[Bug 49198] New: Denuvo Anti-Cheat 'denuvo-anti-cheat.sys' crashes in entry point (incorrect page protection restored during relocation processing)
https://bugs.winehq.org/show_bug.cgi?id=49198
Bug ID: 49198 Summary: Denuvo Anti-Cheat 'denuvo-anti-cheat.sys' crashes in entry point (incorrect page protection restored during relocation processing) Product: Wine Version: 5.8 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
as it says. Regression introduced by commit https://source.winehq.org/git/wine.git/commitdiff/22dfb0df10b44d1c21b3d04b59... ("ntoskrnl.exe: Protect relocated pages one at a time.")
--- snip --- $ WINEDEBUG=+seh,+relay,+ntoskrnl,+loaddll,+module,+ntdll,+virtual wine net start "Denuvo Anti-Cheat" >>log.txt 2>&1 ... 00d0:trace:ntoskrnl:load_driver loading driver L"C:\Program Files\Denuvo Anti-Cheat\denuvo-anti-cheat.sys" 00d0:Call KERNEL32.LoadLibraryW(0078e440 L"C:\Program Files\Denuvo Anti-Cheat\denuvo-anti-cheat.sys") ret=00236928 ... 00d0:trace:virtual:map_view got mem in reserved area 0xc80000-0xe04000 00d0:trace:module:map_image mapped PE file at 0xc80000-0xe04000 00d0:trace:module:map_image mapping section .text at 0xc81000 off 600 size 75200 virt 75200 flags 68000020 00d0:trace:module:map_image clearing 0xcf6200 - 0xcf7000 00d0:trace:module:map_image mapping section .rdata at 0xcf7000 off 75800 size 2fa00 virt 30000 flags 48000020 00d0:trace:module:map_image clearing 0xd26a00 - 0xd27000 00d0:trace:module:map_image mapping section .data at 0xd27000 off a5200 size 200 virt 5000 flags c8000020 00d0:trace:module:map_image clearing 0xd27200 - 0xd28000 00d0:trace:module:map_image mapping section .pdata at 0xd2c000 off a5400 size 7800 virt 8000 flags 48000040 00d0:trace:module:map_image clearing 0xd33800 - 0xd34000 00d0:trace:module:map_image mapping section .gfids at 0xd34000 off acc00 size 200 virt 1000 flags 48000020 00d0:trace:module:map_image clearing 0xd34200 - 0xd35000 00d0:trace:module:map_image mapping section PAGE at 0xd35000 off ace00 size 400 virt 400 flags 68000020 00d0:trace:module:map_image clearing 0xd35400 - 0xd36000 00d0:trace:module:map_image mapping section .edata at 0xd36000 off ad200 size 200 virt 1000 flags 48000020 00d0:trace:module:map_image clearing 0xd36200 - 0xd37000 00d0:trace:module:map_image mapping section INIT at 0xd37000 off ad400 size e00 virt e00 flags 68000020 00d0:trace:module:map_image clearing 0xd37e00 - 0xd38000 00d0:trace:module:map_image mapping section .rsrc at 0xd38000 off ae200 size 1a00 virt 2000 flags 48000020 00d0:trace:module:map_image clearing 0xd39a00 - 0xd3a000 00d0:trace:module:map_image mapping section at 0xd3a000 off afc00 size c1a00 virt c1828 flags 68000020 00d0:trace:module:map_image clearing 0xdfba00 - 0xdfc000 00d0:trace:module:map_image mapping section at 0xdfc000 off 171600 size e00 virt c2c flags 48000020 00d0:trace:module:map_image clearing 0xdfce00 - 0xdfd000 00d0:trace:module:map_image mapping section at 0xdfd000 off 172400 size 600 virt 480 flags c8000020 00d0:trace:module:map_image clearing 0xdfd600 - 0xdfe000 00d0:trace:module:map_image mapping section at 0xdfe000 off 172a00 size 800 virt 696 flags 68000020 00d0:trace:module:map_image clearing 0xdfe800 - 0xdff000 00d0:trace:module:map_image mapping section .rdata at 0xdff000 off 173200 size 1400 virt 12d4 flags 48000040 00d0:trace:module:map_image clearing 0xe00400 - 0xe01000 00d0:trace:module:map_image mapping section .rsrc at 0xe01000 off 174600 size 600 virt 4f8 flags 42000040 00d0:trace:module:map_image clearing 0xe01600 - 0xe02000 00d0:trace:module:map_image mapping section .reloc at 0xe02000 off 174c00 size 1c00 virt 1a60 flags 42000040 00d0:trace:module:map_image clearing 0xe03c00 - 0xe04000 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- ... 