http://bugs.winehq.org/show_bug.cgi?id=24374
Summary: Driller fails to run Product: Wine Version: 1.3.2 Platform: x86 URL: http://download.ovinebydesign.com/driller/download.asp x OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: gyebro69@gmail.com
Created an attachment (id=30720) --> (http://bugs.winehq.org/attachment.cgi?id=30720) terminal output
Driller is a freeware remake of a classic 3D adventure game, which was quite popular in the 8-bit computer era. The standalone executable Driller.exe fails to run in Wine, showing only a messagebox, saying: 'Error! User lib not found', then it quits.
I can't verify how it behaves under a native Windows environment because I have no Windows installed. According to the developer's page the game is Vista compatible.
I'm not sure it has something to do with the issue, but the Driller.exe is packed/protected(?) by Molebox Ultra. That is some kind of virtualization which helps creating portable applications.
Fedora 13 Nvidia 7600 / driver 256.53
http://bugs.winehq.org/show_bug.cgi?id=24374
GyB gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download
http://bugs.winehq.org/show_bug.cgi?id=24374
--- Comment #1 from GyB gyebro69@gmail.com 2010-09-12 12:15:17 CDT --- Created an attachment (id=30721) --> (http://bugs.winehq.org/attachment.cgi?id=30721) rzipped +relay,+seh,+tid,+msgbox debug log (uncompressed 15 MB)
http://bugs.winehq.org/show_bug.cgi?id=24374
--- Comment #2 from GyB gyebro69@gmail.com 2010-09-12 12:18:34 CDT --- Created an attachment (id=30722) --> (http://bugs.winehq.org/attachment.cgi?id=30722) starting the game under winedbg
This is the output when I started the executable in winedbg.
http://bugs.winehq.org/show_bug.cgi?id=24374
GyB gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Driller fails to run |Driller fails to start
http://bugs.winehq.org/show_bug.cgi?id=24374
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dank@kegel.com
--- Comment #3 from Dan Kegel dank@kegel.com 2010-09-12 14:35:16 CDT --- Possible dup of bug 12372 ?
http://bugs.winehq.org/show_bug.cgi?id=24374
--- Comment #4 from GyB gyebro69@gmail.com 2011-04-29 13:54:47 CDT --- (In reply to comment #3)
Possible dup of bug 12372 ?
Bug #12372 has been fixed in 1.3.19 but Driller still crashes on launch with the same 'Error! User lib not found' error message.
http://bugs.winehq.org/show_bug.cgi?id=24374
GyB gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://download.ovinebydesi |http://ovine.net/download.p |gn.com/driller/download.asp |hp?dl=driller |x |
--- Comment #5 from GyB gyebro69@gmail.com 2011-04-29 14:01:28 CDT --- Developer's download page has changed so I modified the URL field accordingly.
http://bugs.winehq.org/show_bug.cgi?id=24374
--- Comment #6 from GyB gyebro69@gmail.com 2013-01-27 12:46:10 CST --- the problem remains as of wine-1.5.22-158-g236b4da
https://bugs.winehq.org/show_bug.cgi?id=24374
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation Status|UNCONFIRMED |NEW CC| |focht@gmx.net Component|-unknown |kernel32 Summary|Driller fails to start |Driller crashes in process | |PE entry point due to | |Wine's mis-align workaround | |for 32-bit entry point asm | |wrapper (MoleBox Ultra | |v4.x) Ever confirmed|0 |1
--- Comment #7 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming. The app is protected by 'MoleBox Ultra v4.x'
Wine implements a workaround for broken apps when setting up the stack for the process entry point (misaligns the stack). This harms the protection code because it expects specific values/layout on the process entry stack.
A trace log with +relay is not really useful here since it influences stack layout/values and the crash is at entry point anyway.
