[Bug 47175] New: Star Wars - The Old Republic web-installer fails with ' ... require administrative permission acknowledgment' ( BitRaider filter driver SCM config 'ImagePath' must be prefixed with '\??\ ')
https://bugs.winehq.org/show_bug.cgi?id=47175
Bug ID: 47175 Summary: Star Wars - The Old Republic web-installer fails with '... require administrative permission acknowledgment' (BitRaider filter driver SCM config 'ImagePath' must be prefixed with '??') Product: Wine Version: 4.8 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
found this comment:
https://old.reddit.com/r/wine_gaming/comments/bmpsaw/support_components_as_i...
which is related to the BitRaider service/component/technology (https://www.bitraider.com/)
Further articles for reference:
* https://www.reddit.com/r/swtor/comments/5wt85k/guide_how_to_run_swtor_on_osx...
* https://www.reddit.com/r/swtor/comments/bcqg0h/anyone_else_experience_this_i...
* https://www.reddit.com/r/swtor/comments/3ksypm/guide_to_permanently_removing...
* https://www.codeweavers.com/compatibility/crossover/tips/star-wars-the-old-r...
There are actually multiple interesting bugs behind the BitRaider functionality (streaming downloader/content distribution system).
The first issues have to with the way the Windows service configuration (SCM) is stored/handled in registry. The folks who wrote this piece of gar....^ have an interesting way of using Windows service control manager API and bypassing it completely when dealing with kernel/filter driver service configurations.
I leave you out some hours of investigations with dead-ends and misleading log output.
There is a helper (console) app which is used to install and configure BitRaider. At least three log file locations are of interest during boostrapping of the game installer/launcher which includes set up of BitRaider.
--- snip --- .wine/drive_c/ProgramData/BitRaider/common/logs/BR_Debuglog.txt ... .wine/drive_c/Star Wars-The Old Republic/bitraider/logs/swtor_swtor.txt ... .wine/drive_c/Star Wars-The Old Republic/logs/launcher_20190511.log --- snip ---
'swtor_swtor.txt'
--- snip --- ... 1.3.3.4098 2014/10/10 15:09 1.3.3_hotfix #22 Logfile updated
2019/05/11 08:55:16.927:[INFO]MachineId: LAV9AVgtU0VCMUctcjMVNSIAbgBuADMA PID: 8 2019/05/11 08:55:16.929:[INFO]Language ID: 1033 Kernel: C:\windows\system32\ntoskrnl.exe 2019/05/11 08:55:16.929:[INFO]Host OS: Windows 7 [6.1.7601.21863] - 64-Bit - Release Client. - Process Elevated - User Fully Elevated 2019/05/11 08:55:16.929:[INFO]Exepath: C:\Star Wars-The Old Republic\bitraider\bin\brwc.exe 2019/05/11 08:55:16.929:[INFO]Command Parms: "brdestpath=c:\star wars-the old republic" brlocalebank=0 id=swtor_swtor -brnolaunch -brnoui brcallingpid=8 2019/05/11 08:55:16.937:[INFO]Connecting to Service Core, command: 13 2019/05/11 08:55:16.942:[INFO]CBRWCApp: Loaded common path "c:\star wars-the old republic\Bitraider\bin" for ID=swtor_swtor 2019/05/11 08:55:16.993:[INFO]STLEFE: Skipping extract to C:\Star Wars-The Old Republic\bitraider\bin\BRException.exe; identical to reource 2019/05/11 08:55:16.995:[INFO]STLEFE: Skipping extract to C:\ProgramData\BitRaider\common\BRException.exe; identical to reource 2019/05/11 08:55:16.998:[INFO]STLEFE: Skipping extract to C:\Star Wars-The Old Republic\bitraider\bin\BRExtPipe.dll; identical to reource 2019/05/11 08:55:16.999:[INFO]STLEFE: Skipping extract to C:\ProgramData\BitRaider\BRExtPipe.dll; identical to reource 2019/05/11 08:55:17.033:[CRIT](BRDriver64_1_3_3_E02B25FC): reading 'ImagePath' string under key System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC failed. error code 0 2019/05/11 08:55:17.042:[INFO]CSTL-StartStopSupportServiceStub: CurrentState: 3 2019/05/11 08:55:18.047:[INFO]CSTL-StartStopSupportServiceStub: CurrentState: 1 2019/05/11 08:55:18.062:[INFO]STLEFE: Skipping extract to C:\ProgramData\BitRaider\BRSptStub.exe; identical to reource 2019/05/11 08:55:18.081:[INFO]Attempting to install a new copy of the service helper. 2019/05/11 08:55:18.540:[INFO]Support Service Successfully installed 2019/05/11 08:55:18.541:[CRIT](BRDriver64_1_3_3_E02B25FC): reading 'Ima2019/05/11 08:59:45.826:[INFO] ... --- snip ---
