[Bug 35646] New: X11 Error: Debugger detected - please disable it and restart the application
http://bugs.winehq.org/show_bug.cgi?id=35646
Bug ID: 35646 Summary: X11 Error: Debugger detected - please disable it and restart the application Product: Wine Version: unspecified Hardware: x86-64 OS: Mac OS X Status: UNCONFIRMED Severity: blocker Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: jesper@sorensen-fam.dk
Created attachment 47603 --> http://bugs.winehq.org/attachment.cgi?id=47603 X11 log file
When starting Condes9 I get "X11 Error: Debugger detected - please disable it and restart the application".
Engine: 1.7.12 Wineskin: 2.5.12 App: http://www.condes.net/ver9/install_condes9.exe
http://bugs.winehq.org/show_bug.cgi?id=35646
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Version|unspecified |1.7.12 URL| |http://www.condes.net/ver9/ | |install_condes9.exe Keywords| |download, obfuscation CC| |focht@gmx.net Ever confirmed|0 |1 Summary|X11 Error: Debugger |Condes 9 fails on startup: |detected - please disable |"Debugger detected - please |it and restart the |disable it and restart the |application |application" (Obsidium | |v1.4+) Severity|blocker |normal
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming, also happens with plain Wine.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Condes 9
$ WINEDEBUG=+tid,+seh,+relay wine ./wcondes.exe >>log.txt 2>&1 ... 0024:Call KERNEL32.CreateFileA(0039625c "\\.\SICE",80000000,00000003,00000000,00000003,00000080,00000000) ret=00dc75b3 0024:Ret KERNEL32.CreateFileA() retval=ffffffff ret=00dc75b3 0024:Call KERNEL32.CreateFileA(00396265 "\\.\NTICE",80000000,00000003,00000000,00000003,00000080,00000000) ret=00dc75b3 0024:Ret KERNEL32.CreateFileA() retval=ffffffff ret=00dc75b3 0024:Call KERNEL32.CreateFileA(0039626f "\\.\NTFIRE",80000000,00000003,00000000,00000003,00000080,00000000) ret=00dc75b3 0024:Ret KERNEL32.CreateFileA() retval=ffffffff ret=00dc75b3 0024:Call KERNEL32.GetModuleHandleA(0033fb74 "ntdll") ret=00dc75b3 0024:Ret KERNEL32.GetModuleHandleA() retval=7bc10000 ret=00dc75b3 0024:Call ntdll.RtlAddVectoredExceptionHandler(00000001,00397dc3) ret=00dc6bb4 0024:Ret ntdll.RtlAddVectoredExceptionHandler() retval=001311f8 ret=00dc6bb4 0024:Call KERNEL32.OutputDebugStringA(00397dbd "") ret=00dc75b3 0024:Ret KERNEL32.OutputDebugStringA() retval=00000000 ret=00dc75b3 0024:Call KERNEL32.GetModuleHandleA(0033fb74 "ntdll") ret=00dc75b3 0024:Ret KERNEL32.GetModuleHandleA() retval=7bc10000 ret=00dc75b3 0024:Call ntdll.RtlRemoveVectoredExceptionHandler(001311f8) ret=00dc6bc4 0024:Ret ntdll.RtlRemoveVectoredExceptionHandler() retval=00000001 ret=00dc6bc4 0024:Call user32.EnumWindows(00dd1050,00dbd64e) ret=00dc75b3 0024:Call user32.GetWindowThreadProcessId(00010048,0033fbf4) ret=00dd106e 0024:Ret user32.GetWindowThreadProcessId() retval=00000009 ret=00dd106e 0024:Call user32.GetWindowThreadProcessId(00010046,0033fbf4) ret=00dd106e 0024:Ret user32.GetWindowThreadProcessId() retval=00000022 ret=00dd106e 0024:Call user32.GetWindowThreadProcessId(00010040,0033fbf4) ret=00dd106e 0024:Ret user32.GetWindowThreadProcessId() retval=00000022 ret=00dd106e 0024:Call user32.GetWindowThreadProcessId(0001003e,0033fbf4) ret=00dd106e 0024:Ret user32.GetWindowThreadProcessId() retval=00000022 ret=00dd106e 0024:Call user32.GetWindowThreadProcessId(0001003c,0033fbf4) ret=00dd106e 0024:Ret user32.GetWindowThreadProcessId() retval=00000022 ret=00dd106e 0024:Call user32.GetWindowThreadProcessId(00010038,0033fbf4) ret=00dd106e 0024:Ret user32.GetWindowThreadProcessId() retval=00000022 ret=00dd106e 0024:Ret user32.EnumWindows() retval=00000001 ret=00dc75b3 0024:Call user32.MessageBoxW(00000000,00dcff8c L"Debugger detected - please disable it and restart the application.",00dcff80 L"Error",00002030) ret=00dc6bd4 ... --- snip ---
Protection scan:
--- snip --- -=[ ProtectionID v0.6.5.5 OCTOBER]=- (c) 2003-2013 CDKiLLER & TippeX Build 31/10/13-21:09:09 Ready... Scanning -> Z:\home\focht.wine\drive_c\Program Files\Condes 9\wcondes.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 4539024 (0454290h) Byte(s) -> File Appears to be Digitally Signed @ Offset 0452EE0h, size : 013B0h / 05040 byte(s) -> File has 3132284 (02FCB7Ch) bytes of appended data starting at offset 0156364h [File Heuristics] -> Flag : 00000000000001011101001000110111 (0x0005D237) [Entrypoint Section Entropy] : 8.00 [!] Obsidium v1.4.2.0 (or higher) detected ! - Scan Took : 0.415 Second(s) [00000019Fh tick(s)] [533 scan(s) done] --- snip ---
$ sha1sum install_condes9.exe b83aef8c208175768fd22fcbb26d73f842fdf855 install_condes9.exe
$ du -sh install_condes9.exe 11M install_condes9.exe
$ wine --version wine-1.7.13-27-ge610713
Regards
https://bugs.winehq.org/show_bug.cgi?id=35646
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Condes 9 fails on startup: |Multiple applications |"Debugger detected - please |protected with Obsidium |disable it and restart the |v1.4+ fail on startup, |application" (Obsidium |reporting "Debugger |v1.4+) |detected - please disable | |it and restart the | |application" (Condes 9, | |Universal mechanism)
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
another app: 'Universal mechanism' (http://www.umlab.ru/)
Reported here: https://forum.winehq.org/viewtopic.php?f=8&t=22155
Protection scan:
--- snip --- -=[ ProtectionID v0.6.5.5 OCTOBER]=- (c) 2003-2013 CDKiLLER & TippeX Build 31/10/13-21:09:09 Ready...