The protection code at PE entry point:
--- snip --- 10001004 6A 28 PUSH 28 10001006 68 70204000 PUSH 402070 1000100B E8 74020000 CALL Driller.10001284 ; see next chunk 10001010 33FF XOR EDI,EDI 10001012 57 PUSH EDI 10001013 FF15 00D02910 CALL DWORD PTR DS:[<&kernel32.GetModuleHandleA> 10001019 66:8138 4D5A CMP WORD PTR DS:[EAX],5A4D ... 10001284 68 D0124000 PUSH 4012D0 10001289 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 1000128F 50 PUSH EAX 10001290 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10] 10001294 896C24 10 MOV DWORD PTR SS:[ESP+10],EBP 10001298 8D6C24 10 LEA EBP,DWORD PTR SS:[ESP+10] 1000129C 2BE0 SUB ESP,EAX 1000129E 53 PUSH EBX 1000129F 56 PUSH ESI 100012A0 57 PUSH EDI 100012A1 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 100012A4 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP 100012A7 50 PUSH EAX 100012A8 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4] 100012AB C745 FC FFFFFFFF MOV DWORD PTR SS:[EBP-4],-1 100012B2 8945 F8 MOV DWORD PTR SS:[EBP-8],EAX 100012B5 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10] ; 0x0033FE10 100012B8 8B70 C8 MOV ESI,DWORD PTR DS:[EAX-38] 100012BB 8B40 20 MOV EAX,DWORD PTR DS:[EAX+20] ; [0x0033FE30] -> 0x23 100012BE 8D40 04 LEA EAX,DWORD PTR DS:[EAX+4] ; -> 0x27 100012C1 50 PUSH EAX 100012C2 8B76 05 MOV ESI,DWORD PTR DS:[ESI+5] 100012C5 FF16 CALL DWORD PTR DS:[ESI] ; kernel32.GetModuleHandleA --- snip ---
'kernel32.GetModuleHandleA(0x27)' -> *boom*
Callstack at PE entry point, annotated:
--- snip --- 0033FE24 7B8642D4 ; return from asm wrapper 'CALL DWORD PTR SS:[EBP+C]' 0033FE28 7FFDF000 ; PEB *peb 0033FE2C 7B8642CB ; mis-align workaround, offset to 'call_process_entry' 0033FE30 00000023 ; mis-align workaround, garbage ---> *problem* 0033FE34 00000302 ; mis-align workaround, garbage 0033FE38 0033FE98 ; saved EBP 0033FE3C 7B864421 ; return from KERNEL32.call_process_entry 0033FE40 7FFDF000 ; PEB *peb 0033FE44 10001004 ; LPTHREAD_START_ROUTINE entry --- snip ---
Source: http://source.winehq.org/git/wine.git/blob/fd6c5490dfe8818b1f9fa19e6502e22ae...
--- snip --- 1048 #ifdef __i386__ 1049 extern DWORD call_process_entry( PEB *peb, LPTHREAD_START_ROUTINE entry ); 1050 __ASM_GLOBAL_FUNC( call_process_entry, 1051 "pushl %ebp\n\t" 1052 __ASM_CFI(".cfi_adjust_cfa_offset 4\n\t") 1053 __ASM_CFI(".cfi_rel_offset %ebp,0\n\t") 1054 "movl %esp,%ebp\n\t" 1055 __ASM_CFI(".cfi_def_cfa_register %ebp\n\t") 1056 "subl $12,%esp\n\t" /* deliberately mis-align the stack by 8, Doom 3 needs this */ 1057 "pushl 8(%ebp)\n\t" 1058 "call *12(%ebp)\n\t" 1059 "leave\n\t" 1060 __ASM_CFI(".cfi_def_cfa %esp,4\n\t") 1061 __ASM_CFI(".cfi_same_value %ebp\n\t") 1062 "ret" ) 1063 #else 1064 static inline DWORD call_process_entry( PEB *peb, LPTHREAD_START_ROUTINE entry ) 1065 { 1066 return entry( peb ); 1067 } 1068 #endif --- snip ---
The mis-align workaround moves potentially garbage values into view from PE entry point perspective when it examines the caller stack.
The protection code ought to read 'call_process_entry' caller return address from stack, adding four(?) and passing this address as module name to 'kernel32.GetModuleHandleA' (see previous entry point disassembly).
This (garbage) module name is not really useful at all - but it has an important property: it points into mapped 'kernel32 .text' section (four bytes after 'call_process_entry' caller return address) - hence the "string" is readable. The API call is expected to fail (returning NULL).
If you really need to mis-align the stack in the 32-bit asm wrapper you need to put valid/mapped addresses as stack value(s) into misalignment area.
Protection scan:
--- snip --- -=[ ProtectionID v0.6.5.5 OCTOBER]=- (c) 2003-2013 CDKiLLER & TippeX Build 31/10/13-21:09:09 Ready... Scanning -> Z:\home\focht\Downloads\Driller.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 23620456 (01686B68h) Byte(s) -> File has 22539112 (0157EB68h) bytes of appended data starting at offset 0108000h [File Heuristics] -> Flag : 00000000000000000000000000000100 (0x00000004) [Entrypoint Section Entropy] : 7.73 [!] MoleBox Ultra v4.x detected ! [i] relinked sections: yes - Scan Took : 0.639 Second(s) [00000027Fh tick(s)] [533 scan(s) done] --- snip ---
$ sha1sum install-driller.zip bd737b9bbd3c8fcb3000e532db987a505876af2a install-driller.zip
$ du -sh install-driller.zip 23M install-driller.zip
$ wine --version wine-1.7.23-90-gbdeb761
Regards
https://bugs.winehq.org/show_bug.cgi?id=24374
--- Comment #8 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
Download link is gone again but fortunately I kept a copy of the installer.