--- snip --- $ pwd /home/focht/.wine/drive_c/Star Wars-The Old Republic/bitraider/bin
$ WINEDEBUG=+seh,+relay,+server,+reg,+service wine ./brwc.exe brdestpath="c:\star wars-the old republic" brlocalebank=0 id=swtor_swtor -brnolaunch -brnoui brcallingpid=8 >>log.txt 2>&1 ... 0082:Call KERNEL32.GetModuleHandleW(007683c8 L"kernel32.dll") ret=004aaaec 0082:Ret KERNEL32.GetModuleHandleW() retval=7b430000 ret=004aaaec 0082:Call KERNEL32.GetProcAddress(7b430000,00769538 "GetSystemWow64DirectoryW") ret=004aaafc 0082:Ret KERNEL32.GetProcAddress() retval=7b43675c ret=004aaafc 0082:Call KERNEL32.GetSystemWow64DirectoryW(0031c660,00000104) ret=004aab0e 0082:Ret KERNEL32.GetSystemWow64DirectoryW() retval=00000013 ret=004aab0e ... 0082:Call advapi32.RegOpenKeyExW(80000002,0031d0ec L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC",00000000,00020019,0031c890) ret=00483205 0082:trace:reg:open_key (0x2c,L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC",20019,0x31c890) 0082: open_key( parent=002c, access=00020019, attributes=00000000, name=L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC" ) 0082: open_key() = 0 { hkey=01cc } 0082:trace:reg:open_key <- 0x1cc 0082:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=00483205 0082:Call advapi32.RegQueryValueExW(000001cc,00754df4 L"DisplayName",00000000,0031c88c,0031ceec,0031c894) ret=00483249 0082:trace:reg:RegQueryValueExW (0x1cc,L"DisplayName",(nil),0x31c88c,0x31ceec,0x31c894=512) 0082:trace:reg:NtQueryValueKey (0x1cc,L"DisplayName",2,0x31c6c4,256) 0082: get_key_value( hkey=01cc, name=L"DisplayName" ) 0082: get_key_value() = 0 { type=1, total=52, data={42,00,52,00,44,00,72,00,69,00,76,00,65,00,72,00,36,00,34,00,5f,00,31,00,5f,00,33,00,5f,00,33,00,5f,00,45,00,30,00,32,00,42,00,32,00,35,00,46,00,43,00,00,00} } 0082:Ret advapi32.RegQueryValueExW() retval=00000000 ret=00483249 0082:Call advapi32.RegQueryValueExW(000001cc,00754e0c L"ErrorControl",00000000,0031c88c,0031c888,0031c894) ret=004832b4 0082:trace:reg:RegQueryValueExW (0x1cc,L"ErrorControl",(nil),0x31c88c,0x31c888,0x31c894=4) 0082:trace:reg:NtQueryValueKey (0x1cc,L"ErrorControl",2,0x31c6c4,16) 0082: get_key_value( hkey=01cc, name=L"ErrorControl" ) 0082: get_key_value() = 0 { type=4, total=4, data={01,00,00,00} } 0082:Ret advapi32.RegQueryValueExW() retval=00000000 ret=004832b4 0082:Call advapi32.RegQueryValueExW(000001cc,00754e34 L"ImagePath",00000000,0031c88c,0031ceec,0031c894) ret=00483358 0082:trace:reg:RegQueryValueExW (0x1cc,L"ImagePath",(nil),0x31c88c,0x31ceec,0x31c894=512) 0082:trace:reg:NtQueryValueKey (0x1cc,L"ImagePath",2,0x31c6c4,256) 0082: get_key_value( hkey=01cc, name=L"ImagePath" ) 0082: get_key_value() = 0 { type=1, total=126, data={43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,61,00,74,00,61,00,5c,00,42,00,69,00,74,00,52,00,61,00,69,00,64,00,65,00,72,00,5c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,5c,00,31,00,2e,00,33,00,2e,00,33,00,5c,00,45,00,30,00,32,00,42,00,32,00,35,00,46,00,43,00,5c,00,42,00,52,00,44,00,72,00,69,00,76,00,65,00,72,00,36,00,34,00,2e,00,73,00,79,00,73,00,00,00} } 0082:Ret advapi32.RegQueryValueExW() retval=00000000 ret=00483358 0082:Call KERNEL32.GetLastError() ret=004836aa 0082:Ret KERNEL32.GetLastError() retval=00000000 ret=004836aa ... 0082:Call user32.MessageBoxW(00000000,00c26108 L"Installation of the driver and support components require administrative permission acknowledgment.\r\nTry invoking the client again.\r\nInstaller cannot continue. Exiting.",00c28250 L"Fatal error",00000000) ret=0041f794 ... --- snip ---
The app writes kernel/filter driver service configuration directly into registry ('System\CurrentControlSet\Services\...'), lets the helper service (userspace side) of the filter driver register the actual kernel service using SCM and then rewrites parts of the filter driver config again. Yay.
