https://bugs.winehq.org/show_bug.cgi?id=44704
Bug ID: 44704 Summary: Screenhero installer runs into crash window (Access Violation) Product: Wine Version: 3.3 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: xerox.xerox2000x@gmail.com Distribution: ---
The Screenhero installer runs into a crash window (Access Violation) while calling FormatMessageW with id 0x800b0109 which apparently is CERT_E_UNTRUSTEDROOT
I don`t know where this error comes from but with the patch it gets further to install all files***, though there`s still a crash in the end.
Patch is at:
https://bugs.winehq.org/attachment.cgi?id=60704&action=diff
***: It also suffers from bug 34989, so you need workaround from here to avoid a hang: https://bugs.winehq.org/attachment.cgi?id=60702&action=diff
https://bugs.winehq.org/show_bug.cgi?id=44704
Louis Lenders xerox.xerox2000x@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://www.chip.de/download | |s/Screenhero_61116661.html
--- Comment #1 from Louis Lenders xerox.xerox2000x@gmail.com --- added downloadlink
https://bugs.winehq.org/show_bug.cgi?id=44704
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Installer Summary|Screenhero installer runs |Screenhero 0.14.x installer |into crash window (Access |crashes after PE digital |Violation) |signature validation | |failure (message id | |0x800b0109, | |CERT_E_UNTRUSTEDROOT not | |found) CC| |focht@gmx.net
--- Comment #2 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming.
The installer requires (install blockers):
* .NET Framework 4.0 * Windows 7 setting
--- snip --- $ WINEDEBUG=+seh,+relay,+crypt,+wintrust wine ./Screenhero014-Latest-setup.exe
log.txt 2>&1
... 0058:Call shell32.ShellExecuteExW(00bef2bc) ret=004a6182 ... 0058:Call KERNEL32.CreateProcessW(00000000,00bedf7c L""Z:\home\focht\Downloads\Screenhero014-Latest-setup.exe" /i "C:\users\focht\Application Data\Screenhero, Inc\Screenhero 0.14.3000\install\Screenhero-0.14.3000-setup.msi" /L*V "C:\users\focht\Application Data\Screenhero, Inc.\screenhero-setup.log" EXECUTEACTION="INSTALL" SECOND"...,00000000,00000000,00000000,00000410,00000000,00000000,00beda50,00beda40) ret=7e7f68d4 ... 0061:Call KERNEL32.__wine_kernel_init() ret=7bc6b4c9 0058:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7e7f68d4 ... 0058:Ret shell32.ShellExecuteExW() retval=00000001 ret=004a6182 ... 0061:Call msi.MsiEnableLogW(00001f9f,005a70d8 L"C:\users\focht\Application Data\Screenhero, Inc.\screenhero-setup.log",00000000) ret=004a7c8a ... 0061:Call msi.MsiOpenPackageW(005a6ff0 L"C:\users\focht\Application Data\Screenhero, Inc\Screenhero 0.14.3000\install\Screenhero-0.14.3000-setup.msi",0033f67c) ret=004a84e8 ... 0061:Ret msi.MsiOpenPackageW() retval=00000000 ret=004a84e8 ... 0061:Call msi.MsiGetFileSignatureInformationW(005acb58 L"Z:\home\focht\Downloads\Screenhero014-Latest-setup.exe",00000001,0033f0a0,00000000,00000000) ret=004a5429 ... 0061:trace:wintrust:WINTRUST_GetSignedMsgFromPEFile (0x1875f8 0x168cf0 0 0x33ed30 0x187c10) ... 0061:Call imagehlp.ImageGetCertificateData(00000088,00000000,00189818,0033ebbc) ret=7cd889fa ... 0061:Ret imagehlp.ImageGetCertificateData() retval=00000001 ret=7cd889fa ... 0061:trace:crypt:check_and_store_certs Added 148 root certificates ... 