[Bug 44912] New: Tibia client reports 'Failed to launch game', needs ' ntdll.RtlCreateUserProcess' implementation
https://bugs.winehq.org/show_bug.cgi?id=44912
Bug ID: 44912 Summary: Tibia client reports 'Failed to launch game', needs 'ntdll.RtlCreateUserProcess' implementation Product: Wine Version: 3.5 Hardware: x86-64 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntdll Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net Distribution: ---
Hello folks,
besides the traditional 'KERNEL32.CreateProcessW()' API it also uses native API to create process(es).
--- snip --- $ pwd /home/focht/winetest/drive_c/users/focht/Local Settings/Application Data/Tibia/packages/Tibia/bin
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+ntdll wine ./client.exe >>log.txt 2>&1 ... 003d:Call KERNEL32.CreateProcessW(00000000,001c8630 L""C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" ",00000000,00000000,00000000,00000410,00000000,01d7c6b8 L"C:/users/focht/Local Settings/Application Data/Tibia/packages/Tibia/bin",0033cf2c,0033cf1c) ret=0047235f ... 0044:Call KERNEL32.__wine_kernel_init() ret=7bc6d171 ... 003d:Ret KERNEL32.CreateProcessW() retval=00000001 ret=0047235f ... 0044:Call KERNEL32.CreateProcessW(00000000,0033d6cc L""C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" 3",00000000,00000000,00000000,00000410,00000000,00000000,0033d1a0,0033d190) ret=7e72e854 ... 0044:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7e72e854 ... 0044:Call ntdll.RtlInitUnicodeString(0033e75c,00162030 L""C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" 6 ") ret=0045e9fe 0044:Ret ntdll.RtlInitUnicodeString() retval=0033e75c ret=0045e9fe ... 0044:Call ntdll.RtlCreateProcessParameters(0033e770,0033e764,00000000,00000000,0033e75c,00000000,00000000,00000000,00000000,00000000) ret=004519b8 ... 0044:Ret ntdll.RtlCreateProcessParameters() retval=00000000 ret=004519b8 ... 0044:Call ntdll.RtlCreateUserProcess(0033e764,00000040,00390000,00000000,00000000,00000000,00000000,00000000,00000000,0033e780) ret=0046fb4d 0044:fixme:ntdll:RtlCreateUserProcess (0x33e764 64 0x390000 (nil) (nil) (nil) 0 (nil) (nil) 0x33e780): stub 0044:Ret ntdll.RtlCreateUserProcess() retval=c0000002 ret=0046fb4d ... 0048:Call KERNEL32.GetStringTypeW(00000001,00162fe8 L"00:52:30: Launching game...\r\n00:52:30: Failed to launch game.\r\n",00000001,005bf46a) ret=7dde5042 --- snip ---
Wine currently has the process creation sequence not implemented at native API level (albeit it uses some native API calls). It would require a bit redesign/moving code (dlls/kernel32/process.c:create_process, ...) around but into places that would make Wine more compatible with Windows with regards to process creation (although the heavy lifting is done in Windows kernel).
* ntdll.NtCreateProcess * ntdll.RtlCreateUserProcess ...
Also related: bug 23451 ("VMWare Thinapps (packaged with version >4.5) and XenoCode wrapped apps fail to run (differences in process creation sequence at native API level)")
$ sha1sum Tibia_Setup.exe 50951008ccc402cc32407bfc56a88da873e3e9bd Tibia_Setup.exe
$ du -sh Tibia_Setup.exe 5.2M Tibia_Setup.exe
$ wine --version wine-3.5-107-gf4573adb0f
Regards
https://bugs.winehq.org/show_bug.cgi?id=44912
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://static.tibia.com/dow | |nload/Tibia_Setup.exe
https://bugs.winehq.org/show_bug.cgi?id=44912
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.winehq.org/sho | |w_bug.cgi?id=23451
https://bugs.winehq.org/show_bug.cgi?id=44912
dereklesho52@Gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dereklesho52@Gmail.com
--- Comment #1 from dereklesho52@Gmail.com --- Created attachment 61501 --> https://bugs.winehq.org/attachment.cgi?id=61501 create_process migration
https://bugs.winehq.org/show_bug.cgi?id=44912
--- Comment #2 from dereklesho52@Gmail.com --- Sorry for seperating the comment and the attachment, I am new to this bug tracker.