$ wine --version wine-1.7.47-47-ga8f45df
Regards
https://bugs.winehq.org/show_bug.cgi?id=24374
Béla Gyebrószki gyebro69@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://ovine.net/download.p |http://ovine.net/retro-rema |hp?dl=driller |kes
--- Comment #9 from Béla Gyebrószki gyebro69@gmail.com --- URL field now points to the main download page on the developer website. Alternatively here is the direct download link: https://www.dropbox.com/s/efc50jdjc0yvmtp/Driller.zip?dl=0
Driller.zip sha1: bd737b9bbd3c8fcb3000e532db987a505876af2a
https://bugs.winehq.org/show_bug.cgi?id=24374
--- Comment #10 from Béla Gyebrószki gyebro69@gmail.com --- Starting with 1.7.50 the game throws a different error message on start: 'Memory access violation', and in the terminal I see a pair of
err:quartz:GetClassMediaFile Media class not found
The game gets further with native quartz, it shows two splash screens then it dies with the loading screen: 'LOADSOUND Error loading file [sounds/fizzle.ogg]'
Installing WMP10, native devenum.dll doesn't make it better, the error message remains. err:ole:apartment_getclassobject DllGetClassObject returned error 0x80040111 err:ole:CoGetClassObject no class object {da4e3da0-d07d-11d0-bd50-00a0c911ce86} could be created for context 0x1 fixme:d3d:wined3d_get_adapter_raster_status wined3d 0x137b28, adapter_idx 0, raster_status 0x33fc28 semi-stub! fixme:ddraw:ddraw_surface7_Flip Ignoring flags 0x1.
The change was introduced by http://source.winehq.org/git/wine.git/commit/e67a00b46694625e3c40386008affac...
Could it be that the original problem was fixed by that commit and now we see a different issue?
Tested in wine-1.7.51-225-g3966aff Fedora 22 32-bit
https://bugs.winehq.org/show_bug.cgi?id=24374
--- Comment #11 from Anastasius Focht focht@gmx.net --- Hello Béla,
--- quote --- Could it be that the original problem was fixed by that commit and now we see a different issue? --- quote ---
no, the original issue is still present:
--- snip --- $ wine ./Driller.exe ... Unhandled exception: page fault on read access to 0x00000004 in 32-bit code (0xf7400896). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:f7400896 ESP:0033fcf4 EBP:0033fd18 EFLAGS:00010287( R- -- I S - -P-C) EAX:00000000 EBX:0033fdb0 ECX:00000004 EDX:00000004 ESI:1029d000 EDI:00000004 Stack dump: 0x0033fcf4: f7541000 1029d000 7bc859c8 00000004 0x0033fd04: 00000000 00000000 00000000 00000000 0x0033fd14: 00000000 0033fd68 7b84835f 0033fd44 0x0033fd24: 00000004 00000000 00000000 00000000 0x0033fd34: 00000000 00000000 00000000 00000000 0x0033fd44: 00000000 00000004 00000000 00000000 Backtrace: =>0 0xf7400896 __strlen_sse2_bsf+0x16() in libc.so.6 (0x0033fd18) 1 0x7bc859c8 RtlInitAnsiString+0x26(target=0x33fd44, source=*** invalid address 0x4 ***) [/home/focht/projects/wine/wine.repo/src/dlls/ntdll/rtlstr.c:105] in ntdll (0x0033fd18) 2 0x7b84835f FILE_name_AtoW+0x17(name=*** invalid address 0x4 ***, alloc=0) [/home/focht/projects/wine/wine.repo/src/dlls/kernel32/file.c:251] in kernel32 (0x0033fd68) 3 0x7b863e0d GetModuleHandleExA+0x52(flags=<couldn't compute location>, name=<couldn't compute location>, module=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/kernel32/module.c:543] in kernel32 (0x0033fd98) 4 0x7b864040 GetModuleHandleA+0x2c(module=<couldn't compute location>) [/home/focht/projects/wine/wine.repo/src/dlls/kernel32/module.c:618] in kernel32 (0x0033fdd8) 5 0x100012c7 in driller (+0x12c6) (0x0033fe30) 6 0x7b86e73c call_process_entry+0xb() in kernel32 (0x0033fe48) ... --- snip ---
$ wine --version wine-1.7.51-201-g60d1d6f
Regards
https://bugs.winehq.org/show_bug.cgi?id=24374
super_man@post.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |super_man@post.com
--- Comment #12 from super_man@post.com --- Driller download is dead, I tried 4-5 other games that are listed and all those lead into dead links.
https://bugs.winehq.org/show_bug.cgi?id=24374
Bruno Jesus 00cpxxx@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
--- Comment #13 from Bruno Jesus 00cpxxx@gmail.com --- Sebastian, please take a look at comment 7. I think you will understand it and be able to do something if possible.
https://bugs.winehq.org/show_bug.cgi?id=24374
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|download |
--- Comment #14 from Sebastian Lackner sebastian@fds-team.de --- (In reply to Bruno Jesus from comment #13)
Sebastian, please take a look at comment 7. I think you will understand it and be able to do something if possible.
