(Windows 'sysenter' | |trampoline/setup has | |incompatible semantics on | |Linux)
--- Comment #34 from Anastasius Focht focht@gmx.net --- Hello folks,
I had a look at this, confirming.
There are various MMORPGs bundled with this online game protection scheme.
'AIKA online' -> http://aika.t3fun.com/Download/Client.aspx
--- snip --- -=[ ProtectionID v0.6.5.5 OCTOBER]=- (c) 2003-2013 CDKiLLER & TippeX Build 31/10/13-21:09:09 Ready... Scanning -> C:\T3fun\AikaOnline\AIKAEN.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 2117632 (0205000h) Byte(s) [File Heuristics] -> Flag : 00000000000000001100000000110011 (0x0000C033) [Entrypoint Section Entropy] : 0.56 [!] Themida v2.0.1.0 - v2.1.8.0 (or newer) detected ! [i] Hide PE Scanner Option used - Scan Took : 0.348 Second(s) [00000015Ch tick(s)] [533 scan(s) done]
Scanning -> C:\T3fun\AikaOnline\AIKALauncher.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 2609152 (027D000h) Byte(s) [File Heuristics] -> Flag : 00000000000000000000000000000000 (0x00000000) [Entrypoint Section Entropy] : 6.68 [!] X-Trap Online Game Security Solution references detected ! [CompilerDetect] -> Visual C++ 6.0 - Scan Took : 0.445 Second(s) [0000001BDh tick(s)] [533 scan(s) done] --- snip ---
'ElsWord Online' -> http://myaccount.elswordonline.com/Elsword/Download
--- snip --- -=[ ProtectionID v0.6.5.5 OCTOBER]=- (c) 2003-2013 CDKiLLER & TippeX Build 31/10/13-21:09:09 Ready... Scanning -> C:\Program Files\Kill3rCombo\Elsword\elsword.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 2809240 (02ADD98h) Byte(s) -> File Appears to be Digitally Signed @ Offset 02ACA00h, size : 01398h / 05016 byte(s) [File Heuristics] -> Flag : 00000000000001001101000000000100 (0x0004D004) [Entrypoint Section Entropy] : 6.58 [!] X-Trap Online Game Security Solution references detected ! [!] Possible CD/DVD-Key or Serial Check -> Unregistered [CompilerDetect] -> Visual C++ 10.0 (Visual Studio 2010) - Scan Took : 0.450 Second(s) [0000001C2h tick(s)] [533 scan(s) done]
Scanning -> C:\Program Files\Kill3rCombo\Elsword\data\x2.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 6748056 (066F798h) Byte(s) -> File Appears to be Digitally Signed @ Offset 066E400h, size : 01398h / 05016 byte(s) [File Heuristics] -> Flag : 00000000000001001100000000110111 (0x0004C037) [Entrypoint Section Entropy] : 7.26 [!] Themida v2.0.1.0 - v2.1.8.0 (or newer) detected ! [i] Hide PE Scanner Option used - Scan Took : 0.558 Second(s) [00000022Eh tick(s)] [533 scan(s) done] --- snip ---
'Knight Online World Client v2.025' -> http://us3cdn.ausgamers.com/downloads/1404038335/KnightOnlineSetup_v2025.exe
--- snip --- -=[ ProtectionID v0.6.5.5 OCTOBER]=- (c) 2003-2013 CDKiLLER & TippeX Build 31/10/13-21:09:09 Ready... Scanning -> C:\NTTGame\KnightOnlineEn\KnightOnLine.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 4493752 (04491B8h) Byte(s) -> File Appears to be Digitally Signed @ Offset 0447000h, size : 021B8h / 08632 byte(s) [File Heuristics] -> Flag : 00000000000000001100000000110111 (0x0000C037) [Entrypoint Section Entropy] : 7.88 [!] Themida v2.0.1.0 - v2.1.8.0 (or newer) detected ! [i] Hide PE Scanner Option used - Scan Took : 0.435 Second(s) [0000001B3h tick(s)] [533 scan(s) done]
