http://bugs.winehq.org/show_bug.cgi?id=11121
Summary: DSOUND_MixOne Fatal error Product: Wine Version: 0.9.52. Platform: PC-x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P3 Component: directx-dsound AssignedTo: wine-bugs@winehq.org ReportedBy: perchrh-wine@pvv.org
Created an attachment (id=10155) --> (http://bugs.winehq.org/attachment.cgi?id=10155) log of stderr and stdout
The game "Night Watch" fails to run. It install nicely and there is sound at startup, but the game crashes a few seconds later and a backtrace involving dsound is shown (DSOUND_MixOne Fatal error). I've attached the log output containing the full backtrace.
To reproduce: Start the game (wine ./NWwatch.exe) and wait a few seconds (no action necessary).
http://bugs.winehq.org/show_bug.cgi?id=11121
--- Comment #1 from Austin English austinenglish@gmail.com 2008-01-10 11:58:02 --- Does this demo have the same problem?
http://www.gamershell.com/download_12193.shtml
http://bugs.winehq.org/show_bug.cgi?id=11121
Alexander Dorofeyev alexd4@inbox.lv changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |alexd4@inbox.lv
--- Comment #2 from Alexander Dorofeyev alexd4@inbox.lv 2008-01-10 12:33:54 --- I think that most likely this isn't dsound. DSOUND_MixOne Fatal error messages are quite common after the crash. There are tons of GL errors prior to this and also some surface creation errors. It is more likely this is a d3d bug. There will be more helpful info if you run your app with
WINEDEBUG=+d3d,+d3d_surface wine ...
http://bugs.winehq.org/show_bug.cgi?id=11121
--- Comment #3 from Per Christian Henden perchrh-wine@pvv.org 2008-01-10 12:56:15 --- (In reply to comment #1)
Does this demo have the same problem?
Yes, by installing the demo and applying the nocd-patch (necessary because the demo also comes with starforce copy protection not supported by Wine. Execute NWatch.exe) it crashes with the exact same backtrace and log messages.
http://bugs.winehq.org/show_bug.cgi?id=11121
--- Comment #4 from Per Christian Henden perchrh-wine@pvv.org 2008-01-10 13:03:43 --- Created an attachment (id=10158) --> (http://bugs.winehq.org/attachment.cgi?id=10158) d3d, d3d_surface debug logs
The output of WINEDEBUG=+d3d,+d3d_surface wine ./NWatch.exe 2>&1. Compressed to allow upload.
http://bugs.winehq.org/show_bug.cgi?id=11121
Per Christian Henden perchrh-wine@pvv.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Component|directx-dsound |directx-d3d Summary|DSOUND_MixOne Fatal error |crash in/after | |IWineD3DDeviceImpl_BeginScen | |e
--- Comment #5 from Per Christian Henden perchrh-wine@pvv.org 2008-01-12 04:53:33 --- I changed the title and component to reflect Alexander D's comment.
http://bugs.winehq.org/show_bug.cgi?id=11121
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL| |http://www.gamershell.com/do | |wnload_12193.shtml Keywords| |download
--- Comment #6 from Austin English austinenglish@gmail.com 2008-06-05 10:26:16 --- Is this still an issue in 1.0-rc3 or newer wine?
http://bugs.winehq.org/show_bug.cgi?id=11121
--- Comment #7 from Per Christian Henden perchrh-wine@pvv.org 2008-06-05 16:00:00 --- I'll try it out in a few days.
http://bugs.winehq.org/show_bug.cgi?id=11121
Per Christian Henden perchrh-wine@pvv.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #10158|0 |1 is obsolete| |
--- Comment #8 from Per Christian Henden perchrh-wine@pvv.org 2008-06-06 17:21:53 --- Created an attachment (id=13758) --> (http://bugs.winehq.org/attachment.cgi?id=13758) d3d, d3d_surface debug logs
The output from WINEDEBUG=+d3d,+d3d_surface wine NWatch.exe 2>&1 > foologg
http://bugs.winehq.org/show_bug.cgi?id=11121
--- Comment #9 from Per Christian Henden perchrh-wine@pvv.org 2008-06-06 17:23:21 --- Also present in 1.0-rc3. I've updated the attached logs.
http://bugs.winehq.org/show_bug.cgi?id=11121
Per Christian Henden perchrh-wine@pvv.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|0.9.52. |1.0-rc3
http://bugs.winehq.org/show_bug.cgi?id=11121
Per Christian Henden perchrh-wine@pvv.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #13758|0 |1 is obsolete| |
--- Comment #10 from Per Christian Henden perchrh-wine@pvv.org 2008-06-06 17:30:17 --- Created an attachment (id=13759) --> (http://bugs.winehq.org/attachment.cgi?id=13759) d3d, d3d_surface debug logs
(previous upload was bad/empty file) output from WINEDEBUG=+d3d,+d3d_surface wine NWatch.exe 2>&1 |tee foologg
http://bugs.winehq.org/show_bug.cgi?id=11121
James Hawkins truiken@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|1.0-rc3 |0.9.52.