Unfortunately the reason for the first problem can't be seen in trace log, one has to debug the garbage.
Relevant piece of app code:
--- snip --- 00482F60 | push ebp | 00482F61 | mov ebp,esp | 00482F63 | push FFFFFFFF | 00482F65 | push <brwc.sub_6489B2> | 00482F6A | mov eax,dword ptr fs:[0] | 00482F70 | push eax | 00482F71 | sub esp,A6C | ... 00483002 | push A | 00483004 | push brwc.753C2C | L"BRDriver64" 00483009 | call <brwc.sub_409E60> | ... 0048312F | push C | 00483131 | push brwc.753C78 | L"BRDriver.sys" 00483136 | lea esi,dword ptr ss:[ebp-A48] | 0048313C | call <brwc.sub_40B040> | 00483141 | mov eax,dword ptr ds:[7D19BC] | 00483146 | mov ecx,dword ptr ds:[7D19B8] | 0048314C | mov edx,dword ptr ds:[7D19B4] | 00483152 | push eax | 00483153 | mov eax,dword ptr ds:[7D19B0] | 00483158 | push ecx | 00483159 | push edx | 0048315A | push eax | 0048315B | push brwc.754D84 | L"_%u_%u_%u_%08X" 00483160 | lea esi,dword ptr ss:[ebp-A2C] | 00483166 | call <brwc.sub_408EB0> | ... 004831CA | mov eax,esi | 004831CC | push eax |
; L"System\CurrentControlSet\Services\%s" 004831CD | push brwc.754DA8 | 004831D2 | lea edx,dword ptr ss:[ebp-210] | 004831D8 | push 100 | 004831DD | push edx | 004831DE | call <brwc.sub_60427D> | ... 004832C9 | push 1FE | 004832CE | lea edx,dword ptr ss:[ebp-A0E] | 004832D4 | xor ecx,ecx | 004832D6 | push edi | 004832D7 | push edx | 004832D8 | mov word ptr ss:[ebp-A10],cx | 004832DF | call <brwc.sub_60DD90> | 004832E4 | add esp,C | 004832E7 | push brwc.754E28 | L"\??\" 004832EC | lea eax,dword ptr ss:[ebp-A10] | 004832F2 | push 100 | 004832F7 | push eax | 004832F8 | call <brwc.sub_603BD1> | 004832FD | mov eax,dword ptr ss:[ebp-A48] | 00483303 | add esp,C | 00483306 | cmp dword ptr ss:[ebp-A34],8 | 0048330D | jae brwc.483315 | 0048330F | lea eax,dword ptr ss:[ebp-A48] | 00483315 | push eax | 00483316 | lea ecx,dword ptr ss:[ebp-A10] | 0048331C | push 100 | 00483321 | push ecx | 00483322 | call <brwc.sub_606E76> | 00483327 | add esp,C | 0048332A | lea edx,dword ptr ss:[ebp-A68] | 00483330 | push edx | 00483331 | mov edx,dword ptr ss:[ebp-A6C] | 00483337 | lea eax,dword ptr ss:[ebp-410] | 0048333D | push eax | 0048333E | lea ecx,dword ptr ss:[ebp-A70] | 00483344 | push ecx | 00483345 | push edi | 00483346 | push brwc.754E34 | L"ImagePath" 0048334B | push edx | 0048334C | mov dword ptr ss:[ebp-A68],200 | 00483356 | call ebx | 00483358 | test eax,eax | 0048335A | jne brwc.48368F | ... 0048368F | cmp dword ptr ss:[ebp-A18],8 | 00483696 | mov esi,dword ptr ss:[ebp-A2C] | 0048369C | jae brwc.4836A4 | 0048369E | lea esi,dword ptr ss:[ebp-A2C] | 004836A4 | call dword ptr ds:[69438C] | 004836AA | push eax | 004836AB | lea ecx,dword ptr ss:[ebp-210] | 004836B1 | push ecx | 004836B2 | push esi |
; L"(%s): reading 'ImagePath' string under key %s failed. error code %x\n" 004836B3 | push brwc.755180 | 004836B8 | jmp brwc.48370E | --- snip ---
To cut it short: It seems 'ImagePath' entries for SERVICE_KERNEL_DRIVER or SERVICE_FILE_SYSTEM_DRIVER driver services are to be prefixed with native NT-path '??' syntax when created via advapi32.CreateServiceA/W().