Do you have a working download link or could you share the file privately? All links here seem to be broken, so removing "download" keyword.
https://bugs.winehq.org/show_bug.cgi?id=24374
--- Comment #15 from Bruno Jesus 00cpxxx@gmail.com --- (In reply to Sebastian Lackner from comment #14)
Do you have a working download link or could you share the file privately? All links here seem to be broken, so removing "download" keyword.
I can't be entirely sure as I cannot download now but this seems to be it.
https://archive.org/details/Driller
https://bugs.winehq.org/show_bug.cgi?id=24374
fjfrackiewicz@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fjfrackiewicz@gmail.com
--- Comment #16 from fjfrackiewicz@gmail.com --- (In reply to Sebastian Lackner from comment #14)
(In reply to Bruno Jesus from comment #13)
Sebastian, please take a look at comment 7. I think you will understand it and be able to do something if possible.
Do you have a working download link or could you share the file privately? All links here seem to be broken, so removing "download" keyword.
This link works, I just downloaded Driller from it:
https://archive.org/download/Driller/Driller.zip
https://bugs.winehq.org/show_bug.cgi?id=24374
--- Comment #17 from Sebastian Lackner sebastian@fds-team.de --- I haven't tested it with the app yet, but according to the description something like http://ix.io/xT9 should work. Could someone confirm?
BTW: The testbot shows that the stack misalignment is correct, at least for Windows XP. Modern operating systems initialize the stack properly, as can be seen from the test results: https://newtestbot.winehq.org/JobDetails.pl?Key=22712
https://bugs.winehq.org/show_bug.cgi?id=24374
Wylda wylda@volny.cz changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |wylda@volny.cz
--- Comment #18 from Wylda wylda@volny.cz ---
Could someone confirm?
Hard to say. It look like it helps, because wine-1.9.9 and also staging crash immediately as in comment 11.
With your patch it goes much further, displays two intro splash screens and begins to load and later dies with message "LOADSOUND Error loading file [sounds/fizzle.ogg]". So looks good, but it is strange, that this describes also comment 10 which was definitely without your patch already.
https://bugs.winehq.org/show_bug.cgi?id=24374
--- Comment #19 from Wylda wylda@volny.cz ---
I think the patch fixes the initial problem.
Some more notes - to get that fizzle.ogg, winegstreamer have to be disabled or wine built with --without-gstreamer, or it crashes sooner, but at the same time furtner than without the patch.
And good news is, that with this patch, bug 7036 is still fixed.
https://bugs.winehq.org/show_bug.cgi?id=24374
Wylda wylda@volny.cz changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://ovine.net/retro-rema |https://archive.org/downloa |kes |d/Driller/Driller.zip Keywords| |download, patch
https://bugs.winehq.org/show_bug.cgi?id=24374
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Staged patchset| |https://github.com/wine-com | |pholio/wine-staging/tree/ma | |ster/patches/kernel32-Misal | |ign_Workaround CC| |dmitry@baikal.ru, | |erich.e.hoover@wine-staging | |.com, michael@fds-team.de Status|NEW |STAGED
https://bugs.winehq.org/show_bug.cgi?id=24374
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Staged patchset|https://github.com/wine-com |https://github.com/wine-sta |pholio/wine-staging/tree/ma |ging/wine-staging/tree/mast |ster/patches/kernel32-Misal |er/patches/kernel32-Misalig |ign_Workaround |n_Workaround CC| |nerv@dawncrow.de
https://bugs.winehq.org/show_bug.cgi?id=24374
Gijs Vermeulen gijsvrm@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Fixed by SHA1| |61d92d1317272c4528872b091a5 | |308905dd00429 Status|STAGED |RESOLVED
--- Comment #20 from Gijs Vermeulen gijsvrm@gmail.com --- Staging patch was upstreamed as 61d92d1317272c4528872b091a5308905dd00429, marking FIXED.
https://bugs.winehq.org/show_bug.cgi?id=24374
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #21 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 3.13.
https://bugs.winehq.org/show_bug.cgi?id=24374
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |3.0.x
https://bugs.winehq.org/show_bug.cgi?id=24374
Michael Stefaniuc mstefani@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|3.0.x |---
--- Comment #22 from Michael Stefaniuc mstefani@winehq.org --- Removing the 3.0.x milestone from bugs included in 3.0.3.
-
wine-bugs@winehq.org