--- Comment #11 from James Hawkins truiken@gmail.com 2008-06-06 21:27:45 --- Don't change the original reported version.
http://bugs.winehq.org/show_bug.cgi?id=11121
--- Comment #12 from Austin English austinenglish@gmail.com 2008-12-07 23:55:52 --- Crashes in 1.1.10 because of starforce protection/ntoskrnl.exe stubs.
http://bugs.winehq.org/show_bug.cgi?id=11121
--- Comment #13 from Per Christian Henden perchrh-wine@pvv.org 2010-01-10 04:18:27 --- I retested this with wine 1.1.36. Comparing the logs it fails at the same place. There is a difference in that a messagebox from wine shows a message like "sorry, but this application crashed". At that point I'm unable to click the close button (another bug) and need to terminate wine by wineserver -k. It seems that this messagebox problem results in the debug stack trace not showing up in logs.
Attached new logs.
http://bugs.winehq.org/show_bug.cgi?id=11121
Per Christian Henden perchrh-wine@pvv.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Attachment #10155|0 |1 is obsolete| | Attachment #13759|0 |1 is obsolete| |
--- Comment #14 from Per Christian Henden perchrh-wine@pvv.org 2010-01-10 04:20:50 --- Created an attachment (id=25643) --> (http://bugs.winehq.org/attachment.cgi?id=25643) output of WINEDEBUG=+d3d,+d3d_surface wine ./NWatch.exe 2>&1 |tee foologg
Compressed to allow upload.
http://bugs.winehq.org/show_bug.cgi?id=11121
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1
--- Comment #15 from Austin English austinenglish@gmail.com 2011-08-12 20:18:07 CDT --- d524c349bb58ea8249eb60bead58ee608de5ad31 night_watch_demo_english.zip http://www.ggmania.com/?smsid=20626
along with no-cd, starts up, and I get intro videos, all rendered in shades of gray. When the main menu appears (you can get it faster by hitting escape), the game crashes. I'll attach a new backtrace.
1.3.26.
http://bugs.winehq.org/show_bug.cgi?id=11121
--- Comment #16 from Austin English austinenglish@gmail.com 2011-08-12 20:18:18 CDT --- Created an attachment (id=35938) --> (http://bugs.winehq.org/attachment.cgi?id=35938) backtrace
http://bugs.winehq.org/show_bug.cgi?id=11121
--- Comment #17 from Saulius K. saulius2@gmail.com 2013-12-01 18:43:25 CST --- (In reply to comment #12)
Crashes in 1.1.10 because of starforce protection/ntoskrnl.exe stubs.
Austin, maybe the bug should be renamed to reflect that? Or isn't the crash suddenly a case anymore:)?
http://bugs.winehq.org/show_bug.cgi?id=11121
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation CC| |focht@gmx.net Component|directx-d3d |ntdll Summary|crash in/after |Night Watch crashes on |IWineD3DDeviceImpl_BeginSce |startup (StarForce v3, |ne |loader: section | |SizeOfRawData vs. | |FileAlignment violation, | |zero padding of section | |remainder wipes out code | |executed at runtime)
--- Comment #18 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming, the game is protected with StarForce v3 and needs 'no-CD' patch to be useful at all. The initial crash (attachment from comment #14) is already covered by StarForce bug(s).
I'm making this bug about the crash of no-CD version which highlights a valid problem with Wine.
(msvcr71 and msvcp71 were forced to 'builtin' to give a bit more context)
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/NightWatch/Run
$ WINEDEBUG=+tid,+seh,+relay,+msvcrt,+msvcp wine ./NWatch.exe >>log.txt 2>&1 ...
