On 4/22/06, Marcus Meissner marcus@jet.franken.de wrote:
Certainly, find it here (261K):
This is the section with the entry point in:
04 .iyhivx VirtSize: 548864 VirtAddr: 401408 0x00062000 raw data offs: 356352 raw data size: 548864 relocation offs: 0 relocations: 0 line # offs: 0 line #'s: 0 characteristics: 0xc0000040 INITIALIZED_DATA MEM_READ MEM_WRITE
It is missing the "MEM_EXECUTE" flag.
Try this patch:
Index: dlls/ntdll/virtual.c
RCS file: /home/wine/wine/dlls/ntdll/virtual.c,v retrieving revision 1.88 diff -u -r1.88 virtual.c --- dlls/ntdll/virtual.c 8 Apr 2006 18:13:41 -0000 1.88 +++ dlls/ntdll/virtual.c 22 Apr 2006 12:53:46 -0000 @@ -1072,6 +1072,12 @@ if (sec->Characteristics & IMAGE_SCN_MEM_READ) vprot |= VPROT_READ; if (sec->Characteristics & IMAGE_SCN_MEM_WRITE) vprot |= VPROT_READ|VPROT_WRITECOPY; if (sec->Characteristics & IMAGE_SCN_MEM_EXECUTE) vprot |= VPROT_EXEC;
/* Dumb game crack let the AOEP point into a data section. Adjust. */if ( (nt->OptionalHeader.AddressOfEntryPoint >= sec->VirtualAddress) &&(nt->OptionalHeader.AddressOfEntryPoint < sec->VirtualAddress + size))vprot |= VPROT_EXEC; VIRTUAL_SetProt( view, ptr + sec->VirtualAddress, size, vprot );Ciao, Marcus
Here's the unmodified executable:
ftp://resnet.dnip.net/dump.txt
It has MEM_EXECUTE correctly set. I think that loader should be considered buggy.
Jesse