Manual creation of service config keys by app prior:
--- snip --- ... 003c:Call advapi32.RegCreateKeyExW(80000002,0032f5d4 L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC",00000000,0042ab4c,00000000,0000000e,00000000,0032efd0,0032efc8) ret=0040b176 003c:trace:reg:NtCreateKey (0x24,L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC",L"",0,e,0x32ee14) 003c: create_key( access=0000000e, options=00000000, objattr={rootdir=0024,attributes=00000000,sd={},name=L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC"}, class=L"" ) 003c: create_key() = 0 { hkey=0054, created=0 } 003c:trace:reg:NtCreateKey <- 0x54 003c:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=0040b176 003c:Call advapi32.RegSetValueExW(00000054,0042d644 L"DisplayName",00000000,00000001,005f2aa0,00000032) ret=0040b1b6 003c:trace:reg:NtSetValueKey (0x54,L"DisplayName",1,0x5f2aa0,52) 003c: set_key_value( hkey=0054, type=1, namelen=22, name=L"DisplayName", data={42,00,52,00,44,00,72,00,69,00,76,00,65,00,72,00,36,00,34,00,5f,00,31,00,5f,00,33,00,5f,00,33,00,5f,00,45,00,30,00,32,00,42,00,32,00,35,00,46,00,43,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b1b6 003c:Call advapi32.RegSetValueExW(00000054,0042d65c L"ErrorControl",00000000,00000004,0032efbc,00000004) ret=0040b1e2 003c:trace:reg:NtSetValueKey (0x54,L"ErrorControl",4,0x32efbc,4) 003c: set_key_value( hkey=0054, type=4, namelen=24, name=L"ErrorControl", data={01,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b1e2 003c:Call advapi32.RegSetValueExW(00000054,0042d684 L"ImagePath",00000000,00000001,0032efd4,00000084) ret=0040b26c 003c:trace:reg:NtSetValueKey (0x54,L"ImagePath",1,0x32efd4,134) 003c: set_key_value( hkey=0054, type=1, namelen=18, name=L"ImagePath", data={5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,61,00,74,00,61,00,5c,00,42,00,69,00,74,00,52,00,61,00,69,00,64,00,65,00,72,00,5c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,5c,00,31,00,2e,00,33,00,2e,00,33,00,5c,00,45,00,30,00,32,00,42,00,32,00,35,00,46,00,43,00,5c,00,42,00,52,00,44,00,72,00,69,00,76,00,65,00,72,00,36,00,34,00,2e,00,73,00,79,00,73,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b26c 003c:Call advapi32.RegSetValueExW(00000054,0042d698 L"Start",00000000,00000004,0032efb8,00000004) ret=0040b298 003c:trace:reg:NtSetValueKey (0x54,L"Start",4,0x32efb8,4) 003c: set_key_value( hkey=0054, type=4, namelen=10, name=L"Start", data={03,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b298 003c:Call advapi32.RegSetValueExW(00000054,0042d6a4 L"Type",00000000,00000004,0032efc0,00000004) ret=0040b2c6 003c:trace:reg:NtSetValueKey (0x54,L"Type",4,0x32efc0,4) 003c: set_key_value( hkey=0054, type=4, namelen=8, name=L"Type", data={02,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b2c6 003c:Call advapi32.RegSetValueExW(00000054,0042d6b0 L"Tag",00000000,00000004,0032efcc,00000004) ret=0040b2ee 003c:trace:reg:NtSetValueKey (0x54,L"Tag",4,0x32efcc,4) 003c: set_key_value( hkey=0054, type=4, namelen=6, name=L"Tag", data={02,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b2ee 003c:Call advapi32.RegSetValueExW(00000054,0042d6c8 L"DependOnService",00000000,00000007,0032f1d4,0000000c) ret=0040b361 003c:trace:reg:NtSetValueKey (0x54,L"DependOnService",7,0x32f1d4,14) 003c: set_key_value( hkey=0054, type=7, namelen=30, name=L"DependOnService", data={46,00,6c,00,74,00,4d,00,67,00,72,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b361 003c:Call advapi32.RegSetValueExW(00000054,0042d71c L"Group",00000000,00000007,0032f3d4,00000032) ret=0040b3db 003c:trace:reg:NtSetValueKey (0x54,L"Group",7,0x32f3d4,52) 003c: set_key_value( hkey=0054, type=7, namelen=10, name=L"Group", data={46,00,73,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00} ) 003c: set_key_value() = 0 003c:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040b3db 003c:Call advapi32.RegCloseKey(00000054) ret=0040b4be 003c: close_handle( handle=0054 ) 003c: close_handle() = 0 003c:Ret advapi32.RegCloseKey() retval=00000000 ret=0040b4be 003c:Call advapi32.RegCreateKeyExW(80000002,0032f5d4 L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC\Instances",00000000,0042ab4c,00000000,0000000e,00000000,0032efd0,0032efc8) ret=0040b504 003c:trace:reg:NtCreateKey (0x24,L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC\Instances",L"",0,e,0x32ee14) 003c: create_key( access=0000000e, options=00000000, objattr={rootdir=0024,attributes=00000000,sd={},name=L"System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC\Instances"}, class=L"" ) 003c: create_key() = 0 { hkey=0054, created=0 } 003c:trace:reg:NtCreateKey <- 0x54 003c:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=0040b504 ... --- snip ---