0031:Call KERNEL32.OutputDebugStringA(00ab0bd8 "<color=grey>scenario tracker: scenario zone has 0 item slots and 0 person slots\n") ret=00496b93 0031:Ret KERNEL32.OutputDebugStringA() retval=00000000 ret=00496b93 ... 0031:Call KERNEL32.CreateFileW(0793dc90 L"temp\197_5467.sav",80000000,00000003,0033f5c0,00000003,00000080,00000000) ret=7e72c10d 0031:Ret KERNEL32.CreateFileW() retval=ffffffff ret=7e72c10d ... 0031:Call msvcrt._CxxThrowException(0033f7d4,00a080fc) ret=0045baf2 0031:Call KERNEL32.RaiseException(e06d7363,00000001,00000003,0033f764) ret=7e71a3a1 0031:trace:seh:raise_exception code=e06d7363 flags=1 addr=0x7b83a8ef ip=7b83a8ef tid=0031 0031:trace:seh:raise_exception info[0]=19930520 0031:trace:seh:raise_exception info[1]=0033f7d4 0031:trace:seh:raise_exception info[2]=00a080fc 0031:trace:seh:raise_exception eax=7b826921 ebx=7b8ba000 ecx=19930520 edx=0033f6b4 esi=0033f760 edi=0033f720 0031:trace:seh:raise_exception ebp=0033f6f8 esp=0033f694 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00000283 ... 0031:Call KERNEL32.OutputDebugStringA(00ab0bd8 "WARNING: Can't load zone197_5467.sav\n") ret=00496b93 0031:Ret KERNEL32.OutputDebugStringA() retval=00000000 ret=00496b93 ... 0031:trace:seh:call_catch_block done, continuing at 0x4e6a08 ... 0031:Call KERNEL32.OutputDebugStringA(00ab0bd8 "WORLD VALID: no ADRESS 0\n") ret=00496b93 0031:Ret KERNEL32.OutputDebugStringA() retval=00000000 ret=00496b93 ... 0031:trace:seh:call_catch_block done, continuing at 0x4e6a08 ... 0031:Call KERNEL32.OutputDebugStringA(00ab0bd8 "WORLD VALID: no ADRESS 0\n") ret=00496b93 0031:Ret KERNEL32.OutputDebugStringA() retval=00000000 ret=00496b93 0031:trace:seh:raise_exception code=c0000005 flags=0 addr=0x90a810 ip=0090a810 tid=0031 0031:trace:seh:raise_exception info[0]=00000001 0031:trace:seh:raise_exception info[1]=00000000 0031:trace:seh:raise_exception eax=00000000 ebx=7b3f24c8 ecx=7b3f24c8 edx=0000005f esi=7b3f24c8 edi=00000000 0031:trace:seh:raise_exception ebp=00000000 esp=0033f860 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0031:trace:seh:call_stack_handlers calling handler at 0x964e18 code=c0000005 flags=0 0031:trace:seh:call_stack_handlers handler at 0x964e18 returned 1 ... 0031:trace:seh:cxx_frame_handler handling C exception code c0000005 rec 0x33f808 frame 0x33fd6c trylevel 67 descr 0xa0413c nested_frame (nil) ... 0031:Call msvcrt._except_handler3(0033f808,0033fe10,0033f53c,0033f3cc) ret=7bc85e4d 0031:trace:seh:_except_handler3 exception c0000005 flags=0 at 0x90a810 handler=0x58649c 0x33f53c 0x33f3cc semi-stub 0031:trace:seh:_except_handler3 level 0 prev -1 filter 0x5860c8 0031:Call msvcrt._XcptFilter(c0000005,0033f2a4) ret=005860d9 0031:trace:seh:_XcptFilter (c0000005,0x33f2a4) 0031:Ret msvcrt._XcptFilter() retval=00000000 ret=005860d9 0031:trace:seh:_except_handler3 filter returned CONTINUE_SEARCH 0031:trace:seh:_except_handler3 reached TRYLEVEL_END, returning ExceptionContinueSearch 0031:Ret msvcrt._except_handler3() retval=00000001 ret=7bc85e4d 0031:trace:seh:call_stack_handlers handler at 0x58649c returned 1 0031:trace:seh:call_stack_handlers calling handler at 0x7bc9dc4f code=c0000005 flags=0 0031:Call KERNEL32.UnhandledExceptionFilter(0033f334) ret=7bc9dc89 ... wine: Unhandled page fault on write access to 0x00000000 at address 0x90a810 (thread 0031), starting debugger... --- snip ---
The game tries to load a (non-existing) savegame on startup and throws a C++ exception for handling the error. The catch block is found and executed (dumps error message).