Scanning -> C:\NTTGame\KnightOnlineEn\Launcher.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 2232320 (0221000h) Byte(s) [File Heuristics] -> Flag : 00000000000000001000000000000000 (0x00008000) [Entrypoint Section Entropy] : 6.66 [CompilerDetect] -> Visual C++ 8.0 (Visual Studio 2005) [!] File appears to have no protection or is using an unknown protection - Scan Took : 0.379 Second(s) [00000017Bh tick(s)] [533 scan(s) done] --- snip ---
'Last Chaos' -> http://client.cdn.gamigo.com/lc/de/LastChaos_DE_Setup.exe
--- snip --- -=[ ProtectionID v0.6.5.5 OCTOBER]=- (c) 2003-2013 CDKiLLER & TippeX Build 31/10/13-21:09:09 Ready... Scanning -> C:\GAMIGO\LastChaosGER\LC.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 4117504 (03ED400h) Byte(s) [File Heuristics] -> Flag : 00000000000001001101001000000011 (0x0004D203) [Entrypoint Section Entropy] : 7.91 [!] VM Protect v1.60 - v2.05 detected ! - Scan Took : 0.527 Second(s) [00000020Fh tick(s)] [533 scan(s) done]
Scanning -> C:\GAMIGO\LastChaosGER\Bin\Nksp.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 706048 (0AC600h) Byte(s) [File Heuristics] -> Flag : 00000000000001001100001100000011 (0x0004C303) [Entrypoint Section Entropy] : 7.93 [!] VM Protect v1.60 - v2.05 detected ! [CompilerDetect] -> Visual C++ 10.0 (Visual Studio 2010) - Scan Took : 0.329 Second(s) [000000149h tick(s)] [533 scan(s) done] --- snip ---
The analysis of those is difficult because all XTrap enabled games are additionally wrapped with intrusive protection schemes, that actively prevent debugging/reverse engineering.
Continuous scan of windows, processes, module lists, watchers for remote thread creation/dll injection and many more trickery is employed to thwart attempts to debug/attach debuggers to processes.
Additionally, "default" relay tracing and snooping is not possible due to the way the DRM schemes work. One has to carefully craft "custom" relay modules/function exclusion list.
I chose 'Last Chaos' as target, the information can be applied to other games too.
--- snip --- $ pwd /home/focht/wine-games/wineprefix-lc-xtrap/wineprefix/drive_c/GAMIGO/LastChaosGER
$ wine ./Bin/Nksp.exe ... 0023:Call KERNEL32.LoadLibraryA(0033ec54 "C:\GAMIGO\LastChaosGER\Bin\Xtrap\XTrapVa.dll") ret=004136c0 ... 0023:Ret PE DLL (proc=0x40c10044,module=0x40400000 L"XTrapVa.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 0023:Ret KERNEL32.LoadLibraryA() retval=40400000 ret=004136c0 ... 0023:Call KERNEL32.CreateEventA(00000000,00000000,00000000,00000000) ret=4044f01c 0023:Ret KERNEL32.CreateEventA() retval=00000148 ret=4044f01c 0023:Call KERNEL32.CreateThread(00000000,00000000,40413c00,406f1990,00000000,0033e240) ret=4044f066 0023:Ret KERNEL32.CreateThread() retval=00000158 ret=4044f066 0023:Call KERNEL32.GetThreadTimes(00000158,0033e244,0033e264,0033e25c,0033e254) ret=4044560f ... 