Call to SCM to create service entry. The app passes 'C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys' as fully qualified path to the service binary file (kernel driver):
--- snip --- ... 003c:Call advapi32.CreateServiceW(0014f2a0,005f2aa0 L"BRDriver64_1_3_3_E02B25FC",005f2aa0 L"BRDriver64_1_3_3_E02B25FC",000f01ff,00000002,00000003,00000001,005f2bd8 L"C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys",00000000,00000000,00000000,00000000,00000000) ret=0040b048 003c:trace:service:CreateServiceW 0x14f2a0 L"BRDriver64_1_3_3_E02B25FC" L"BRDriver64_1_3_3_E02B25FC" ... --- snip ---
'services.exe' side:
--- snip --- ... 0014:trace:service:svcctl_CreateServiceWOW64W Call msvcrt._vsnprintf(00bbeff0,00000400,0041b0aa "(%s, %s, 0x%x, %s)\n",00bbf430) ret=00401def 0014:Ret msvcrt._vsnprintf() retval=0000008f ret=00401def (L"BRDriver64_1_3_3_E02B25FC", L"BRDriver64_1_3_3_E02B25FC", 0xf01ff, L"C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys") ... 0014:trace:service:create_serviceW Call msvcrt._vsnprintf(00bbf020,00000400,0041b0aa "(%s, %s, 0x%x, %s)\n",00bbf460) ret=00401def ... 0014:Call advapi32.RegCreateKeyW(00000024,00033d30 L"BRDriver64_1_3_3_E02B25FC",00bbf3c8) ret=004066d8 0014:trace:reg:NtCreateKey (0x24,L"BRDriver64_1_3_3_E02B25FC",(null),0,2000000,0xbbf128) 0014: create_key( access=02000000, options=00000000, objattr={rootdir=0024,attributes=00000000,sd={},name=L"BRDriver64_1_3_3_E02B25FC"}, class=L"" ) 0014: create_key() = 0 { hkey=01a0, created=0 } 0014:trace:reg:NtCreateKey <- 0x1a0 0014:Ret advapi32.RegCreateKeyW() retval=00000000 ret=004066d8 0014:Call advapi32.RegSetValueExW(000001a0,0041c670 L"DisplayName",00000000,00000001,00033e20,00000034) ret=0040655e 0014:trace:reg:NtSetValueKey (0x1a0,L"DisplayName",1,0x33e20,52) 0014: set_key_value( hkey=01a0, type=1, namelen=22, name=L"DisplayName", data={42,00,52,00,44,00,72,00,69,00,76,00,65,00,72,00,36,00,34,00,5f,00,31,00,5f,00,33,00,5f,00,33,00,5f,00,45,00,30,00,32,00,42,00,32,00,35,00,46,00,43,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040655e 0014:Call advapi32.RegSetValueExW(000001a0,0041c610 L"ImagePath",00000000,00000001,00033d80,00000086) ret=0040655e 0014:trace:reg:NtSetValueKey (0x1a0,L"ImagePath",1,0x33d80,134) 0014: set_key_value( hkey=01a0, type=1, namelen=18, name=L"ImagePath", data={5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,44,00,61,00,74,00,61,00,5c,00,42,00,69,00,74,00,52,00,61,00,69,00,64,00,65,00,72,00,5c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,5c,00,31,00,2e,00,33,00,2e,00,33,00,5c,00,45,00,30,00,32,00,42,00,32,00,35,00,46,00,43,00,5c,00,42,00,52,00,44,00,72,00,69,00,76,00,65,00,72,00,36,00,34,00,2e,00,73,00,79,00,73,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040655e 0014:Call advapi32.RegDeleteValueW(000001a0,0041c600 L"Group") ret=00406568 0014:trace:reg:NtDeleteValueKey (0x1a0,L"Group") 0014: delete_key_value( hkey=01a0, name=L"Group" ) 0014: delete_key_value() = 0 0014:Ret advapi32.RegDeleteValueW() retval=00000000 ret=00406568 0014:Call advapi32.RegSetValueExW(000001a0,0041c590 L"ObjectName",00000000,00000001,00034770,00000018) ret=0040655e 0014:trace:reg:NtSetValueKey (0x1a0,L"ObjectName",1,0x34770,24) 0014: set_key_value( hkey=01a0, type=1, namelen=20, name=L"ObjectName", data={4c,00,6f,00,63,00,61,00,6c,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040655e 0014:Call advapi32.RegDeleteValueW(000001a0,0041c570 L"Description") ret=00406568 0014:trace:reg:NtDeleteValueKey (0x1a0,L"Description") 0014: delete_key_value( hkey=01a0, name=L"Description" ) 0014: delete_key_value() = OBJECT_NAME_NOT_FOUND 0014:Ret