Anyway, I have quickly made a dirty patch where I duplicated Kernel32's create_process to ntdll's process.c and resolved dependency issues. This will require some work to make it less dirt, but my next goal is getting Kernel32's create_process_impl to use the ntdll definition of this function without breaking anything.
Once this is complete we still have to consider how RtlCreateUserProcess differs from CreateProcessW. This forum post that I found online has some information that is relevant: http://www.rohitab.com/discuss/topic/41379-running-native-applications-with-...
The difference is that processes created with this function are "native processes" meaning they can only use "native libraries" (ntdll), and that they have a separate entry point (NtProcessStartup).
https://bugs.winehq.org/show_bug.cgi?id=44912
tokktokk fdsfgs@krutt.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org
https://bugs.winehq.org/show_bug.cgi?id=44912
--- Comment #3 from dereklesho52@Gmail.com --- (In reply to Anastasius Focht from comment #0)
Hello folks,
besides the traditional 'KERNEL32.CreateProcessW()' API it also uses native API to create process(es).
--- snip --- $ pwd /home/focht/winetest/drive_c/users/focht/Local Settings/Application Data/Tibia/packages/Tibia/bin
$ WINEDEBUG=+seh,+relay,+ntoskrnl,+ntdll wine ./client.exe >>log.txt 2>&1 ... 003d:Call KERNEL32.CreateProcessW(00000000,001c8630 L""C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" ",00000000,00000000,00000000,00000410,00000000,01d7c6b8 L"C:/users/focht/Local Settings/Application Data/Tibia/packages/Tibia/bin",0033cf2c,0033cf1c) ret=0047235f ... 0044:Call KERNEL32.__wine_kernel_init() ret=7bc6d171 ... 003d:Ret KERNEL32.CreateProcessW() retval=00000001 ret=0047235f ... 0044:Call KERNEL32.CreateProcessW(00000000,0033d6cc L""C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" 3",00000000,00000000,00000000,00000410,00000000,00000000,0033d1a0,0033d190) ret=7e72e854 ... 0044:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7e72e854 ... 0044:Call ntdll.RtlInitUnicodeString(0033e75c,00162030 L""C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" 6 ") ret=0045e9fe 0044:Ret ntdll.RtlInitUnicodeString() retval=0033e75c ret=0045e9fe ... 0044:Call ntdll.RtlCreateProcessParameters(0033e770,0033e764,00000000,00000000, 0033e75c,00000000,00000000,00000000,00000000,00000000) ret=004519b8 ... 0044:Ret ntdll.RtlCreateProcessParameters() retval=00000000 ret=004519b8 ... 0044:Call ntdll.RtlCreateUserProcess(0033e764,00000040,00390000,00000000,00000000, 00000000,00000000,00000000,00000000,0033e780) ret=0046fb4d 0044:fixme:ntdll:RtlCreateUserProcess (0x33e764 64 0x390000 (nil) (nil) (nil) 0 (nil) (nil) 0x33e780): stub 0044:Ret ntdll.RtlCreateUserProcess() retval=c0000002 ret=0046fb4d ... 0048:Call KERNEL32.GetStringTypeW(00000001,00162fe8 L"00:52:30: Launching game...\r\n00:52:30: Failed to launch game.\r\n",00000001,005bf46a) ret=7dde5042 --- snip ---
Wine currently has the process creation sequence not implemented at native API level (albeit it uses some native API calls). It would require a bit redesign/moving code (dlls/kernel32/process.c:create_process, ...) around but into places that would make Wine more compatible with Windows with regards to process creation (although the heavy lifting is done in Windows kernel).
- ntdll.NtCreateProcess
- ntdll.RtlCreateUserProcess
...
Also related: bug 23451 ("VMWare Thinapps (packaged with version >4.5) and XenoCode wrapped apps fail to run (differences in process creation sequence at native API level)")
$ sha1sum Tibia_Setup.exe 50951008ccc402cc32407bfc56a88da873e3e9bd Tibia_Setup.exe
$ du -sh Tibia_Setup.exe 5.2M Tibia_Setup.exe
$ wine --version wine-3.5-107-gf4573adb0f
Regards
I am almost done getting create_process to work inside ntdll, just a few bugs to clear up. In the mean time, I have been researching the functionality of RtlCreateUserProcess.
According to https://malwaretips.com/threads/ntcreateuserprocess-api-hook-process-monitor...
In windows Vista and up, RtlCreateUserProcess simply maps to NtCreateUserProcess, so when researching, that might be useful to find more information.