00d0:trace:loaddll:load_native_dll Loaded L"C:\Program Files\Denuvo Anti-Cheat\denuvo-anti-cheat.sys" at 0xc80000: native 00d0:trace:module:load_dll Loaded module L"\??\C:\Program Files\Denuvo Anti-Cheat\denuvo-anti-cheat.sys" at 0xc80000 00d0:trace:module:process_attach (L"denuvo-anti-cheat.sys",(nil)) - START 00d0:trace:module:process_attach (L"netio.sys",(nil)) - START 00d0:trace:module:process_attach (L"netio.sys",(nil)) - END 00d0:trace:module:process_attach (L"wdfldr.sys",(nil)) - START 00d0:trace:module:process_attach (L"wdfldr.sys",(nil)) - END 00d0:trace:module:process_attach (L"denuvo-anti-cheat.sys",(nil)) - END 00d0:Ret ntdll.LdrLoadDll() retval=00000000 ret=7b01d770 00d0:Call ntdll.RtlReleasePath(0078e4d0) ret=7b01d7ae 00d0:Ret ntdll.RtlReleasePath() retval=00000001 ret=7b01d7ae 00d0:Ret KERNEL32.LoadLibraryW() retval=00c80000 ret=00236928 ... 00d0:trace:ntoskrnl:perform_relocations relocating from 0000000140000000-0000000140184000 to 0000000000C80000-0000000000E04000 00d0:Call KERNEL32.VirtualProtect(00cf7000,00002000,00000004,00b5f7c0) ret=00236a79 00d0:Call ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6e0,00b5f6d8,00000004,00b5f7c0) ret=7b02d058 00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xcf7000 00002000 00000004 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xcf8fff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xcf9000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- ... 00d0:Call ntdll.LdrProcessRelocationBlock(00d27000,10000000a,00e03924,fffffffec0c80000) ret=00236a9e 00d0:Ret ntdll.LdrProcessRelocationBlock() retval=00e03938 ret=00236a9e 00d0:Call KERNEL32.VirtualProtect(00d27000,00002000,00000008,00b5f7c0) ret=00236ab4 00d0:Call ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6e0,00b5f6d8,00000008,00b5f7c0) ret=7b02d058 00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xd27000 00002000 00000008 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- 00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d058 00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236ab4 00d0:Call KERNEL32.VirtualProtect(00dfd000,00002000,00000004,00b5f7c0) ret=00236a79 00d0:Call ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6e0,00b5f6d8,00000004,00b5f7c0) ret=7b02d058 00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xdfd000 00002000 00000004 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfefff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- 00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d058 00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236a79 ... 00d0:Call driver init 0000000000C81184 (obj=000000000078E290,str=L"\Registry\Machine\System\CurrentControlSet\Services\Denuvo Anti-Cheat") 00d0:trace:seh:raise_exception code=c0000005 flags=0 addr=0xdfe5e0 ip=dfe5e0 tid=00d0 00d0:trace:seh:raise_exception info[0]=0000000000000008 00d0:trace:seh:raise_exception info[1]=0000000000dfe5e0 00d0:trace:seh:raise_exception rax=0000000000d2b9c0 rbx=0000000000c81184 rcx=0000000000d2b988 rdx=000000000078e3f8 00d0:trace:seh:raise_exception rsi=000000000078e3f8 rdi=000000000078e290 rbp=0000000000000000 rsp=0000000000b5f858 00d0:trace:seh:raise_exception r8=00002b992ddfa232 r9=0000000000000000 r10=0000000000000000 r11=0000000000000000 00d0:trace:seh:raise_exception r12=000000000078e290 r13=00007fffffea4000 r14=000000000078e3f8 r15=0000000000000000 00d0:trace:seh:call_vectored_handlers calling handler at 0x22cf50 code=c0000005 flags=0 00d0:trace:seh:call_vectored_handlers handler at 0x22cf50 returned 0 00d0:warn:seh:virtual_unwind exception data not found in L"denuvo-anti-cheat.sys" --- snip ---
0xdfe000 = IAT which has page execute protection erroneously removed during relocation processing.