advapi32.RegDeleteValueW() retval=00000002 ret=00406568 0014:Call advapi32.RegDeleteValueW(000001a0,0041c5e0 L"DependOnService") ret=0040622f 0014:trace:reg:NtDeleteValueKey (0x1a0,L"DependOnService") 0014: delete_key_value( hkey=01a0, name=L"DependOnService" ) 0014: delete_key_value() = 0 0014:Ret advapi32.RegDeleteValueW() retval=00000000 ret=0040622f 0014:Call advapi32.RegDeleteValueW(000001a0,0041c5b0 L"DependOnGroup") ret=0040622f 0014:trace:reg:NtDeleteValueKey (0x1a0,L"DependOnGroup") 0014: delete_key_value( hkey=01a0, name=L"DependOnGroup" ) 0014: delete_key_value() = OBJECT_NAME_NOT_FOUND 0014:Ret advapi32.RegDeleteValueW() retval=00000002 ret=0040622f 0014:Call advapi32.RegSetValueExW(000001a0,0041c650 L"Start",00000000,00000004,00033c94,00000004) ret=004067f9 0014:trace:reg:NtSetValueKey (0x1a0,L"Start",4,0x33c94,4) 0014: set_key_value( hkey=01a0, type=4, namelen=10, name=L"Start", data={03,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=004067f9 0014:Call advapi32.RegSetValueExW(000001a0,0041c630 L"ErrorControl",00000000,00000004,00033c98,00000004) ret=0040682e 0014:trace:reg:NtSetValueKey (0x1a0,L"ErrorControl",4,0x33c98,4) 0014: set_key_value( hkey=01a0, type=4, namelen=24, name=L"ErrorControl", data={01,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040682e 0014:Call advapi32.RegSetValueExW(000001a0,0041c660 L"Type",00000000,00000004,00033c90,00000004) ret=00406863 0014:trace:reg:NtSetValueKey (0x1a0,L"Type",4,0x33c90,4) 0014: set_key_value( hkey=01a0, type=4, namelen=8, name=L"Type", data={02,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=00406863 0014:Call advapi32.RegSetValueExW(000001a0,0041c540 L"PreshutdownTimeout",00000000,00000004,00033cd0,00000004) ret=0040689b 0014:trace:reg:NtSetValueKey (0x1a0,L"PreshutdownTimeout",4,0x33cd0,4) 0014: set_key_value( hkey=01a0, type=4, namelen=36, name=L"PreshutdownTimeout", data={20,bf,02,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040689b 0014:Call advapi32.RegSetValueExW(000001a0,0041c540 L"PreshutdownTimeout",00000000,00000004,00033cd0,00000004) ret=004068cc 0014:trace:reg:NtSetValueKey (0x1a0,L"PreshutdownTimeout",4,0x33cd0,4) 0014: set_key_value( hkey=01a0, type=4, namelen=36, name=L"PreshutdownTimeout", data={20,bf,02,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=004068cc 0014:Call advapi32.RegSetValueExW(000001a0,0041c518 L"WOW64",00000000,00000004,00bbf3c4,00000004) ret=0040694c 0014:trace:reg:NtSetValueKey (0x1a0,L"WOW64",4,0xbbf3c4,4) 0014: set_key_value( hkey=01a0, type=4, namelen=10, name=L"WOW64", data={01,00,00,00} ) 0014: set_key_value() = 0 0014:Ret advapi32.RegSetValueExW() retval=00000000 ret=0040694c 0014:Call advapi32.RegDeleteValueW(000001a0,0041c588 L"Tag") ret=00406969 0014:trace:reg:NtDeleteValueKey (0x1a0,L"Tag") 0014: delete_key_value( hkey=01a0, name=L"Tag" ) 0014: delete_key_value() = 0 0014:Ret advapi32.RegDeleteValueW() retval=00000000 ret=00406969 0014:Call advapi32.RegCloseKey(000001a0) ret=004066e8 0014: close_handle( handle=01a0 ) 0014: close_handle() = 0 0014:Ret advapi32.RegCloseKey() retval=00000000 ret=004066e8 ... --- snip ---
Microsoft documentation doesn't tell about this special case:
https://docs.microsoft.com/en-us/windows/desktop/api/winsvc/nf-winsvc-create...
--- quote --- lpBinaryPathName
The fully qualified path to the service binary file. If the path contains a space, it must be quoted so that it is correctly interpreted. For example, "d:\my share\myservice.exe" should be specified as ""d:\my share\myservice.exe"".
The path can also include arguments for an auto-start service. For example, "d:\myshare\myservice.exe arg1 arg2". These arguments are passed to the service entry point (typically the main function).
If you specify a path on another computer, the share must be accessible by the computer account of the local computer because this is the security context used in the remote call. However, this requirement allows any potential vulnerabilities in the remote computer to affect the local computer. Therefore, it is best to use a local file. --- quote ---
After fixing SCM, the app validation goes further - only to run into next issue.