002c:Starting thread proc 0x40413c00 (arg=0x406f1990) 002c:Call KERNEL32.GetTickCount() ret=40450257 002c:Ret KERNEL32.GetTickCount() retval=00c9add3 ret=40450257 002c:Call KERNEL32.GetTickCount() ret=4044d47c 002c:Ret KERNEL32.GetTickCount() retval=00c9add3 ret=4044d47c 002c:Call KERNEL32.WaitForSingleObjectEx(00000148,00002ee0,00000000) ret=404504f4 0023:fixme:thread:NtQueryInformationThread Cannot get kerneltime or usertime of other threads 0023:Ret KERNEL32.GetThreadTimes() retval=00000001 ret=4044560f 0023:Call KERNEL32.GetTickCount() ret=0033de5c 0023:Ret KERNEL32.GetTickCount() retval=00c9add4 ret=0033de5c 0023:trace:seh:raise_exception code=c0000005 flags=0 addr=0x33de5c ip=0033de5c tid=0023 0023:trace:seh:raise_exception info[0]=00000001 0023:trace:seh:raise_exception info[1]=00c9add4 0023:trace:seh:raise_exception eax=00c9add4 ebx=00000009 ecx=ffffffff edx=00000000 esi=406dd0f0 edi=406dd0fc 0023:trace:seh:raise_exception ebp=40673008 esp=0033de28 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010206 0023:trace:seh:call_stack_handlers calling handler at 0x42644b code=c0000005 flags=0 0023:trace:seh:call_stack_handlers handler at 0x42644b returned 1 0023:trace:seh:call_stack_handlers calling handler at 0x40e194 code=c0000005 flags=0 ... --- snip ---
Before the crash one arrives at this location (after defeating various anti-debugging mechanisms):
--- snip --- 4058CEE0 56 PUSH ESI 4058CEE1 8BF1 MOV ESI,ECX 4058CEE3 8B0D 90326D40 MOV ECX,DWORD PTR DS:[406D3290] ; KERNEL32.GetTickCount 4058CEE9 8B06 MOV EAX,DWORD PTR DS:[ESI] 4058CEEB 51 PUSH ECX 4058CEEC 6A 59 PUSH 59 4058CEEE 8BCE MOV ECX,ESI 4058CEF0 FF90 80000000 CALL DWORD PTR DS:[EAX+80] 4058CEF6 A1 94326D40 MOV EAX,DWORD PTR DS:[406D3294] 4058CEFB 8B16 MOV EDX,DWORD PTR DS:[ESI] 4058CEFD 50 PUSH EAX 4058CEFE 6A 60 PUSH 60 4058CF00 8BCE MOV ECX,ESI 4058CF02 FF92 84000000 CALL DWORD PTR DS:[EDX+84] 4058CF08 5E POP ESI 4058CF09 C3 RETN --- snip ---
--- snip --- ... 40444DB7 50 PUSH EAX 40444DB8 52 PUSH EDX 40444DB9 FF75 F4 PUSH DWORD PTR SS:[EBP-C] 40444DBC FF75 14 PUSH DWORD PTR SS:[EBP+14] 40444DBF FF75 10 PUSH DWORD PTR SS:[EBP+10] 40444DC2 6A 00 PUSH 0 40444DC4 FF75 0C PUSH DWORD PTR SS:[EBP+C] 40444DC7 FF75 08 PUSH DWORD PTR SS:[EBP+8] 40444DCA 6A 00 PUSH 0 40444DCC B8 B2000000 MOV EAX,0B2 ; syscall # 0xB2 40444DD1 E8 DA010000 CALL 40444FB0 ; xtrap sysenter trampoline 40444DD6 83C4 1C ADD ESP,1C 40444DD9 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX 40444DDC 5A POP EDX 40444DDD 58 POP EAX 40444DDE 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 40444DE1 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] 40444DE4 F7D8 NEG EAX 40444DE6 1BC0 SBB EAX,EAX 40444DE8 F7D0 NOT EAX 40444DEA 23C1 AND EAX,ECX 40444DEC 5F POP EDI 40444DED 5E POP ESI 40444DEE 5B POP EBX 40444DEF 8BE5 MOV ESP,EBP 40444DF1 5D POP EBP 40444DF2 C2 1000 RETN 10 ...