Next, some validation on the game state is done which fails because the savegame didn't restore a valid 'world' state. During that (failing) check the execution flow reaches an area which is zero-filled - hence the page fault at address 0x90a810.
I did an off-line analysis of the StarForce v3 protected binary (disassembly) and to my surprise I found valid opcodes at the location where the fault occurred. The code is located in '.idata' section of PE binary. Someone played dirty here and partially wiped out the section contents.
After firing up a debugger I quickly nailed it down ... at the time when the entry point was reached the opcodes were already wiped out. Code in '.sforce3' section had the same problem - wipe out at the end.
WINEDEBUG=+module,+virtual to the help ;-)
--- snip --- ... 0039:trace:process:__wine_kernel_init starting process name=L"C:\Program Files\NightWatch\Run\NWatch.exe" argv[0]=L"C:\Program Files\NightWatch\Run\NWatch.exe" ... 0039:trace:module:load_native_dll Trying native dll L"C:\Program Files\NightWatch\Run\NWatch.exe" 0039:trace:virtual:NtMapViewOfSection handle=0x1c process=0xffffffff addr=(nil) off=000000000 size=0 access=20 0039:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0xafbfff (anonymous) 0039:trace:virtual:VIRTUAL_DumpView 0x400000 - 0xafbfff c-rWx
0039:trace:module:map_image mapped PE file at 0x400000-0xafc000
0039:trace:module:map_image mapping section .sforce3 at 0x401000 off 1000 size 508ba0 virt 509000 flags 60000040 0039:trace:module:map_image clearing 0x909c00 - 0x90a000
0039:trace:module:map_image mapping section .idata at 0x90a000 off 50a000 size 224 virt 1000 flags e0000040 0039:trace:module:map_image clearing 0x90a400 - 0x90b000
0039:trace:module:map_image mapping section .brick at 0x90b000 off 50b000 size 89000 virt 89000 flags e0000040
0039:trace:module:map_image mapping section .RDATA at 0x994000 off 594000 size 1000 virt 1000 flags e0000040
0039:trace:module:map_image mapping section .brick at 0x995000 off 595000 size b6000 virt b6000 flags e0000040
0039:trace:module:map_image mapping section .RDATA at 0xa4b000 off 64b000 size c62 virt 1000 flags e0000040 0039:trace:module:map_image clearing 0xa4be00 - 0xa4c000
0039:trace:module:map_image mapping section .brick at 0xa4c000 off 64c000 size ab000 virt ab000 flags e0000040
0039:trace:module:map_image mapping section .tls at 0xaf7000 off 6f7000 size 9 virt 1000 flags e0000040 0039:trace:module:map_image clearing 0xaf7200 - 0xaf8000
0039:trace:module:map_image mapping section .rsrc at 0xaf8000 off 6f8000 size 1f90 virt 1f90 flags e0000040
0039:trace:module:map_image mapping section .start at 0xafa000 off 6fa000 size 2000 virt 2000 flags e0000060
0039:trace:virtual:VIRTUAL_SetProt 0x400000-0x400fff c-r-- 0039:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0xafbfff (anonymous) 0039:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0039:trace:virtual:VIRTUAL_DumpView 0x401000 - 0xafbfff c-rW- 0039:trace:virtual:VIRTUAL_SetProt 0x401000-0x909fff c-r-x 0039:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0xafbfff (anonymous) 0039:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0039:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x909fff c-r-x 0039:trace:virtual:VIRTUAL_DumpView 0x90a000 - 0xafbfff c-rW- 0039:trace:virtual:VIRTUAL_SetProt 0x90a000-0x90afff c-rWx 0039:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0xafbfff (anonymous) 0039:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0039:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x909fff c-r-x 0039:trace:virtual:VIRTUAL_DumpView 0x90a000 - 0x90afff c-rWx 0039:trace:virtual:VIRTUAL_DumpView 0x90b000 - 0xafbfff c-rW- 0039:trace:virtual:VIRTUAL_SetProt 0x90b000-0x993fff c-rWx 0039:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0xafbfff (anonymous) 0039:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0039:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x909fff c-r-x 0039:trace:virtual:VIRTUAL_DumpView 0x90a000 - 0x993fff c-rWx 0039:trace:virtual:VIRTUAL_DumpView 0x994000 - 0xafbfff c-rW- 0039:trace:virtual:VIRTUAL_SetProt 0x994000-0x994fff c-rWx 