$ sha1sum SWTOR_setup.exe c538935eff4ec90ce2e48dc7e515a8dec2f15f58 SWTOR_setup.exe
$ du -sh SWTOR_setup.exe 32M SWTOR_setup.exe
$ wine --version wine-4.8
Regards
https://bugs.winehq.org/show_bug.cgi?id=47175
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |https://web.archive.org/web | |/20190505203021/http://patc | |hnotes.swtor.com/SWTOR_setu | |p.exe Keywords| |download Summary|Star Wars - The Old |Star Wars - The Old |Republic web-installer |Republic (SWTOR) |fails with '... require |client/launcher fails with |administrative permission |'Installation of drivers |acknowledgment' (BitRaider |require administrative |filter driver SCM config |permission' |'ImagePath' must be |(BitRaider)(kernel/fs |prefixed with '??') |filter driver SCM config | |'ImagePath' must be | |prefixed with '??')
https://bugs.winehq.org/show_bug.cgi?id=47175
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Star Wars - The Old |Star Wars - The Old |Republic (SWTOR) |Republic (SWTOR) |client/launcher fails with |client/launcher fails with |'Installation of drivers |'Installation of drivers |require administrative |require administrative |permission' |permission' |(BitRaider)(kernel/fs |(BitRaider)(existing native |filter driver SCM config |NT-style paths for |'ImagePath' must be |'ImagePath' resolving to |prefixed with '??') |same path must not be | |rewritten by SCM)
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello again,
looking at the second part of the bug series (to be created) I've noticed the pattern from there is actually the potential solution here too.
The 'ImagePath' registry entry, written by the helper app which contains the native NT-style driver path is the same as the non-NT style path passed to 'advapi32.CreateServiceW' later. It seems SCM should not rewrite it using non-NT style path. Adapting summary accordingly.
Regards
https://bugs.winehq.org/show_bug.cgi?id=47175
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |freudian_order@yahoo.es
--- Comment #2 from Anastasius Focht focht@gmx.net --- *** Bug 37726 has been marked as a duplicate of this bug. ***
https://bugs.winehq.org/show_bug.cgi?id=47175
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Star Wars - The Old |BitRaider Streaming Client |Republic (SWTOR) |1.3.3 fails with |client/launcher fails with |'Installation of drivers |'Installation of drivers |require administrative |require administrative |permission' (existing |permission' |native NT-style 'ImagePath' |(BitRaider)(existing native |resolving to same path must |NT-style paths for |be preserved by SCM) |'ImagePath' resolving to | |same path must not be | |rewritten by SCM) |
--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello folks,
refining ticket summary to be generic about BitRaider to collect dupes and cover all games using this content distribution technology.
Tidbit:
Six games listed and last news/updates are from year 2014. It seems "The Future of Digital Download" has stalled a bit ^^
Regards
https://bugs.winehq.org/show_bug.cgi?id=47175
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|BitRaider Streaming Client |SCM must ensure kernel |1.3.3 fails with |services 'ImagePath' |'Installation of drivers |contains native NT-style |require administrative |path for private paths |permission' (existing |(BitRaider Streaming Client |native NT-style 'ImagePath' |1.3.3, SmartGaga) |resolving to same path must | |be preserved by SCM) |
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, obviously still present. Refining the summary a bit to also include creation part.
Standard path patterns for kernel services in well-known locations:
* '\SystemRoot\system32\drivers\foobar.sys' * 'system32\drivers\foobar.sys' * 'foobar.sys' (SCM automatically prepends '\SystemRoot\system32\drivers')
Private paths:
* '??\C:\Program Files (x86)\MyProduct\foobar.sys'
Also encountered with SmartGaga (Android Emulator) v1.1.x from bug 48933
https://docs.google.com/uc?export=download&id=1CbktLjrw6IAo_lU9Sh0sGghEH...
