[Bug 37355] New: Tages Protection v5.x needs ntoskrnl 'MmMapLockedPagesSpecifyCache' implementation

classic Classic list List threaded Threaded
49 messages Options
123
Reply | Threaded
Open this post in threaded view
|

[Bug 37355] New: Tages Protection v5.x needs ntoskrnl 'MmMapLockedPagesSpecifyCache' implementation

Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

            Bug ID: 37355
           Summary: Tages Protection v5.x needs ntoskrnl
                    'MmMapLockedPagesSpecifyCache' implementation
           Product: Wine
           Version: 1.7.27
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ntoskrnl
          Assignee: [hidden email]
          Reporter: [hidden email]

Hello folks,

reported here: https://github.com/compholio/wine-compholio/issues/80

Michael Müller from FDS team:

--- quote ---
Sadly this is not enough to make the Tages copy protection happy. The issue you
are now running into is:

fixme:ntoskrnl:MmMapLockedPagesSpecifyCache (0x111988, 0, 1, (nil), 0, 32):
stub

The MmMapLockedPagesSpecifyCache command is used to map memory of a process
into the kernel, so that a kernel driver can write / read it. This is necessary
since the kernel does not share the same address space as the process. The
problem is that this command is a stub and always returns 0 as mapped address.
The Tages protection does not check for NULL pointers and tries to write to the
address resulting in:

wine: Unhandled page fault on write access to 0x00000000 at address 0x57fe27
(thread 0018), starting debugger...

The problem is that there is no way to properly implement this on Linux since
there is no way to simply map the memory of a different process if you are not
inside the kernel. Since wine is no kernel module it can only use memory of
different processes, when they explicitly create it as shared memory block.
Sadly you can not declare a memory block as shared after it was allocated, so
this does not help implementing this command.

Anyway in the case of the Tages protection we have some luck since it seems
like the process is paused (I think it was waiting for the response of the
DeviceIoControl function) while the memory is changed by the windows kernel
driver. This allows us to emulate the mapping of the memory by using
ReadProcessMemory and WriteProcessMemory. I wrote some hack to implement this,
but this only prevented the crash and made the application to exit silently. I
either made a mistake in my hack or there is still something else which
prevents it from working.
--- quote ---

Regards

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Tages Protection v5.x needs ntoskrnl 'MmMapLockedPagesSpecifyCache' implementation

Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

Anastasius Focht <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |download, obfuscation
                URL|                            |http://www.gamefront.com/fi
                   |                            |les/8448224/Fantasy-Wars-En
                   |                            |glish-Demo/
         Depends on|                            |23033

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Tages Protection v5.x needs ntoskrnl 'MmMapLockedPagesSpecifyCache' implementation

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

Michael Müller <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Tages Protection v5.x needs ntoskrnl 'MmMapLockedPagesSpecifyCache' implementation

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

lesebas <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #1 from lesebas <[hidden email]> ---
Bug confirmed too with game Attack On Pearl Harbor

wine version : 1.7.27 (compholio)
system Achlinux x86_64

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Tages Protection v5.x needs ntoskrnl 'MmMapLockedPagesSpecifyCache' implementation

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

--- Comment #2 from Michael Müller <[hidden email]> ---
Created attachment 49677
  --> https://bugs.winehq.org/attachment.cgi?id=49677
Hack to emulate mapping of process memory into ntoskrnl

Hi,

I just found my old hack to work around this problem. It uses ReadProcessMemory
and WriteProcessMemory to emulate the mapping of the memory block. There was
also a similar approach on the mailing list quite some time ago.

Regards,
Michael

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Tages Protection v5.x needs ntoskrnl 'MmMapLockedPagesSpecifyCache' implementation

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

--- Comment #3 from lesebas <[hidden email]> ---
Great... is there any way to test it or do you have to work forward to make it
works with tages v5.x ?

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Tages Protection v5.x needs ntoskrnl 'MmMapLockedPagesSpecifyCache' implementation

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

--- Comment #4 from Michael Müller <[hidden email]> ---
Even with this patch applied, you will run into Bug 37356 which is much harder
to fix since Wine does not support layered drivers and there is no workaround
for this problem. Wine handles drivers completely wrong compared to Windows and
there is a lot of code missing to properly support these kind of drivers.