Also, according to http://www.rohitab.com/discuss/topic/40191-ntcreateuserprocess/
"On Windows Vista and later, the CreateProcessInternalW function uses the NtCreateUserProcess function to create the new process."
Although it will probably suffice to have both NtCreateUserProcess and CreateProcessInternalW call create_process.
https://bugs.winehq.org/show_bug.cgi?id=44912
--- Comment #4 from dereklesho52@Gmail.com --- Hello, sorry for the spam from May, I've learned a lot since then and I have prototype implementation that works with battleye. You can find my work right here: https://github.com/Guy1524/wine/commits/battleye-work
The code isn't ready for merging but if somebody is better than me at this kind of thing it'd be great if you could fork and clean this up for a merge.
https://bugs.winehq.org/show_bug.cgi?id=44912
--- Comment #5 from Anastasius Focht focht@gmx.net --- Hello Derek,
thanks for your contribution. I think Wine-Staging folks would be happy to pick up your work and refine it for potential upstream inclusion. Having process creation in proper place would benefit various other apps which rely on this in their native API sandboxing scheme. I have some tickets open related to that topic for a long time.
I figured out you imported a number of commits from Zebediah Figura's github repo: https://github.com/zfigura/wine/commits/master while your own github repo is fork from mainline Wine. That was a bit confusing to me as I tried to locate the sha1 of the cherry-picks. You should be more explicit on the origin of commits (cherry-picks) in the commit message if the are from different remotes and not the parent of your fork to enhance the traceability. Also it would be nice if you link your commits to Wine Bugzilla tickets. Not mandatory but it helps the traceability. See here for example: https://source.winehq.org/git/wine.git/commit/0799550075654094a3bed080aac722...
In general your current work consists of:
Putting (native) process creation infrastructure in proper place:
* Add ntdll equivalent for MODULE_get_binary_info -> bug 44912 (this) * Add ntdll infrastructure for create_process -> bug 44912 (this) * Add ntdll create_process and more infrastructure -> bug 44912 (this) * Implement RtlCreateUserProcess (plus for infrastructure) -> bug 44912 (this)
Fixing some issues with BattlEye 'BEDaisy' kernel driver
* [ntoskrnl] Add stub for PsGetProcessWow64Process -> bug 45664 * Use Executable Memory for ExAllocatePoolWithTag -> no bug report?
I think I will create a bug report for the last one too (covers https://www.winehq.org/pipermail/wine-devel/2018-September/thread.html#13147...)
Regards
https://bugs.winehq.org/show_bug.cgi?id=44912
--- Comment #6 from dereklesho52@Gmail.com --- Hello Anastatius(In reply to Anastasius Focht from comment #5)
Hello Derek,
thanks for your contribution. I think Wine-Staging folks would be happy to pick up your work and refine it for potential upstream inclusion. Having process creation in proper place would benefit various other apps which rely on this in their native API sandboxing scheme. I have some tickets open related to that topic for a long time.
I figured out you imported a number of commits from Zebediah Figura's github repo: https://github.com/zfigura/wine/commits/master while your own github repo is fork from mainline Wine. That was a bit confusing to me as I tried to locate the sha1 of the cherry-picks. You should be more explicit on the origin of commits (cherry-picks) in the commit message if the are from different remotes and not the parent of your fork to enhance the traceability. Also it would be nice if you link your commits to Wine Bugzilla tickets. Not mandatory but it helps the traceability. See here for example: https://source.winehq.org/git/wine.git/commit/ 0799550075654094a3bed080aac722b9bea01307
In general your current work consists of:
Putting (native) process creation infrastructure in proper place:
- Add ntdll equivalent for MODULE_get_binary_info -> bug 44912 (this)
- Add ntdll infrastructure for create_process -> bug 44912 (this)
- Add ntdll create_process and more infrastructure -> bug 44912 (this)
- Implement RtlCreateUserProcess (plus for infrastructure) -> bug 44912
(this)
Fixing some issues with BattlEye 'BEDaisy' kernel driver
- [ntoskrnl] Add stub for PsGetProcessWow64Process -> bug 45664
- Use Executable Memory for ExAllocatePoolWithTag -> no bug report?
I think I will create a bug report for the last one too (covers https://www.winehq.org/pipermail/wine-devel/2018-September/thread. html#131477)
Regards
Hello Anastasius,
Thank you for the advice. In regards to the newer commits, they are all experimental and may not be necessary. The executable memory one is especially experimental as it might be breaking something else. I also have my own working implementation for ZF's work, so I reset those commits and am starting to reimplement those in this repo, as I am facing an issue that didn't crop up with mine.