0039:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0xafbfff (anonymous) 0039:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0039:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x909fff c-r-x 0039:trace:virtual:VIRTUAL_DumpView 0x90a000 - 0x994fff c-rWx 0039:trace:virtual:VIRTUAL_DumpView 0x995000 - 0xafbfff c-rW- 0039:trace:virtual:VIRTUAL_SetProt 0x995000-0xa4afff c-rWx 0039:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0xafbfff (anonymous) 0039:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0039:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x909fff c-r-x 0039:trace:virtual:VIRTUAL_DumpView 0x90a000 - 0xa4afff c-rWx 0039:trace:virtual:VIRTUAL_DumpView 0xa4b000 - 0xafbfff c-rW- 0039:trace:virtual:VIRTUAL_SetProt 0xa4b000-0xa4bfff c-rWx 0039:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0xafbfff (anonymous) 0039:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0039:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x909fff c-r-x 0039:trace:virtual:VIRTUAL_DumpView 0x90a000 - 0xa4bfff c-rWx 0039:trace:virtual:VIRTUAL_DumpView 0xa4c000 - 0xafbfff c-rW- 0039:trace:virtual:VIRTUAL_SetProt 0xa4c000-0xaf6fff c-rWx 0039:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0xafbfff (anonymous) 0039:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0039:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x909fff c-r-x 0039:trace:virtual:VIRTUAL_DumpView 0x90a000 - 0xaf6fff c-rWx 0039:trace:virtual:VIRTUAL_DumpView 0xaf7000 - 0xafbfff c-rW- 0039:trace:virtual:VIRTUAL_SetProt 0xaf7000-0xaf7fff c-rWx 0039:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0xafbfff (anonymous) 0039:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0039:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x909fff c-r-x 0039:trace:virtual:VIRTUAL_DumpView 0x90a000 - 0xaf7fff c-rWx 0039:trace:virtual:VIRTUAL_DumpView 0xaf8000 - 0xafbfff c-rW- 0039:trace:virtual:VIRTUAL_SetProt 0xaf8000-0xaf9fff c-rWx 0039:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0xafbfff (anonymous) 0039:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0039:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x909fff c-r-x 0039:trace:virtual:VIRTUAL_DumpView 0x90a000 - 0xaf9fff c-rWx 0039:trace:virtual:VIRTUAL_DumpView 0xafa000 - 0xafbfff c-rW- 0039:trace:virtual:VIRTUAL_SetProt 0xafa000-0xafbfff c-rWx 0039:trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0xafbfff (anonymous) 0039:trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- 0039:trace:virtual:VIRTUAL_DumpView 0x401000 - 0x909fff c-r-x 0039:trace:virtual:VIRTUAL_DumpView 0x90a000 - 0xafbfff c-rWx 0039:warn:module:alloc_module disabling no-exec because of L"NWatch.exe" --- snip ---
'clearing 0x909c00 - 0x90a000' -> zero-init until page boundary of '.sforce3' section
'clearing 0x90a400 - 0x90b000' -> zero-init until page boundary of '.idata' section
Remember the page fault address? 0x90a810 -> bingo ;-)
MSDN/PE-COFF spec:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms680341%28v=vs.85%2...
--- quote --- IMAGE_SECTION_HEADER structure
...
SizeOfRawData
The size of the initialized data on disk, in bytes. This value must be a multiple of the FileAlignment member of the IMAGE_OPTIONAL_HEADER structure. If this value is less than the VirtualSize member, the remainder of the section is filled with zeroes. If the section contains only uninitialized data, the member is zero. --- quote ---
'.idata at 0x90a000 off 50a000 size 224 virt 1000 flags e0000040'
VirtualSize = 0x1000 SizeOfRawData = 0x224
Dumping the optional PE header with 'LordPE' gives some insight...
--- snip --- ->Optional Header Magic: 0x010B (HDR32_MAGIC) MajorLinkerVersion: 0x4B MinorLinkerVersion: 0x18 -> 75.24 SizeOfCode: 0x0057D000 SizeOfInitializedData: 0x001DD800 SizeOfUninitializedData: 0x00000000 AddressOfEntryPoint: 0x00185F02 BaseOfCode: 0x00001000 BaseOfData: 0x0057E000 ImageBase: 0x00400000 SectionAlignment: 0x00001000 FileAlignment: 0x00001000 ... --- snip ---
The requirement 'SizeOfRawData = multiple of the FileAlignment' seems to be violated here. Maybe this is the reason why the Windows loader treats the section remainder differently in this case.