$ wine --version wine-5.8-232-gca6dbcf35b
Regards
https://bugs.winehq.org/show_bug.cgi?id=49198
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://store.steampowered. | |com/app/782330/ Regression SHA1| |22dfb0df10b44d1c21b3d04b593 | |12670c2318431 CC| |z.figura12@gmail.com Keywords| |obfuscation, regression
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
filling more fields.
Also adding disassembly in case it's not that obvious.
--- snip --- ... 0000000000C81060 | mov qword ptr ss:[rsp+8],rbx | 0000000000C81065 | mov qword ptr ss:[rsp+10],rbp | 0000000000C8106A | mov qword ptr ss:[rsp+18],rsi | 0000000000C8106F | push rdi | 0000000000C81070 | sub rsp,20 | 0000000000C81074 | xor ebp,ebp | 0000000000C81076 | mov rsi,rdx | 0000000000C81079 | mov rdi,rcx | 0000000000C8107C | cmp rcx,rbp | 0000000000C8107F | jne denuvo-anti-cheat.C8108D | 0000000000C81081 | xor ecx,ecx | 0000000000C81083 | call denuvo-anti-cheat.CBAE20 | 0000000000C81088 | jmp denuvo-anti-cheat.C8116D | 0000000000C8108D | mov eax,208 | 0000000000C81092 | mov qword ptr ds:[D2B9B0],rcx | 0000000000C81099 | lea rcx,qword ptr ds:[D2B988] | 0000000000C810A0 | mov word ptr ds:[D2B98A],ax | 0000000000C810A7 | lea rax,qword ptr ds:[D2B9C0] | 0000000000C810AE | mov word ptr ds:[D2B988],bp | 0000000000C810B5 | mov qword ptr ds:[D2B990],rax | 0000000000C810BC | call qword ptr ds:[<&JMP.&RtlCopyUnicodeString>] | 0000000000C810C2 | lea r9,qword ptr ds:[D2B9A8] | 0000000000C810C9 | lea r8,qword ptr ds:[D27060] | ... 0000000000DFE000 | jmp qword ptr ds:[<&WskCaptureProviderNPI>] | 0000000000DFE006 | nop word ptr cs:[rax+rax],ax | 0000000000DFE010 | jmp qword ptr ds:[<&WskReleaseProviderNPI>] | 0000000000DFE016 | nop word ptr cs:[rax+rax],ax | ... 0000000000DFE5C0 | jmp qword ptr ds:[<&PsSetLoadImageNotifyRoutine>] | 0000000000DFE5C6 | nop word ptr cs:[rax+rax],ax | 0000000000DFE5D0 | jmp qword ptr ds:[<&PsRemoveLoadImageNotifyRoutine>] | 0000000000DFE5D6 | nop word ptr cs:[rax+rax],ax | 0000000000DFE5E0 | jmp qword ptr ds:[<&RtlCopyUnicodeString>] | boom 0000000000DFE5E6 | nop word ptr cs:[rax+rax],ax | 0000000000DFE5F0 | jmp qword ptr ds:[<&MmGetSystemRoutineAddress>] | 0000000000DFE5F6 | nop word ptr cs:[rax+rax],ax | --- snip ---
Regards
https://bugs.winehq.org/show_bug.cgi?id=49198
--- Comment #2 from Zebediah Figura z.figura12@gmail.com --- Created attachment 67221 --> https://bugs.winehq.org/attachment.cgi?id=67221 possible fix
Does the attached patch fix it?
https://bugs.winehq.org/show_bug.cgi?id=49198
--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello Zeb,
the patch works. Thanks.
