https://bugs.winehq.org/show_bug.cgi?id=47864
Bug ID: 47864 Summary: a program called fg768.exe(free gate) crashed Product: Wine Version: unspecified Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: awolf0412@qq.com Distribution: ---
Created attachment 65369 --> https://bugs.winehq.org/attachment.cgi?id=65369 backtrace
fg768 is a program to help with anti-sensorship
https://bugs.winehq.org/show_bug.cgi?id=47864
cms42 awolf0412@qq.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |awolf0412@qq.com
https://bugs.winehq.org/show_bug.cgi?id=47864
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |xerox.xerox2000x@gmail.com
--- Comment #1 from Louis Lenders xerox.xerox2000x@gmail.com --- Hi, is this the program https://www.techspot.com/downloads/6243-freegate.html ?
if so:
It seems to check for function pointers for RtlAllocateHeap and RtlReAllocateHeap in kernel32.
I know they are in ntdll, i don`t know if they are in kernel32. If you add the entries in kernel32.spec (and fornward to ntdll) the program doesn`t crash , but consumes a lot of cpu and nothing really happens. Don`t know really what it`s doing, is it supposed to show a GUI?
https://bugs.winehq.org/show_bug.cgi?id=47864
Fabian Maurer dark.shadow4@web.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dark.shadow4@web.de
--- Comment #2 from Fabian Maurer dark.shadow4@web.de --- Yeah, it's a GUI program. I tested on my Win7 VM.
https://bugs.winehq.org/show_bug.cgi?id=47864
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://www.techspot.com/do | |wnloads/6243-freegate.html Keywords| |download
https://bugs.winehq.org/show_bug.cgi?id=47864
--- Comment #3 from Louis Lenders xerox.xerox2000x@gmail.com --- Created attachment 65372 --> https://bugs.winehq.org/attachment.cgi?id=65372 patch
This attached patch allows me start the program.
It looks as if there`s a typo in the code for IsWow64Process but i wonder how that would get in,
can anyone who understands the code better explain the double !! ?? or confirm it`s indeed a typo
https://bugs.winehq.org/show_bug.cgi?id=47864
--- Comment #4 from Nikolay Sivov bunglehead@gmail.com --- It's not a typo, non-zero value means wow64.
https://bugs.winehq.org/show_bug.cgi?id=47864
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever confirmed|0 |1
--- Comment #5 from Louis Lenders xerox.xerox2000x@gmail.com --- (In reply to Nikolay Sivov from comment #4)
It's not a typo, non-zero value means wow64.
Yeah i see, after better look then this morning , and also I checked that the spec entries for Rtl{Re}AllocateHeap are _not_ present in windows kernel32.
So funnily enough i have now two obviously wrong hacks that make the program start ;) Mystery, maybe program is obfuscated, this needs expert to look into.
Here`s first crash:
0009:Call KERNEL32.GetModuleHandleA(00b257e0 "kernel32.dll") ret=00ccc871 . . 0009:Ret KERNEL32.GetModuleHandleA() retval=7b420000 ret=00ccc871 . 0009:Call KERNEL32.GetProcAddress(7b420000,7b6705a0 "RtlAllocateHeap") ret=00c5e64c 0009:Ret KERNEL32.GetProcAddress() retval=00000000 ret=00c5e64c 0009:trace:seh:raise_exception code=c0000005 flags=0 addr=0xc82155 ip=00c82155 tid=0009 . wine: Unhandled page fault on read access to 0x00000000 at address 00C82155 (thread 0009), starting debugger...
https://bugs.winehq.org/show_bug.cgi?id=47864
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |doitsexy@163.com
--- Comment #6 from Louis Lenders xerox.xerox2000x@gmail.com --- *** Bug 47572 has been marked as a duplicate of this bug. ***
-
WineHQ Bugzilla