'androidkernelx64.sys' driver
--- snip --- $ WINEDEBUG=+seh,+relay,+ntoskrnl,+server wine wineboot >>log.txt 2>&1 ... 003e:Call ntoskrnl.exe.RtlInitUnicodeString(00c3f348,00790330 L"\Registry\Machine\System\CurrentControlSet\Services\AndroidKernel") ret=00e07cf8 ... 003e:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=00000084 ret=00e07cf8 003e:Call ntoskrnl.exe.RtlInitUnicodeString(00c3f358,00e337f8 L"ImagePath") ... 003e:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=00000014 ret=00e07d05 003e:Call ntoskrnl.exe.ZwOpenKey(00c3f338,00020019,00c3f368) ret=00e07d3d 003e:Call ntdll.NtOpenKey(00c3f338,00020019,00c3f368) ret=7bca110f 003e: open_key( parent=0000, access=00020019, attributes=00000240, name=L"\Registry\Machine\System\CurrentControlSet\Services\AndroidKernel" ) 003e: open_key() = 0 { hkey=0048 } 003e:Ret ntdll.NtOpenKey() retval=00000000 ret=7bca110f 003e:Ret ntoskrnl.exe.ZwOpenKey() retval=00000000 ret=00e07d3d ... 003e:Call ntoskrnl.exe.ZwQueryValueKey(00000048,00c3f358,00000002,00790520,00000400,00c3f330) ret=00e07de4 003e:Call ntdll.NtQueryValueKey(00000048,00c3f358,00000002,00790520,00000400,00c3f330) ret=7bca110f 003e: get_key_value( hkey=0048, name=L"ImagePath" ) 003e: get_key_value() = 0 { type=1, total=148, data={43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,20,00,28,00,78,00,38,00,36,00,29,00,5c,00,53,00,6d,00,61,00,72,00,74,00,47,00,61,00,47,00,61,00,5c,00,50,00,72,00,6f,00,6a,00,65,00,63,00,74,00,54,00,69,00,74,00,61,00,6e,00,5c,00,45,00,6e,00,67,00,69,00,6e,00,65,00,5c,00,41,00,6e,00,64,00,72,00,6f,00,69,00,64,00,4b,00,65,00,72,00,6e,00,65,00,6c,00,58,00,36,00,34,00,2e,00,73,00,79,00,73,00,00,00} } 003e:Ret ntdll.NtQueryValueKey() retval=00000000 ret=7bca110f 003e:Ret ntoskrnl.exe.ZwQueryValueKey() retval=00000000 ret=00e07de4 ... 003e:Call ntoskrnl.exe.RtlInitUnicodeString(00c3f2e0,00790520 L"C:\Program Files (x86)\SmartGaGa\ProjectTitan\Engine\AndroidKernelX64.sys") ret=00e0403b ... 003e:Ret ntoskrnl.exe.RtlInitUnicodeString() retval=00000094 ret=00e0403b 003e:Call ntoskrnl.exe.ZwCreateFile(00c3f2c0,00120089,00c3f300,00c3f2f0,00000000,00000080,00000001,00000001,00000060,00000000,00000000) ret=00e040a3 003e:Call ntdll.NtCreateFile(00c3f2c0,00120089,00c3f300,00c3f2f0,00000000,00000080,00000001,00000001,00000060,00000000,00000000) ret=7bca110f 003e:trace:ntdll:FILE_CreateFile handle=0xc3f2c0 access=00120089 name=L"C:\Program Files (x86)\SmartGaGa\ProjectTitan\Engine\AndroidKernelX64.sys" objattr=00000240 root=(nil) sec=(nil) io=0xc3f2f0 alloc_size=(nil) attr=00000080 sharing=00000001 disp=1 options=00000060 ea=(nil).0x00000000 003e:warn:ntdll:FILE_CreateFile L"C:\Program Files (x86)\SmartGaGa\ProjectTitan\Engine\AndroidKernelX64.sys" not found (c000003b) 003e:Ret ntdll.NtCreateFile() retval=c000003b ret=7bca110f 003e:Ret ntoskrnl.exe.ZwCreateFile() retval=c000003b ret=00e040a3 DbgPrint says: [Saturn] MyOpenFileForRead Fail Z --- snip ---
'NtCreateFile' needs to see an NT-style path here, hence the error.
Wine's SCM created the kernel service registry data with "normal" private path which obviously can't work for drivers retrieving the 'ImagePath' value at runtime.
--- snip --- [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AndroidKernel] "DisplayName"="AndroidKernel" "ErrorControl"=dword:00000000 "ImagePath"="C:\Program Files (x86)\SmartGaGa\ProjectTitan\Engine\AndroidKernelX64.sys" "ObjectName"="LocalSystem" "PreshutdownTimeout"=dword:0002bf20 "Start"=dword:00000002 "Type"=dword:00000001 "WOW64"=dword:00000001 --- snip ---
$ sha1sum Setup_AndroidFs442_1.1.646.1.exe 8cec18338e1e931433ac37f63d26a701dfcbd0dd Setup_AndroidFs442_1.1.646.1.exe
$ du -sh Setup_AndroidFs442_1.1.646.1.exe 203M Setup_AndroidFs442_1.1.646.1.exe
$ wine --version wine-5.6
Regards
https://bugs.winehq.org/show_bug.cgi?id=47175
--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
Adding stable download link via Internet Archive for SmartGaga 1.1.646.1:
https://web.archive.org/web/20210212083145/https://dl.filehorse.com/win/desk...
$ wine --version wine-6.1-315-gb922b5aeef1
Regards
https://bugs.winehq.org/show_bug.cgi?id=47175
--- Comment #6 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
$ wine --version wine-7.0-rc4
Regards
-
wine-bugs@winehq.org -
WineHQ Bugzilla