--- snip --- $ WINEDEBUG=+seh,+relay,+ntoskrnl,+loaddll,+module,+ntdll,+virtual wine net start "Denuvo Anti-Cheat" >>log.txt 2>&1 ... 00d0:trace:virtual:map_view got mem in reserved area 0xc80000-0xe04000 00d0:trace:module:map_image mapped PE file at 0xc80000-0xe04000 00d0:trace:module:map_image mapping section .text at 0xc81000 off 600 size 75200 virt 75200 flags 68000020 00d0:trace:module:map_image clearing 0xcf6200 - 0xcf7000 00d0:trace:module:map_image mapping section .rdata at 0xcf7000 off 75800 size 2fa00 virt 30000 flags 48000020 00d0:trace:module:map_image clearing 0xd26a00 - 0xd27000 00d0:trace:module:map_image mapping section .data at 0xd27000 off a5200 size 200 virt 5000 flags c8000020 00d0:trace:module:map_image clearing 0xd27200 - 0xd28000 00d0:trace:module:map_image mapping section .pdata at 0xd2c000 off a5400 size 7800 virt 8000 flags 48000040 00d0:trace:module:map_image clearing 0xd33800 - 0xd34000 00d0:trace:module:map_image mapping section .gfids at 0xd34000 off acc00 size 200 virt 1000 flags 48000020 00d0:trace:module:map_image clearing 0xd34200 - 0xd35000 00d0:trace:module:map_image mapping section PAGE at 0xd35000 off ace00 size 400 virt 400 flags 68000020 00d0:trace:module:map_image clearing 0xd35400 - 0xd36000 00d0:trace:module:map_image mapping section .edata at 0xd36000 off ad200 size 200 virt 1000 flags 48000020 00d0:trace:module:map_image clearing 0xd36200 - 0xd37000 00d0:trace:module:map_image mapping section INIT at 0xd37000 off ad400 size e00 virt e00 flags 68000020 00d0:trace:module:map_image clearing 0xd37e00 - 0xd38000 00d0:trace:module:map_image mapping section .rsrc at 0xd38000 off ae200 size 1a00 virt 2000 flags 48000020 00d0:trace:module:map_image clearing 0xd39a00 - 0xd3a000 00d0:trace:module:map_image mapping section at 0xd3a000 off afc00 size c1a00 virt c1828 flags 68000020 00d0:trace:module:map_image clearing 0xdfba00 - 0xdfc000 00d0:trace:module:map_image mapping section at 0xdfc000 off 171600 size e00 virt c2c flags 48000020 00d0:trace:module:map_image clearing 0xdfce00 - 0xdfd000 00d0:trace:module:map_image mapping section at 0xdfd000 off 172400 size 600 virt 480 flags c8000020 00d0:trace:module:map_image clearing 0xdfd600 - 0xdfe000 00d0:trace:module:map_image mapping section at 0xdfe000 off 172a00 size 800 virt 696 flags 68000020 00d0:trace:module:map_image clearing 0xdfe800 - 0xdff000 00d0:trace:module:map_image mapping section .rdata at 0xdff000 off 173200 size 1400 virt 12d4 flags 48000040 00d0:trace:module:map_image clearing 0xe00400 - 0xe01000 00d0:trace:module:map_image mapping section .rsrc at 0xe01000 off 174600 size 600 virt 4f8 flags 42000040 00d0:trace:module:map_image clearing 0xe01600 - 0xe02000 00d0:trace:module:map_image mapping section .reloc at 0xe02000 off 174c00 size 1c00 virt 1a60 flags 42000040 00d0:trace:module:map_image clearing 0xe03c00 - 0xe04000 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- ... 00d0:Call ntdll.LdrProcessRelocationBlock(00d27000,10000000a,00e03924,fffffffec0c80000) ret=00236ac4 00d0:Ret ntdll.LdrProcessRelocationBlock() retval=00e03938 ret=00236ac4 00d0:Call KERNEL32.VirtualProtect(00d27000,00001000,00000008,00b5f7c0) ret=00236ada 00d0:Call ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000008,00b5f7c0) ret=7b02d008 00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xd27000 00001000 00000008 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- 00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008 00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236ada 00d0:Call KERNEL32.VirtualProtect(00d28000,00001000,00000008,00b5f7a0) ret=00236aed 00d0:Call ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000008,00b5f7a0) ret=7b02d008 00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xd28000 00001000 00000008 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- 00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008 00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236aed 00d0:Call KERNEL32.VirtualProtect(00dfd000,00001000,00000004,00b5f7c0) ret=00236a80 00d0:Call ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000004,00b5f7c0) ret=7b02d008 00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xdfd000 00001000 00000004 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- 00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008 00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236a80 00d0:Call KERNEL32.VirtualProtect(00dfe000,00001000,00000004,00b5f7a0) ret=00236a9d 00d0:Call ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000004,00b5f7a0) ret=7b02d008 