For testing I disabled the zero-padding of section remainder to next boundary when this requirement was not met:
http://source.winehq.org/git/wine.git/blob/e8eb781327457b39c3578f8f651671499...
It made the game work ;-)
* intro movie/cutscenes. * main menu * gameplay (I played a bit - no crash)
$ sha1sum Night_Watch_DEMO_english.exe du -sh 826a6318a016d86fab6172eab23b4a15b2b92f54 Night_Watch_DEMO_english.exe
$ du -sh Night_Watch_DEMO_english.exe 458M Night_Watch_DEMO_english.exe
$ wine --version wine-1.7.8-232-g3bad812
Regards
https://bugs.winehq.org/show_bug.cgi?id=11121
David Seward bignintyfan@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bignintyfan@gmail.com
--- Comment #19 from David Seward bignintyfan@gmail.com --- (In reply to Anastasius Focht from comment #18)
Hello folks,
confirming, the game is protected with StarForce v3 and needs 'no-CD' patch to be useful at all. The initial crash (attachment from comment #14) is already covered by StarForce bug(s).
I'm making this bug about the crash of no-CD version which highlights a valid problem with Wine.
(msvcr71 and msvcp71 were forced to 'builtin' to give a bit more context) ---- snip---- The game tries to load a (non-existing) savegame on startup and throws a C++ exception for handling the error. The catch block is found and executed (dumps error message).
Next, some validation on the game state is done which fails because the savegame didn't restore a valid 'world' state. During that (failing) check the execution flow reaches an area which is zero-filled - hence the page fault at address 0x90a810.
I did an off-line analysis of the StarForce v3 protected binary (disassembly) and to my surprise I found valid opcodes at the location where the fault occurred. The code is located in '.idata' section of PE binary. Someone played dirty here and partially wiped out the section contents.
After firing up a debugger I quickly nailed it down ... at the time when the entry point was reached the opcodes were already wiped out. Code in '.sforce3' section had the same problem - wipe out at the end.
WINEDEBUG=+module,+virtual to the help ;-)
The size of the initialized data on disk, in bytes. This value must be a multiple of the FileAlignment member of the IMAGE_OPTIONAL_HEADER structure. If this value is less than the VirtualSize member, the remainder of the section is filled with zeroes. If the section contains only uninitialized data, the member is zero. --- quote ---
'.idata at 0x90a000 off 50a000 size 224 virt 1000 flags e0000040'
VirtualSize = 0x1000 SizeOfRawData = 0x224
Dumping the optional PE header with 'LordPE' gives some insight...
The requirement 'SizeOfRawData = multiple of the FileAlignment' seems to be violated here. Maybe this is the reason why the Windows loader treats the section remainder differently in this case.
For testing I disabled the zero-padding of section remainder to next boundary when this requirement was not met:
http://source.winehq.org/git/wine.git/blob/ e8eb781327457b39c3578f8f65167149939503d0:/dlls/ntdll/virtual.c#l1227
It made the game work ;-)
- intro movie/cutscenes.
- main menu
- gameplay (I played a bit - no crash)
$ sha1sum Night_Watch_DEMO_english.exe du -sh 826a6318a016d86fab6172eab23b4a15b2b92f54 Night_Watch_DEMO_english.exe
$ du -sh Night_Watch_DEMO_english.exe 458M Night_Watch_DEMO_english.exe
$ wine --version wine-1.7.8-232-g3bad812
Regards
Wow, that's a lot of info! Are you able to test if this still occurs with a newer version of Wine?
https://bugs.winehq.org/show_bug.cgi?id=11121
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.gamershell.com/d |https://www.fileplanet.com/ |ownload_12193.shtml |archive/p-56695/Night-Watch | |-Updated-Demo/download
--- Comment #20 from Anastasius Focht focht@gmx.net --- Hello David,
--- quote --- Wow, that's a lot of info! Are you able to test if this still occurs with a newer version of Wine? --- quote ---
yes, the issue is still present.
I had to search a bit to find sites that still provide the demo download and the no-cd patch.
https://web.archive.org/web/20191201155126/https://www.gamesindustry.biz/art...
-> https://www.fileplanet.com/archive/p-56695/Night-Watch-Updated-Demo/download
For the no-cd patch use following search query:
https://www.google.com/search?q=lonebullet+nightwatch
I've snapshotted the patch using Internet Archive as well in case it goes away.