0061:trace:crypt:CertVerifyCertificateChainPolicy returning 1 (800b0109) 0061:Ret crypt32.CertVerifyCertificateChainPolicy() retval=00000001 ret=7cd920e1 0061:trace:wintrust:SoftpubAuthenticode returning 1 (800b0109) 0061:Ret wintrust.SoftpubAuthenticode() retval=00000001 ret=7cd92eba 0061:trace:wintrust:WINTRUST_DefaultVerify returning 800b0109 0061:trace:wintrust:WinVerifyTrust returning 800b0109 0061:Ret wintrust.WinVerifyTrustEx() retval=800b0109 ret=7ce684db 0061:Call wintrust.WinVerifyTrustEx(ffffffff,7cf4736c,0033efa4) ret=7ce685cc 0061:trace:wintrust:WinVerifyTrust (0xffffffff, {00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0x33efa4) 0061:trace:wintrust:dump_wintrust_data 0x33efa4 0061:trace:wintrust:dump_wintrust_data cbStruct: 52 0061:trace:wintrust:dump_wintrust_data pPolicyCallbackData: (nil) 0061:trace:wintrust:dump_wintrust_data pSIPClientData: (nil) 0061:trace:wintrust:dump_wintrust_data dwUIChoice: 2 0061:trace:wintrust:dump_wintrust_data fdwRevocationChecks: 00000001 0061:trace:wintrust:dump_wintrust_data dwUnionChoice: 1 0061:trace:wintrust:dump_file_info 0x33ef94 0061:trace:wintrust:dump_file_info cbStruct: 16 0061:trace:wintrust:dump_file_info pcwszFilePath: L"Z:\home\focht\Downloads\Screenhero014-Latest-setup.exe" 0061:trace:wintrust:dump_file_info hFile: 0x88 0061:trace:wintrust:dump_file_info pgKnownSubject: (null) 0061:trace:wintrust:dump_wintrust_data dwStateAction: 2 0061:trace:wintrust:dump_wintrust_data hWVTStateData: 0x168cb8 0061:trace:wintrust:dump_wintrust_data pwszURLReference: (null) 0061:trace:wintrust:dump_wintrust_data dwProvFlags: 00000000 0061:trace:wintrust:dump_wintrust_data dwUIContext: 1 0061:trace:wintrust:WINTRUST_DefaultClose (0xffffffff, {00aac56b-cd44-11d0-8cc2-00c04fc295ee}, 0x33efa4) ... 0061:trace:wintrust:WINTRUST_DefaultClose returning 00000000 0061:trace:wintrust:WinVerifyTrust returning 00000000 0061:Ret wintrust.WinVerifyTrustEx() retval=00000000 ret=7ce685cc 0061:Ret msi.MsiGetFileSignatureInformationW() retval=800b0109 ret=004a5429 0061:Call KERNEL32.FormatMessageW(00001300,00000000,800b0109,00000400,0033f048,00000000,00000000) ret=004a6951 0061:Ret KERNEL32.FormatMessageW() retval=00000000 ret=004a6951 0061:trace:seh:raise_exception code=c0000005 flags=0 addr=0x4c04be ip=004c04be tid=0061 0061:trace:seh:raise_exception info[0]=00000000 0061:trace:seh:raise_exception info[1]=00000000 0061:trace:seh:raise_exception eax=00000000 ebx=00000000 ecx=0033f0b0 edx=0000013d esi=0033f0b0 edi=0033f0b0 0061:trace:seh:raise_exception ebp=0033f018 esp=0033f018 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00010206 ... --- snip ---
ProtectionID scan:
--- snip --- -=[ ProtectionID v0.6.9.0 DECEMBER]=- (c) 2003-2017 CDKiLLER & TippeX Build 24/12/17-21:05:42 Ready... Scanning -> Z:\home\focht\Downloads\Screenhero014-Latest-setup.exe File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 29436312 (01C12998h) Byte(s) | Machine: 0x14C (I386) Compilation TimeStamp : 0x5321B4DE -> Thu 13th Mar 2014 13:38:38 (GMT) [TimeStamp] 0x5321B4DE -> Thu 13th Mar 2014 13:38:38 (GMT) | PE Header | - | Offset: 0x00000100 | VA: 0x00400100 | - [TimeStamp] 0x5321B4DE -> Thu 13th Mar 2014 13:38:38 (GMT) | DebugDirectory | - | Offset: 0x000F8854 | VA: 0x004F9854 | - -> File Appears to be Digitally Signed @ Offset 01C10D98h, size : 01C00h / 07168 byte(s) -> File has 27769752 (01A7BB98h) bytes of appended data starting at offset 0195200h [LoadConfig] Struct determined as v8 (Expected size 140 | Actual size 64) [!] Executable uses SEH Tables (/SAFESEH) (1411 calculated 1411 recorded... 0 invalid addresses) [LoadConfig] CodeIntegrity -> Flags 0x1 | Catalog 0x0 (0) | Catalog Offset 0x425C3A44 | Reserved 0x636E6172 [LoadConfig] GuardAddressTakenIatEntryTable 0x5C494168 | Count 0x5C6E6977 (1550739831) [LoadConfig] GuardLongJumpTargetTable 0x656C6552 | Count 0x5C657361 (1550152545) [LoadConfig] HybridMetadataPointer 0x62757473 | DynamicValueRelocTable 0x38785C73 [LoadConfig] FailFastIndirectProc 0x78455C36 | FailFastPointer 0x6E726574 [LoadConfig] UnknownZero1 0x69556C61 [File Heuristics] -> Flag #1 : 00000100000001001101000000000100 (0x0404D004) [Entrypoint Section Entropy] : 6.63 (section #0) ".text " | Size : 0xF7A5E (1014366) byte(s) [DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA [SectionCount] 5 (0x5) | ImageSize 0x19E000 (1695744) byte(s) [VersionInfo] Company Name : Screenhero. Inc. [VersionInfo] Product Name : Screenhero [VersionInfo] Product Version : 0.14.3000 [VersionInfo] File Description : This installer database contains the logic and data required to install Screenhero. [VersionInfo] File Version : 0.14.3000 [VersionInfo] Original FileName : Screenhero-0.14.3000-setup.exe [VersionInfo] Internal Name : Screenhero-0.14.3000-setup [VersionInfo] Legal Copyrights : Copyright (C) 2014 Screenhero. Inc. [ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | GDI32.dll | ADVAPI32.dll | SHELL32.dll | ole32.dll | OLEAUT32.dll | dbghelp.dll | SHLWAPI.dll | COMCTL32.dll | MSIMG32.dll | VERSION.dll | NETAPI32.dll | COMDLG32.dll [ModuleReport] [DelayImport] Modules -> msi.dll | gdiplus.dll | UxTheme.dll | WININET.dll | dwmapi.dll [Debug Info] (record 1 of 1) (file offset 0xF8850) Characteristics : 0x0 | TimeDateStamp : 0x5321B4DE (Thu 13th Mar 2014 13:38:38 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0) Type : 2 (0x2) -> CodeView | Size : 0x49 (73) AddressOfRawData : 0x114540 | PointerToRawData : 0x113540 CvSig : 0x53445352 | SigGuid 1309F411-C7D7-4635-9AD68613C1162104 Age : 0x1 (1) | Pdb : D:\BranchAI\win\Release\stubs\x86\ExternalUi.pdb [-= Installer =-] Advanced Installer Module ! [CompilerDetect] -> Visual C++ 9.0 (Visual Studio 2008) - Scan Took : 0.752 Second(s) [0000002F0h (752) tick(s)] [566 of 580 scan(s) done] ... --- snip ---
Using Sigcheck v2.60 tool:
https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
--- snip --- $ wine ./sigcheck.exe -a -i ./Screenhero014-Latest-setup.exe
Sigcheck v2.60 - File version and signature viewer Copyright (C) 2004-2017 Mark Russinovich Sysinternals - www.sysinternals.com
... Z:\home\focht\Downloads\Screenhero014-Latest-setup.exe: Verified: Error -2146762487 (0x800b0109) Link date: 2:38 PM 3/13/2014 Signing date: 6:21 PM 3/10/2018 Publisher: n/a Company: Screenhero, Inc. Description: This installer database contains the logic and data required to install Screenhero. Product: Screenhero Prod version: 0.14.3000 File version: 0.14.3000 MachineType: 32-bit Binary Version: 0.14.3000.0 Original Name: Screenhero-0.14.3000-setup.exe Internal Name: Screenhero-0.14.3000-setup Copyright: Copyright (C) 2014 Screenhero, Inc. Comments: n/a Entropy: 7.945 --- snip ---
I guess the signature validation succeeds on Windows? Might be interesting to see the output with 'Sigcheck' tool on the installer from Windows.
Anyway, there are two bugs: the signature verification should succeed and the missing message id.
$ sha1sum Screenhero014-Latest-setup.exe ae1f5edb400bf7dd93a6730d272d8c1655302ae9 Screenhero014-Latest-setup.exe
$ du -sh Screenhero014-Latest-setup.exe 29M Screenhero014-Latest-setup.exe
$ wine --version wine-3.3-128-gdfde119538
Regards
https://bugs.winehq.org/show_bug.cgi?id=44704
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |44718
https://bugs.winehq.org/show_bug.cgi?id=44704
--- Comment #3 from Louis Lenders xerox.xerox2000x@gmail.com --- Created attachment 60721 --> https://bugs.winehq.org/attachment.cgi?id=60721 screenshot from Sigcheck on Windows (7)
I guess the signature validation succeeds on Windows? Might be interesting to see the output with 'Sigcheck' tool on the installer
See screenshot
https://bugs.winehq.org/show_bug.cgi?id=44704
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.chip.de/download |https://web.archive.org/web |s/Screenhero_61116661.html |/20210318182049/https://sec | |uredl.cdn.chip.de/downloads | |/19010186/Screenhero014-Lat | |est-setup.exe
--- Comment #4 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
Adding stable download via Internet Archive:
https://web.archive.org/web/20210318182049/https://securedl.cdn.chip.de/down...