00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xdfe000 00001000 00000004 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfefff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- 00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008 00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236a9d 00d0:Call ntdll.LdrProcessRelocationBlock(00dfd000,100000090,00e03940,fffffffec0c80000) ret=00236ac4 00d0:Ret ntdll.LdrProcessRelocationBlock() retval=00e03a60 ret=00236ac4 00d0:Call KERNEL32.VirtualProtect(00dfd000,00001000,00000008,00b5f7c0) ret=00236ada 00d0:Call ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000008,00b5f7c0) ret=7b02d008 00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xdfd000 00001000 00000008 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfefff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- 00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008 00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236ada 00d0:Call KERNEL32.VirtualProtect(00dfe000,00001000,00000020,00b5f7a0) ret=00236aed 00d0:Call ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000020,00b5f7a0) ret=7b02d008 00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xdfe000 00001000 00000020 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- 00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008 00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236aed 00d0:Call KERNEL32.VirtualProtect(00c800d0,00000108,00000004,00b5f7a4) ret=00236b91 00d0:Call ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000004,00b5f7a4) ret=7b02d008 00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xc800d0 00000108 00000004 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- 00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008 00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236b91 00d0:Call KERNEL32.VirtualProtect(00c800d0,00000108,00000002,00b5f7a4) ret=00236bb0 00d0:Call ntdll.NtProtectVirtualMemory(ffffffffffffffff,00b5f6d0,00b5f6c8,00000002,00b5f7a4) ret=7b02d008 00d0:trace:virtual:NtProtectVirtualMemory 0xffffffffffffffff 0xc800d0 00000108 00000002 00d0:trace:virtual:VIRTUAL_DumpView View: 0xc80000 - 0xe03fff (image) 00d0:trace:virtual:VIRTUAL_DumpView 0xc80000 - 0xc80fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xc81000 - 0xcf6fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xcf7000 - 0xd26fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd27000 - 0xd2bfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xd2c000 - 0xd34fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd35000 - 0xd35fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd36000 - 0xd36fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd37000 - 0xd37fff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xd38000 - 0xd39fff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xd3a000 - 0xdfbfff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdfc000 - 0xdfcfff c-r-- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfd000 - 0xdfdfff c-rW- 00d0:trace:virtual:VIRTUAL_DumpView 0xdfe000 - 0xdfefff c-r-x 00d0:trace:virtual:VIRTUAL_DumpView 0xdff000 - 0xe03fff c-r-- 00d0:Ret ntdll.NtProtectVirtualMemory() retval=00000000 ret=7b02d008 00d0:Ret KERNEL32.VirtualProtect() retval=00000001 ret=00236bb0 00d0:Call ntdll.RtlImageDirectoryEntryToData(00c80000,00000001,00000001,00b5f7a0) ret=00236bc8 00d0:Ret ntdll.RtlImageDirectoryEntryToData() retval=00dff61c ret=00236bc8 00d0:Call KERNEL32.LoadLibraryW(00b5f7c0 L"netio.sys") ret=00236928 ... 00d0:Call driver init 0000000000C81184 (obj=00000000000FD0D0,str=L"\Registry\Machine\System\CurrentControlSet\Services\Denuvo Anti-Cheat") 00d0:Call ntoskrnl.exe.RtlCopyUnicodeString(00d2b988,000fd238) ret=00c810c2 ... 00d0:Ret ntoskrnl.exe.RtlCopyUnicodeString() retval=00d2b9c0 ret=00c810c2 ... --- snip ---
Regards
https://bugs.winehq.org/show_bug.cgi?id=49198
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED Fixed by SHA1| |c750ae6b9dc85fd2173e40a0720 | |4388988b64532
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit https://source.winehq.org/git/wine.git/commitdiff/c750ae6b9dc85fd2173e40a072... ("ntoskrnl.exe: Protect the two relocated pages independently.")
Thanks Zebediah
$ wine --version wine-5.9
Regards
https://bugs.winehq.org/show_bug.cgi?id=49198
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 5.10.
https://bugs.winehq.org/show_bug.cgi?id=49198
--- Comment #6 from Michael Stefaniuc mstefani@winehq.org --- Removing the 5.0.x milestone from bug fixes included in 5.0.2.
-
WineHQ Bugzilla