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Tages Protection v5.x needs ntoskrnl 'MmMapLockedPagesSpecifyCache' implementation

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

Marc Bessières <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #5 from Marc Bessières <[hidden email]> ---
Hello,

For reference Operation Matriarchy FR version, protected by Tages v5.5.0
obviously suffers from the same bug.


21:11:45 | C:\Program Files\Buka\Operation Matriarchy\GAME.EXE | Tages v5.5.0 |
protection level: Tages BASIC
21:11:45 | C:\Program Files\Buka\Operation Matriarchy\unins000.exe | Inno Setup
v5.0.4 Module | Possible CD/DVD-Key or Serial Check
In a 32bit prefix.

--- snip ---
> pwd
/home/guest/wine32/OperationMatriarchy/drive_c/Program Files/Buka/Operation
Matriarchy
> WINEDEBUG=+relay,+tid,+seh wine GAME.EXE >> log 2>&1

0018:fixme:ntoskrnl:IoGetCurrentProcess () stub
0018:Ret  ntoskrnl.exe.IoAllocateMdl() retval=0011ade0 ret=0054038f
0018:Call ntoskrnl.exe.MmProbeAndLockPages(0011ade0,00000001,00000001)
ret=005403ae
0018:fixme:ntoskrnl:MmProbeAndLockPages (0x11ade0, 1, 1): stub
0018:Ret  ntoskrnl.exe.MmProbeAndLockPages() retval=0000003f ret=005403ae
0018:Call
ntoskrnl.exe.MmMapLockedPagesSpecifyCache(0011ade0,00000000,00000001,00000000,00000000,00000020)
ret=00566a9c
0018:fixme:ntoskrnl:MmMapLockedPagesSpecifyCache (0x11ade0, 0, 1, (nil), 0,
32): stub
0018:Ret  ntoskrnl.exe.MmMapLockedPagesSpecifyCache() retval=00000000
ret=00566a9c
0018:trace:seh:raise_exception code=c0000005 flags=0 addr=0x566a9c ip=00566a9c
tid=0018
0018:trace:seh:raise_exception  info[0]=00000001
0018:trace:seh:raise_exception  info[1]=00000000
0018:trace:seh:raise_exception  eax=00000000 ebx=00000000 ecx=0053e738
edx=0053ef3c esi=0011ade0 edi=00000000
0018:trace:seh:raise_exception  ebp=0053e748 esp=0053e6fc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0018:trace:seh:call_vectored_handlers calling handler at 0x7ed77d80
code=c0000005 flags=0
0018:trace:seh:call_vectored_handlers handler at 0x7ed77d80 returned 0
0018:trace:seh:call_stack_handlers calling handler at 0x562244 code=c0000005
flags=0
0018:trace:seh:call_stack_handlers handler at 0x562244 returned 1
0018:trace:seh:call_stack_handlers calling handler at 0x7bc98960 code=c0000005
flags=0
0018:Call KERNEL32.UnhandledExceptionFilter(0053e248) ret=7bc989a5
wine: Unhandled page fault on write access to 0x00000000 at address 0x566a9c
(thread 0018), starting debugger...
--- snip ---

> sha1sum GAME.EXE
09caa98d3fc035c18b9d7ed3837293cceb9c00a2  GAME.EXE
>> du -sh GAME.EXE
616K    GAME.EXE
> wine --version
wine-1.7.35
>

Cheers,
Marc

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Tages Protection v5.x needs ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

[hidden email] changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #6 from [hidden email] ---
Download dead.

I am not aware that this would have been fixed so far.

wine 1.9.12

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Tages Protection v5.x needs ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

mirh <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #7 from mirh <[hidden email]> ---
https://gamefront.online/files/8448224/FantasyWars_Demo_EN.exe
http://www.gamershell.com/download_20855.shtml
https://www.gamepressure.com/download.asp?ID=17083

Working mirrors

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Tages Protection v5.x needs ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

hadim <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Tages Protection v5.x needs ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

Robert Walker <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys')

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

Anastasius Focht <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Depends on|23033                       |
            Summary|Tages Protection v5.x needs |Multiple software
                   |ntoskrnl                    |protection schemes need
                   |'MmMapLockedPagesSpecifyCac |ntoskrnl
                   |he' implementation          |'MmMapLockedPagesSpecifyCac
                   |                            |he' implementation (Tages
                   |                            |Protection v5.x,
                   |                            |BattleEye's 'bedaisy.sys')
           Keywords|                            |patch

--- Comment #8 from Anastasius Focht <[hidden email]> ---
Hello folks,

refining summary.