I do agree though, it is confusing combining my stable commits and these very experimental ones into the same branch, so I just created a new branch where I put the tested and somewhat-stable commits complete with the bug IDs:
https://github.com/Guy1524/wine/commits/battleye-work-stable
https://bugs.winehq.org/show_bug.cgi?id=44912
--- Comment #7 from dereklesho52@Gmail.com --- By the way, in regards to staging, the create_process implementation in staging is different because of a five year old commit that was never mainlined. My current patch only applies to vanilla due to this reason.
On a side note, I filed 3 more bug reports with corresponding patches, and with all the patches battleye now works and Tibia runs flawlessly. Again, they are located here now: https://github.com/Guy1524/wine/commits/battleye-work-stable
https://bugs.winehq.org/show_bug.cgi?id=44912
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED Fixed by SHA1| |5cc8bcf0b05f6cfd4f60fe371e0 | |0ec8a575bec83 Keywords| |obfuscation
--- Comment #8 from Anastasius Focht focht@gmx.net --- Hello folks,
Alexandre implemented 'ntdll.RtlCreateUserProcess' functionality now.
There were a number of commits in the last week related to process creation infrastructure (refactoring).
Last two commits from today:
* https://source.winehq.org/git/wine.git/commitdiff/5cc8bcf0b05f6cfd4f60fe371e... ("ntdll: Implement RtlCreateUserProcess().") * https://source.winehq.org/git/wine.git/commitdiff/c998667bf0983ef99cc48847d3... ("ntdll: Also return the SECTION_IMAGE_INFORMATION data from RtlCreateUserProcess().")
Thanks Alexandre
--- snip --- $ pwd /home/focht/.wine/drive_c/users/focht/Local Settings/Application Data/Tibia/packages/Tibia/bin
$ WINEDEBUG=+seh,+relay,+loaddll,+process,+ntoskrnl,+ntdll wine ./client.exe
log.txt 2>&1
... 004a:Call ntdll.RtlCreateProcessParameters(0033e794,0033e788,00000000,00000000,0033e77c,00000000,00000000,00000000,00000000,00000000) ret=00463573 004a:Ret ntdll.RtlCreateProcessParameters() retval=00000000 ret=00463573 004a:Call ntdll.RtlCreateUserProcess(0033e788,00000040,0016d508,00000000,00000000,00000000,00000000,00000000,00000000,0033e7a0) ret=00467fa7 004a:trace:process:RtlCreateUserProcess L"\??\C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" image L"\??\C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" cmdline L""C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" 6 " ... 004a:trace:process:RtlCreateUserProcess L"\??\C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" pid 005a tid 005b handles 0x64/0x68 004a:Ret ntdll.RtlCreateUserProcess() retval=00000000 ret=00467fa7 ... 005b:Starting process L"C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client_launcher.exe" (entryproc=0x47d6dc) ... 005b:Call KERNEL32.CreateProcessW(00000000,0033def0 L""C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client.exe" --battleye",00000000,00000000,00000000,00000410,00000000,00000000,0033c764,0033c754) ret=7dd47d7b 005b:trace:process:create_process_impl app (null) cmdline L""C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client.exe" --battleye" ... 005b:trace:process:create_process_impl starting L"C:\users\focht\Local Settings\Application Data\Tibia\packages\Tibia\bin\client.exe" as Win32 binary (400000-ea8000, x86) ... 005d:Call KERNEL32.__wine_kernel_init() ret=7bc59fbd ... 005b:trace:process:create_process_impl started process pid 005c tid 005d 005b:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7dd47d7b ... --- snip ---
$ sha1sum Tibia_Setup.exe 1d87249464e166fde4a128edeb87e1995e4f78f9 Tibia_Setup.exe
$ du -sh Tibia_Setup.exe 5.4M Tibia_Setup.exe
$ wine --version wine-3.18-202-g363326678c
Regards
https://bugs.winehq.org/show_bug.cgi?id=44912
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #9 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 3.19.
https://bugs.winehq.org/show_bug.cgi?id=44912
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://static.tibia.com/dow |https://web.archive.org/web |nload/Tibia_Setup.exe |/20210117182120/https://sta | |tic.tibia.com/download/Tibi | |a_Setup.exe
-
wine-bugs@winehq.org -
WineHQ Bugzilla