Using Linux 'osslsigncode' tool to dump Windows Authenticode signatures:
--- snip --- $ osslsigncode verify Screenhero014-Latest-setup.exe
Current PE checksum : 01C149D2 Calculated PE checksum: 01C149D2
Signature Index: 0 (Primary Signature) Message digest algorithm : SHA1 Current message digest : D13ABCA180D6C73FDB795872D4FC7D8CCB5D34AE Calculated message digest : D13ABCA180D6C73FDB795872D4FC7D8CCB5D34AE
Signer's certificate: Signer #0: Subject: /C=US/postalCode=94043/ST=CA/L=Mountain View/street=# 32/street=1950 Montecito Ave/O=Screenhero, Inc./CN=Screenhero, Inc. Issuer : /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Code Signing CA 2 Serial : 05E48E72C7BF74E7341D23FF8DA7AF27 Certificate expiration date: notBefore : Feb 18 00:00:00 2014 GMT notAfter : Feb 17 23:59:59 2017 GMT
Number of certificates: 5 Signer #0: Subject: /C=US/O=Symantec Corporation/CN=Symantec Time Stamping Services CA - G2 Issuer : /C=ZA/ST=Western Cape/L=Durbanville/O=Thawte/OU=Thawte Certification/CN=Thawte Timestamping CA Serial : 7E93EBFB7CC64E59EA4B9A77D406FC3B Certificate expiration date: notBefore : Dec 21 00:00:00 2012 GMT notAfter : Dec 30 23:59:59 2020 GMT ------------------ Signer #1: Subject: /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Object Issuer : /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Object Serial : 44BE0C8B500024B411D3362DE0B35F1B Certificate expiration date: notBefore : Jul 9 18:31:20 1999 GMT notAfter : Jul 9 18:40:36 2019 GMT ------------------ Signer #2: Subject: /C=US/O=Symantec Corporation/CN=Symantec Time Stamping Services Signer - G4 Issuer : /C=US/O=Symantec Corporation/CN=Symantec Time Stamping Services CA - G2 Serial : 0ECFF438C8FEBF356E04D86A981B1A50 Certificate expiration date: notBefore : Oct 18 00:00:00 2012 GMT notAfter : Dec 29 23:59:59 2020 GMT ------------------ Signer #3: Subject: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Code Signing CA 2 Issuer : /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Object Serial : 10709D4FF55408D7306001D8EA9175BB Certificate expiration date: notBefore : Aug 24 00:00:00 2011 GMT notAfter : May 30 10:48:38 2020 GMT ------------------ Signer #4: Subject: /C=US/postalCode=94043/ST=CA/L=Mountain View/street=# 32/street=1950 Montecito Ave/O=Screenhero, Inc./CN=Screenhero, Inc. Issuer : /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Code Signing CA 2 Serial : 05E48E72C7BF74E7341D23FF8DA7AF27 Certificate expiration date: notBefore : Feb 18 00:00:00 2014 GMT notAfter : Feb 17 23:59:59 2017 GMT
The signature is timestamped: Jul 7 20:24:23 2014 GMT Hash Algorithm: sha1 Timestamp Verified by: Issuer : /C=US/O=Symantec Corporation/CN=Symantec Time Stamping Services CA - G2 Serial : 0ECFF438C8FEBF356E04D86A981B1A50
CAfile: /etc/pki/tls/certs/ca-bundle.crt TSA's certificates file: /etc/pki/tls/certs/ca-bundle.crt CRL distribution point: http://crl.comodoca.com/COMODOCodeSigningCA2.crl
CMS_verify error 140565580489216:error:2E099064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:crypto/cms/cms_smime.c:252:Verify error:unable to get local issuer certificate Timestamp Server Signature verification: failed
PKCS7_verify error 140565580489216:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:crypto/pkcs7/pk7_smime.c:284:Verify error:self signed certificate in certificate chain Signature verification: failed
Number of verified signatures: 1 Failed --- snip ---
All of the certs in the chain are expired now (equivalent to CERT_TRUST_IS_NOT_TIME_VALID) but that shouldn't matter, it should still pass.
$ wine --version wine-6.4-118-g2828d0820a1
Regards
-
wine-bugs@winehq.org -
WineHQ Bugzilla