---
Wine source:
https://source.winehq.org/git/wine.git/blob/HEAD:/dlls/ntdll/virtual.c#l1414
--- snip --- 1414 static NTSTATUS map_image( HANDLE hmapping, ACCESS_MASK access, int fd, int top_down, unsigned short zero_bits_64, 1415 pe_image_info_t *image_info, int shared_fd, BOOL removable, PVOID *addr_ptr ) 1416 { ... 1510 /* map all the sections */ 1511 1512 for (i = pos = 0; i < nt->FileHeader.NumberOfSections; i++, sec++) 1513 { 1514 static const SIZE_T sector_align = 0x1ff; 1515 SIZE_T map_size, file_start, file_size, end; 1516 1517 if (!sec->Misc.VirtualSize) 1518 map_size = ROUND_SIZE( 0, sec->SizeOfRawData ); 1519 else 1520 map_size = ROUND_SIZE( 0, sec->Misc.VirtualSize ); 1521 1522 /* file positions are rounded to sector boundaries regardless of OptionalHeader.FileAlignment */ 1523 file_start = sec->PointerToRawData & ~sector_align; 1524 file_size = (sec->SizeOfRawData + (sec->PointerToRawData & sector_align) + sector_align) & ~sector_align; 1525 if (file_size > map_size) file_size = map_size; ... 1566 TRACE_(module)( "mapping section %.8s at %p off %x size %x virt %x flags %x\n", 1567 sec->Name, ptr + sec->VirtualAddress, 1568 sec->PointerToRawData, sec->SizeOfRawData, 1569 sec->Misc.VirtualSize, sec->Characteristics ); 1570 1571 if (!sec->PointerToRawData || !file_size) continue; 1572 1573 /* Note: if the section is not aligned properly map_file_into_view will magically 1574 * fall back to read(), so we don't need to check anything here. 1575 */ 1576 end = file_start + file_size; 1577 if (sec->PointerToRawData >= st.st_size || 1578 end > ((st.st_size + sector_align) & ~sector_align) || 1579 end < file_start || 1580 map_file_into_view( view, fd, sec->VirtualAddress, file_size, file_start, 1581 VPROT_COMMITTED | VPROT_READ | VPROT_WRITECOPY, 1582 removable ) != STATUS_SUCCESS) 1583 { 1584 ERR_(module)( "Could not map section %.8s, file probably truncated\n", sec->Name ); 1585 goto error; 1586 } 1587 1588 if (file_size & page_mask) 1589 { 1590 end = ROUND_SIZE( 0, file_size ); 1591 if (end > map_size) end = map_size; 1592 TRACE_(module)("clearing %p - %p\n", 1593 ptr + sec->VirtualAddress + file_size, 1594 ptr + sec->VirtualAddress + end ); 1595 memset( ptr + sec->VirtualAddress + file_size, 0, end - file_size ); 1596 } 1597 } ... --- snip ---
Running the patched executable on top of demo install:
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/NightWatch/Run
$ WINEDEBUG=+seh,+relay wine ./NWatch.exe >>log.txt 2>&1 ... 0040:Call KERNEL32.OutputDebugStringA(00ab0bd8 "WORLD VALID: no ADRESS 0\n") ret=00496b93 0040:warn:seh:OutputDebugStringA "WORLD VALID: no ADRESS 0\n" 0040:Ret KERNEL32.OutputDebugStringA() retval=00000000 ret=00496b93 0040:trace:seh:raise_exception code=c0000005 flags=0 addr=0x90a810 ip=0090a810 tid=0040 0040:trace:seh:raise_exception info[0]=00000001 0040:trace:seh:raise_exception info[1]=00000000 0040:trace:seh:raise_exception eax=00000000 ebx=593a3a88 ecx=593a3a88 edx=0000005f esi=593a3a88 edi=00000000 0040:trace:seh:raise_exception ebp=00000000 esp=0032f970 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010246 0040:trace:seh:call_stack_handlers calling handler at 0x964e18 code=c0000005 flags=0 0040:trace:seh:call_stack_handlers handler at 0x964e18 returned 1 ... Unhandled exception: page fault on write access to 0x00000000 in 32-bit code (0x0090a810). --- snip ---
$ sha1sum night* 826a6318a016d86fab6172eab23b4a15b2b92f54 night_watch_demo_english.exe c485bd99eb076733a3c96c02716f2c4c760aa851 night-watch-v101-english-no-cdfixed-exe.rar
$ du -sh night* 458M night_watch_demo_english.exe 2.1M night-watch-v101-english-no-cdfixed-exe.rar
$ wine --version wine-4.21
Regards
https://bugs.winehq.org/show_bug.cgi?id=11121
Chebanenko Igor chebanenkoigor93@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |chebanenkoigor93@gmail.com
--- Comment #21 from Chebanenko Igor chebanenkoigor93@gmail.com --- Created attachment 68273 --> https://bugs.winehq.org/attachment.cgi?id=68273 Night Watch Demo - Windows API Monitoring
I don't know if your bug is still actual,but I made API monitoring of Night Watch in Windows. I hope this will help.