Scanning -> Z:\home\focht.wine\drive_c\Program Files\UM Software Lab\Universal Mechanism\7\bin\UMInput.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 5174448 (04EF4B0h) Byte(s) -> File Appears to be Digitally Signed @ Offset 04EDBC8h, size : 018E8h / 06376 byte(s) -> File has 4598693 (0462BA5h) bytes of appended data starting at offset 08B023h [File Heuristics] -> Flag : 00000000000001011100001000110111 (0x0005C237) [Entrypoint Section Entropy] : 7.99 [!] Obsidium v1.4.2.0 (or higher) detected ! - Scan Took : 0.368 Second(s) [000000170h tick(s)] [533 scan(s) done]
Scanning -> Z:\home\focht.wine\drive_c\Program Files\UM Software Lab\Universal Mechanism\7\bin\UMSimul.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 7850800 (077CB30h) Byte(s) -> File Appears to be Digitally Signed @ Offset 077B248h, size : 018E8h / 06376 byte(s) -> File has 6905272 (0695DB8h) bytes of appended data starting at offset 0E5490h [File Heuristics] -> Flag : 00000000000001011100001000110111 (0x0005C237) [Entrypoint Section Entropy] : 7.99 [!] Obsidium v1.4.2.0 (or higher) detected ! - Scan Took : 0.448 Second(s) [0000001C0h tick(s)] [533 scan(s) done] --- snip ---
Nasty stuff (see bug 24157) ... maybe later :)
$ sha1sum um7.1.2.1.exe 6c869866399d333e06d199e2e86e08c009d64c02 um7.1.2.1.exe
$ du -sh um7.1.2.1.exe 271M um7.1.2.1.exe
$ wine --version wine-1.7.15-112-g2aad5d7
Regards
http://bugs.winehq.org/show_bug.cgi?id=35646
Sebastian Lackner sebastian@fds-team.de changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |sebastian@fds-team.de
--- Comment #3 from Sebastian Lackner sebastian@fds-team.de --- After a bit of debugging I found the issue what causes Obsidium to detect the debugger.
Windows internally handles debugging strings via exceptions (DBG_PRINTEXCEPTION_C) - but Wine doesn't really reimplement them the same way, and instead transmits them directly to the wineserver.
Besides that there is a "bug" in Windows. The reason why OutputDebugStringA doesn't crash, is because it internally catches its own exception via SEH exception handling... but Vectored Exception handlers have a higher priority, and this allows the application to see the DBG_PRINTEXCEPTION_C exception before the debugger sees it.
After finding this out a fix is quite easy: Here is a first version for a fix, which allows Condes9 to start up properly: http://ix.io/cXM :) [Note: Haven't tested the actual functionality, but at least the DRM module doesn't complain anymore... ^^]
Please note that this is not yet the final patch - it will need some more time to investigate the correct ExceptionAddress, ExceptionFlags, ... to reproduce the Windows behaviour as good as possible. I'll send a patch to the mailinglist when I'm done.
Feel free to test the hackfix in the meantime and report back if it also works for all other applications.
http://bugs.winehq.org/show_bug.cgi?id=35646
--- Comment #4 from Sebastian Lackner sebastian@fds-team.de --- An updated version of this patch (including some tests to confirm that this is really the Windows behaviour) can be found here:
https://github.com/compholio/wine-compholio-daily/blob/master/patches/14-Out...
http://bugs.winehq.org/show_bug.cgi?id=35646
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |1b3d67aaceaa58cbe0dfc32d4b1 | |cb0f4e17eaf23 Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello folks,
this is fixed by commit http://source.winehq.org/git/wine.git/commitdiff/1b3d67aaceaa58cbe0dfc32d4b1...
Thanks Sebastian
Regards
https://bugs.winehq.org/show_bug.cgi?id=35646
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #6 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.21.
https://bugs.winehq.org/show_bug.cgi?id=35646
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |kernel32
-
wine-bugs@winehq.org