Re: PROT_EXEC mmap/mprotect, i386 PAE + NX broken, x86-64 2.6.17-rc2

Sat, 22 Apr 2006 05:56:40 -0700 

> > > http://devzero.co.uk/~alistair/wine/virtual.log
> >
> > Here is the culprit:
> >
> > trace:virtual:VIRTUAL_SetProt 0x462000-0x4e7fff c-rW-
> > trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x57bfff (anonymous)
> > trace:virtual:VIRTUAL_DumpView       0x400000 - 0x400fff c-r--
> > trace:virtual:VIRTUAL_DumpView       0x401000 - 0x449fff c-r-x
> > trace:virtual:VIRTUAL_DumpView       0x44a000 - 0x57bfff c-rW-
> >
> > This covers the 0x00495000 address. Note that the area lacks the x-bit.
> >
> > What is happening is likely the copy protection. The original loader is
> > likely executable, but the copyprotection decrypts the code in a
> > datasection and then executes it.
> 
> Well, I'm using a "modified" game executable which does not check for the 
> presence of a CD. However, it hooks into the original game executable so that 
> the game can validate itself. Alas, it's probably not the more pure win32 
> application known to man..
> 
> > Could you please do:
> >     winedump dump -x war3.exe
> > and put it somewhere/attach it here?
> 
> Certainly, find it here (261K):
> 
> http://devzero.co.uk/~alistair/wine/dump.log

This is the section with the entry point in:

  04 .iyhivx    VirtSize: 548864    VirtAddr:  401408   0x00062000
    raw data offs: 356352   raw data size: 548864
    relocation offs: 0         relocations:   0
    line # offs:     0         line #'s:      0
    characteristics: 0xc0000040
      INITIALIZED_DATA  MEM_READ  MEM_WRITE

It is missing the "MEM_EXECUTE" flag.

Try this patch:

Index: dlls/ntdll/virtual.c
===================================================================
RCS file: /home/wine/wine/dlls/ntdll/virtual.c,v
retrieving revision 1.88
diff -u -r1.88 virtual.c
--- dlls/ntdll/virtual.c        8 Apr 2006 18:13:41 -0000       1.88
+++ dlls/ntdll/virtual.c        22 Apr 2006 12:53:46 -0000
@@ -1072,6 +1072,12 @@
         if (sec->Characteristics & IMAGE_SCN_MEM_READ)    vprot |= VPROT_READ;
         if (sec->Characteristics & IMAGE_SCN_MEM_WRITE)   vprot |= 
VPROT_READ|VPROT_WRITECOPY;
         if (sec->Characteristics & IMAGE_SCN_MEM_EXECUTE) vprot |= VPROT_EXEC;
+
+       /* Dumb game crack let the AOEP point into a data section. Adjust. */
+        if (   (nt->OptionalHeader.AddressOfEntryPoint >= sec->VirtualAddress) 
&&
+               (nt->OptionalHeader.AddressOfEntryPoint < sec->VirtualAddress + 
size)
+       )
+               vprot |= VPROT_EXEC;
         VIRTUAL_SetProt( view, ptr + sec->VirtualAddress, size, vprot );
     }
 

Ciao, Marcus

Reply via email to