; xtrap sysenter trampoline
40444FB0 8BD4 MOV EDX,ESP 40444FB2 0F34 SYSENTER 40444FB4 90 NOP 40444FB5 90 NOP 40444FB6 90 NOP 40444FB7 90 NOP ... --- snip ---
Some refresh how 'sysenter' works on Windows and Linux:
Windows: http://www.geoffchappell.com/studies/windows/km/cpu/sep.htm
Linux: https://reverseengineering.stackexchange.com/questions/2869/how-does-sysente...
Win32 stack layout for 'sysenter':
--- snip --- ESP+0x00 address of 'ret mm' or 'ret' in system call stub ESP+0x04 caller of system call stub ESP+0x08 1st NT syscall argument ESP+0x0c 2nd NT syscall argument ... --- snip ---
Linux stack layout for 'sysenter':
--- snip --- ESP+0x00 saved 'EBP' (pop %ebp) ESP+0x04 saved 'EDX' (pop %edx) ESP+0x08 saved 'ECX' (pop %ecx) ESP+0x0C saved 'EIP' (ret) --- snip ---
How 'XTrap' sets up the stack before 'sysenter':
EDX = ESP = 0x0033DDD4
--- snip --- 0033DDD4 40444DD6 ; return to 0x40444DD6 from 0x40444FB0 0033DDD8 00000000 0033DDDC FFFFFFFF 0033DDE0 7B848298 ; API entry of kernel32.GetTickCount 0033DDE4 00000000 0033DDE8 0033DE5C 0033DDEC 0000001C 0033DDF0 0033DE10 0033DDF4 00000009 0033DDF8 00000009 0033DDFC 0033DE78 0033DE00 FFFFFFFF 0033DE04 7B848298 0033DE08 0033DE10 0033DE0C 00000000 0033DE10 00000000 0033DE14 40673008 --- snip ---
With the 'sysenter' instruction executed, the transition to kernel mode is made.
Linux fast syscall layout dictates that the return address to userspace will be 0x7B848298 -> 'GetTickCount' entry.
--- snip --- GetTickCount: 7B848298 55 PUSH EBP 7B848299 89E5 MOV EBP,ESP 7B84829B 53 PUSH EBX 7B84829C 83E4 F0 AND ESP,FFFFFFF0 7B84829F E8 2C74FDFF CALL 7B81F6D0 7B8482A4 81C3 5C2D0700 ADD EBX,72D5C 7B8482AA E8 72FFFFFF CALL 7B848221 7B8482AF 8B5D FC MOV EBX,DWORD PTR SS:[EBP-4] 7B8482B2 C9 LEAVE 7B8482B3 C3 RETN --- snip ---
Since the 'sysenter' instruction can't be trapped by Wine there is no way to emulate it, avoiding the stack imbalance due to different fundamental design of the fast syscall facility.
This makes it a 'WONTFIX'.
$ sha1sum LastChaos_DE_Setup.exe 0e15713b80833f826c7c84be3c0f95ae85964df5 LastChaos_DE_Setup.exe
$ du -sh LastChaos_DE_Setup.exe 1.5G LastChaos_DE_Setup.exe
$ wine --version wine-1.7.21-3-gbf72c67
Regards
https://bugs.winehq.org/show_bug.cgi?id=11344
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #35 from Austin English austinenglish@gmail.com --- Closing.
https://bugs.winehq.org/show_bug.cgi?id=11344
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |kids_lt@hotmail.com
--- Comment #36 from Austin English austinenglish@gmail.com --- *** Bug 30216 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=11344
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |gustavo.borges.c@gmail.com
--- Comment #37 from Anastasius Focht focht@gmx.net --- *** Bug 32688 has been marked as a duplicate of this bug. ***
-
wine-bugs@winehq.org