Also needed by 'BEDaisy.sys' kernel driver, part of Battleye.
Small client to reproduce: http://static.tibia.com/download/Tibia_Setup.exe

Tidbit: The kernel driver is heavily obfuscated.

--- snip ---
...
0048:trace:ntoskrnl:IoCreateDriver (L"\\Driver\\BEDaisy", 0x7effb1c0)
...
0048:trace:winedevice:load_driver loading driver L"C:\\Program Files\\Common
Files\\BattlEye\\BEDaisy.sys"
...
0048:trace:loaddll:load_builtin_dll Loaded L"C:\\windows\\system32\\fltmgr.sys"
at 0xf75d0000: builtin
0048:trace:loaddll:load_builtin_dll Loaded L"C:\\windows\\system32\\hal.dll" at
0xf7330000: builtin
0048:trace:loaddll:load_native_dll Loaded L"C:\\Program Files\\Common
Files\\BattlEye\\BEDaisy.sys" at 0x780000: native
...
0048:Ret  KERNEL32.LoadLibraryW() retval=00780000 ret=7effaa60
...
0048:trace:winedevice:load_driver_module L"C:\\Program Files\\Common
Files\\BattlEye\\BEDaisy.sys": relocating from 0x400000 to 0x780000
...
0048:Call driver init 0x7fdf6e
(obj=0x11cb70,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\BEDaisy")
0048:Call
ntoskrnl.exe.IoAllocateMdl(00780000,00040409,00000000,00000000,00000000)
ret=0080bf37
0048:trace:ntoskrnl:IoAllocateMdl (0x780000, 263177, 0, 0, (nil))
0048:Call ntdll.RtlAllocateHeap(00110000,00000008,00000120) ret=7ece03cc
0048:Ret  ntdll.RtlAllocateHeap() retval=0011cd28 ret=7ece03cc
0048:Ret  ntoskrnl.exe.IoAllocateMdl() retval=0011cd28 ret=0080bf37
0048:Call ntoskrnl.exe.MmProbeAndLockPages(0011cd28,00000000,00000001)
ret=0080bf37
0048:fixme:ntoskrnl:MmProbeAndLockPages (0x11cd28, 0, 1): stub
0048:Ret  ntoskrnl.exe.MmProbeAndLockPages() retval=0000003f ret=0080bf37
0048:Call
ntoskrnl.exe.MmMapLockedPagesSpecifyCache(0011cd28,00000000,00000000,00000001,00000000,00000000)
ret=0080bf37
0048:fixme:ntoskrnl:MmMapLockedPagesSpecifyCache (0x11cd28, 0, 0, 0x1, 0, 0):
stub
0048:Ret  ntoskrnl.exe.MmMapLockedPagesSpecifyCache() retval=00000000
ret=0080bf37
0048:trace:seh:raise_exception code=c0000005 flags=0 addr=0x809c6a ip=00809c6a
tid=0048
0048:trace:seh:raise_exception  info[0]=00000001
0048:trace:seh:raise_exception  info[1]=00001000
0048:trace:seh:raise_exception  eax=007fbae9 ebx=00000001 ecx=00000000
edx=007fba80 esi=0080117d edi=00001000
0048:trace:seh:raise_exception  ebp=0065f464 esp=0065f35c cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010203
0048:trace:seh:call_vectored_handlers calling handler at 0x7ecddf85
code=c0000005 flags=0
0048:trace:seh:call_vectored_handlers handler at 0x7ecddf85 returned 0
0048:trace:seh:call_stack_handlers calling handler at 0x7bcaf67c code=c0000005
flags=0
...
--- snip ---

NOTE: There is a problem (regression?) with service state/transition handling
causing the kernel driver service not started by helper service. When the
window "Starting Battleye service..." shows up, you need to issue 'wine net
stop BEService' command from another console and wait a bit. The app will
detect this and restart the helper service which in turn will start the kernel
service.