https://bugs.winehq.org/show_bug.cgi?id=11121
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|https://www.fileplanet.com/ |https://web.archive.org/web |archive/p-56695/Night-Watch |/20201017090011/https://fil |-Updated-Demo/download |es.lonebullet.com/night-wat | |ch/demos/night-watch-update | |d.zip
--- Comment #22 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, obviously still present.
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files (x86)/NightWatch/Run
$ wine ./NWatch.exe ... wine: Unhandled page fault on write access to 00000000 at address 0090A810 (thread 0024), starting debugger... Unhandled exception: page fault on write access to 0x00000000 in 32-bit code (0x0090a810). Register dump: CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b EIP:0090a810 ESP:0031f99c EBP:00000000 EFLAGS:00210246( R- -- I Z- -P- ) EAX:00000000 EBX:7a3f2528 ECX:7a3f2528 EDX:0000005f ESI:7a3f2528 EDI:00000000 ... Backtrace: =>0 0x0090a810 in nwatch (+0x50a810) (0x00000000) 0x0090a810: addb %al,0x0(%eax) Modules: Module Address Debug info Name (40 modules) PE 320000- 341000 Deferred sechost PE 350000- 3a6000 Deferred setupapi PE 3b0000- 3ba000 Deferred version PE 3c0000- 3f3000 Deferred usp10 PE 400000- afc000 Export nwatch PE b00000- c22000 Deferred comctl32 PE c30000- e07000 Deferred user32 PE e10000- e79000 Deferred rpcrt4 PE e80000- e93000 Deferred imm32 PE ea0000- f85000 Deferred ole32 PE f90000- fcf000 Deferred combase PE fd0000- fff000 Deferred gdpfile PE 1000000- 1068000 Deferred lifestudioheadapi PE 1070000- 10eb000 Deferred msvcp71 PE 1160000- 1241000 Deferred oleaut32 PE 1250000- 12fc000 Deferred winmm PE 1300000- 131c000 Deferred msacm32 PE 1320000- 134d000 Deferred d3d9 PE 1350000- 13e4000 Deferred fmod PE 13f0000- 13fe000 Deferred wsock32 PE 1400000- 140c000 Deferred imagehlp PE 1410000- 146b000 Deferred dbghelp PE 1950000- 1976000 Deferred uxtheme PE 24f0000- 2506000 Deferred mmdevapi PE 2510000- 254b000 Deferred dsound PE 10000000-10031000 Deferred advapi32 PE 7a840000-7a844000 Deferred opengl32 PE 7b000000-7b099000 Deferred kernelbase PE 7b600000-7b806000 Deferred kernel32 PE 7bc00000-7bc7f000 Deferred ntdll ... Threads: process tid prio (all id:s are in hex) 00000020 (D) C:\Program Files (x86)\NightWatch\Run\NWatch.exe 00000024 0 <== ... --- snip ---
Adding links to snapshots via Internet Archive:
From: https://www.lonebullet.com/file/demos/night-watch-updated/4173
https://web.archive.org/web/20201017090011/https://files.lonebullet.com/nigh...
--- snip --- $ unzip -l night-watch-updated.zip Archive: night-watch-updated.zip Length Date Time Name --------- ---------- ----- ---- 480145214 06-22-2006 17:28 Night_Watch_DEMO_english.exe --------- ------- 480145214 1 file --- snip ---
https://web.archive.org/web/20201017090407/https://files.lonebullet.com/nigh... (pass: 'lonebullet')
Wine source:
https://source.winehq.org/git/wine.git/blob/0c249e6125fc9dc6ee86b4ef6ae0d9fa...
$ sha1sum night-watch-updated.zip d524c349bb58ea8249eb60bead58ee608de5ad31 night-watch-updated.zip
$ du -sh night-watch-updated.zip 445M night-watch-updated.zip
$ wine --version wine-5.19-167-g0c249e6125f
Regards
-
wine-bugs@winehq.org -
WineHQ Bugzilla