$ sha1sum Tibia_Setup.exe
50951008ccc402cc32407bfc56a88da873e3e9bd  Tibia_Setup.exe

$ du -sh Tibia_Setup.exe
5.2M    Tibia_Setup.exe

$ wine --version
wine-3.1-193-g354fa7eb79

Regards

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys')

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

Anastasius Focht <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |44496

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys')

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

Adam Bolte <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys')

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

[hidden email] changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #9 from [hidden email] ---
I have no experience in wine development, but I do not understand why Linux
would need a kernel driver to implement this funtion.  Doesn't everything run
under wine run in userspace?

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys')

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

--- Comment #10 from mirh <[hidden email]> ---
Because these programs have their own kernel drivers, which require kernel
functions to be implemented to work.

Then it doesn't mean this has to interfere with actual linux kernel.

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys')

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

--- Comment #11 from Anastasius Focht <[hidden email]> ---
Hello Derek,

--- quote ---
I have no experience in wine development, but I do not understand why Linux
would need a kernel driver to implement this funtion.  Doesn't everything run
under wine run in userspace?
--- quote ---

the term 'kernel driver' refers to the Windows terminology.
Unless explicitly stated otherwise, Windows terminology is used when talking
about technologies, software architecture etc.
There exist kernel and userspace drivers on Windows. Nowadays MS provides
Kernel-Mode Driver Framework (KMDF) and User-Mode Driver Framework (UMDF) to
ease development.

Under Wine the kernel driver PE binaries are mapped in userspace into
'winedevice' hosting process (Windows has a similar concept of a host process
for usermode drivers), and the code is executed in user mode like any other
Linux process. That's how Wine works by design.

This is in contrast to the 'ReactOS' project (https://www.reactos.org/) where
these kernel drivers are running in kernel space/mode, exactly as in Windows.

There is another project called 'Longene' which claims to be a hybrid, that is
providing infrastructure in Linux kernel to run Windows kernel drivers indeed
in Linux kernel address space (https://en.wikipedia.org/wiki/Longene).
That project was ill-fated from start (disclaimer: personal opinion) and seems
abandoned now.

Regards

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys')

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

--- Comment #12 from Anastasius Focht <[hidden email]> ---
Hello folks,

'Secret Files: Tunguska' game demo from bug 39500 has same problem (Tages
Protection v5.x).

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files/Deep Silver/Secret Files Tunguska Demo

$ WINEDEBUG=+seh,+relay,+ntoskrnl,+hal wine ./Tunguska.exe >>log.txt 2>&1
...
0009:Call KERNEL32.CreateFileA(0034a8ac
"\\\\.\\atksgt",c0000000,00000000,00000000,00000003,40000000,00000000)
ret=009c7f6e
0009:Ret  KERNEL32.CreateFileA() retval=00000040 ret=009c7f6e
0009:Call
KERNEL32.DeviceIoControl(00000040,0022e40b,0034a9d0,00000005,00000000,00000000,0034a9cc,00000000)
ret=009c7fbc
0017:Ret  KERNEL32.WaitForMultipleObjectsEx() retval=00000001 ret=7eccbcec
...
0017:trace:ntoskrnl:dispatch_ioctl ioctl 22e40b device 0x120a98 file 0x11c9c0
in_size 5 out_size 0
0017:trace:ntoskrnl:IoBuildDeviceIoControlRequest 22e40b, 0x120a98, 0x11b948,
5, (nil), 0, 0, (nil), (nil)
0017:trace:ntoskrnl:IoAllocateIrp 1, 0
0017:Call ntdll.RtlAllocateHeap(00110000,00000000,00000094) ret=7ecce269
0017:Ret  ntdll.RtlAllocateHeap() retval=0011ccd0 ret=7ecce269
0017:trace:ntoskrnl:ExAllocatePoolWithTag 148 pool 0 -> 0x11ccd0
0017:trace:ntoskrnl:IoInitializeIrp 0x11ccd0, 148, 1
0017:Call ntdll.NtGetTickCount() ret=7ecceb82
0017:Ret  ntdll.NtGetTickCount() retval=0051e61a ret=7ecceb82
0017:Call driver dispatch 0x7bfc40 (device=0x120a98,irp=0x11ccd0)
0017:Call
ntoskrnl.exe.IoAllocateMdl(0011b948,00000005,00000000,00000000,00000000)
ret=0078038f
0017:trace:ntoskrnl:IoAllocateMdl (0x11b948, 5, 0, 0, (nil))
0017:Call ntdll.RtlAllocateHeap(00110000,00000008,00000020) ret=7eccc39c
0017:Ret  ntdll.RtlAllocateHeap() retval=0011cab0 ret=7eccc39c
0017:Ret  ntoskrnl.exe.IoAllocateMdl() retval=0011cab0 ret=0078038f
0017:Call ntoskrnl.exe.MmProbeAndLockPages(0011cab0,00000001,00000001)
ret=007803ae
0017:fixme:ntoskrnl:MmProbeAndLockPages (0x11cab0, 1, 1): stub
0017:Ret  ntoskrnl.exe.MmProbeAndLockPages() retval=0000003f ret=007803ae
0017:Call
ntoskrnl.exe.MmMapLockedPagesSpecifyCache(0011cab0,00000000,00000001,00000000,00000000,00000020)
ret=007bfe27
0017:fixme:ntoskrnl:MmMapLockedPagesSpecifyCache (0x11cab0, 0, 1, (nil), 0,
32): stub
0017:Ret  ntoskrnl.exe.MmMapLockedPagesSpecifyCache() retval=00000000
ret=007bfe27
0017:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7bfe27 ip=007bfe27
tid=0017
0017:trace:seh:raise_exception  info[0]=00000001
0017:trace:seh:raise_exception  info[1]=00000000
0017:trace:seh:raise_exception  eax=00000000 ebx=00000005 ecx=0054fc08
edx=00552f54 esi=00000000 edi=0011cab0
0017:trace:seh:raise_exception  ebp=0054fc18 esp=0054fbbc cs=0023 ds=002b
es=002b fs=0063 gs=006b flags=00010202
0017:trace:seh:call_vectored_handlers calling handler at 0x7ecc9f55
code=c0000005 flags=0
--- snip ---

Disassembly shows access to starting (virtual) address of the mapped pages:

--- snip ---
...
007BFE16  PUSH 20
007BFE18  PUSH 0
007BFE1A  PUSH 0
007BFE1C  PUSH 1
007BFE1E  PUSH 0
007BFE20  PUSH EDI
007BFE21  CALL DWORD PTR DS:[<&ntoskrnl.MmMapLockedPagesSpecifyCache>]
007BFE27  MOV WORD PTR DS:[EAX],5       ; *boom*
007BFE2C  MOV WORD PTR DS:[EAX+2],5
007BFE32  MOV BYTE PTR DS:[EAX+4],1
007BFE36  PUSH EDI
007BFE37  CALL DWORD PTR DS:[<&ntoskrnl.MmUnlockPages>]
007BFE3D  PUSH EDI
007BFE3E  CALL DWORD PTR DS:[<&ntoskrnl.IoFreeMdl>]
007BFE44  MOV EDX,DWORD PTR SS:[EBP+C]
007BFE47  MOV DWORD PTR DS:[EDX+1C],0
007BFE4E  JMP atksgt.007C0333
...
--- snip ---

MSDN:
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/wdm/nf-wdm-mmmaplockedpagesspecifycache

There is a Wine-Staging patchset for ntoskrnl.exe MmMapLockedPages and
MmUnmapLockedPages:

https://github.com/wine-staging/wine-staging/blob/master/patches/ntoskrnl-Stubs/0009-ntoskrnl.exe-Implement-MmMapLockedPages-and-MmUnmapL.patch

The variants that allow to specify cache attributes can benefit from them or
the other way around (should maybe go to Wine-Staging first).
In general these stubs should be separated by topic to be tracked by individual
tickets.

$ sha1sum secretfilestunguskademo.exe
dud081e71f3c0e6f01ed85185afaf938fe43031df6  secretfilestunguskademo.exe

$ du -sh secretfilestunguskademo.exe
575M    secretfilestunguskademo.exe

$ wine --version
wine-3.2-293-g0a72708126

Regards

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


Reply | Threaded
Open this post in threaded view
|

[Bug 37355] Multiple software protection schemes need ntoskrnl ' MmMapLockedPagesSpecifyCache' implementation (Tages Protection v5.x, BattleEye's 'bedaisy.sys')

Wine - Bugs mailing list
In reply to this post by Wine - Bugs mailing list
https://bugs.winehq.org/show_bug.cgi?id=37355

Zebediah Figura <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]

--- Comment #13 from Zebediah Figura <[hidden email]> ---
IF those staging patches are sufficient to fix the problem, it would be nice to
mark this bug STAGED.

--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.


123