WineHQ
Bug Tracking Database – Bug 2770

 Bugzilla

 

Last modified: 2013-11-15 13:39:41 UTC  

Powerbullet Presenter 1.44: Powerbullet.dll registration fails (Armadillo v4.x software protection fails at checkpoint L5, error 0x17)

First Last Prev Next    This bug is not in your last search results.
Bug 2770 - Powerbullet Presenter 1.44: Powerbullet.dll registration fails (Armadillo v4.x software protection fails at checkpoint L5, error 0x17)
Powerbullet Presenter 1.44: Powerbullet.dll registration fails (Armadillo v4....
Status: CLOSED FIXED
AppDB: Show Apps affected by this bug
Product: Wine
Classification: Unclassified
Component: ntdll
0.9.9.
x86 Linux
: P2 normal
: ---
Assigned To: Mr. Bugs
http://powerbullet.com/download.php
: download, Installer, obfuscation, patch
: 24886 (view as bug list)
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2005-03-02 13:07 UTC by miguipda
Modified: 2013-11-15 13:39 UTC (History)
7 users (show)

See Also:
Regression SHA1:
Fixed by SHA1: 3d759a0c69732721fab2881e484bf716c196dfe3
Distribution: ---
Staged patchset:

Attachments
Returned error msg after installation (exe file) (12.49 KB, image/png)
2005-07-22 10:15 UTC, miguipda 		Details
disregard this (11.31 KB, application/x-gzip)
2008-01-10 07:44 UTC, Jeff Zaroyko 		Details
Error window (1.45 KB, image/png)
2009-06-24 17:53 UTC, Jake Smith 		Details
PowerBullet 1.35 +ole,+relay,+seh,+tid trace (lzma compressed) (878.57 KB, application/x-lzma)
2009-11-24 18:48 UTC, Andrew Nguyen 		Details
ntdll: NtAllocateVirtualMemory should fail to commit if an address range is already committed for a memory mapped file. (667 bytes, text/plain)
2013-06-25 02:30 UTC, Dmitry Timoshkov 		Details
Show Obsolete (1) View All Add an attachment (back traces, logs, proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description miguipda 2005-03-02 13:07:40 UTC 
Could you please solve wine to be able to run this apps
powerbullet (flash application on : http://powerbullet.com/download.html)

Bye
Comment 1 miguipda 2005-03-05 04:42:36 UTC 
This flash tool (powerbullet 1.44 : http://powerbullet.com/download.html) can 
be install with wine but can't run when installed.  
 
Please, please, please... 
Help us to be able to use it under linux (or may be could you contact the 
programmer to propose him to develop it under linux as a source file...) 
 
Sincerely thanks. 
 
Have a nice day.
Comment 2 Jason Edmeades 2005-03-05 06:12:46 UTC 
Please help us help you... For example, what error do you get? Does it trap, 
hang, die, have corrupted graphics etc etc. If you get error messages in the 
console, what are they.
Comment 3 David Lee Lambert 2005-04-21 13:51:04 UTC 
The "powerbullet.com" domain appears to be defunct.
However,  the application still appears to be available,
for instance at

  http://www.download.com/3120-20_4-0.html?qt=powerbullet
Comment 4 miguipda 2005-07-22 10:15:56 UTC 
Created attachment 960 [details]
Returned error msg after installation (exe file)

Hi,

installation of powerbullet presenter (excellent flash freeware program).
Return first a non text error popup window and after that the attached one.

Please help to install and be able to use this program under my ubuntu horay.

Have a nice day.
Comment 5 Dan Kegel 2006-08-20 07:15:04 UTC 
(I downloaded the app from powerbullet.com.)
On my machine, running today's wine from git, it dies with
err:ole:CoGetClassObject class {4955dd33-b159-11d0-8fcf-00aa006bcc59} not registered
followed by a dialog box saying
Error: Access violation at 0x00AA675C (tried to read from 0x00000000), program
terminated.
That class is apparantly Active IMM, which is described here:
http://msdn.microsoft.com/workshop/misc/AIMM/overview/overview.asp
There are a number of bug reports which boil down to this class missing,
e.g. bug 4054
Try installing IE6, that may come with an implementation of the missing class.
Comment 6 Louis Lenders 2006-10-07 16:52:42 UTC 
Hi, it's now possible to actually start the app, using native ole32, and mshtml.
Without these native dlls, the application pops up a messagebox that library "@"
cannot be loaded (yes , it really tries to load a library called "@", which
obviously fails). Marking as an ole bug.
Comment 7 Austin English 2008-01-01 18:54:19 UTC 
Using powerbullet 1.3.5 (only version on the site) in wine 0.9.52, I get an error about a debugger being present. After setting HKLM\Software\Windows NT\CurrentVersion\AeDebug\Auto to 0, then I get a error similar to Dan:

fixme:ole:CoCreateInstance no instance created for interface {08c0e040-62d1-11d1-9326-0060b067b86e} of class {4955dd33-b159-11d0-8fcf-00aa006bcc59}, hres is 0x80004002
err:seh:raise_exception Unhandled exception code c0000005 flags 0 addr 0xfb675c
Comment 8 Jeff Zaroyko 2008-01-10 07:44:33 UTC 
Created attachment 10152 [details]
disregard this
Comment 9 Jeff Zaroyko 2008-01-10 09:01:54 UTC 
Comment on attachment 10152 [details]
disregard this

bugzilla redirected me from another bug and I didn't notice, ignore this attachment.
Comment 10 Matthew Millar 2008-12-30 18:26:28 UTC 
Bug still present in wine 1.1.11 on ubuntu 8.10 x86

Matthew Millar
Comment 11 Jake Smith 2009-06-24 17:53:07 UTC 
Created attachment 22009 [details]
Error window

Tested version 1.3.5 under current git (wine-1.1.24-140-ge920f5f) and it pops up the attached error window and never loads generating the following error in terminal:

err:seh:raise_exception Unhandled exception code c0000005 flags 0 addr 0xcb675c


Can be downloaded from http://powerbullet.com/download.php - they changed to .php on the download page.
Comment 12 Rob Shearman 2009-11-24 15:10:38 UTC 
Please attach a +ole,+relay,+seh,+tid log of the issue being reproduced.
Comment 13 Andrew Nguyen 2009-11-24 18:48:03 UTC 
Created attachment 24943 [details]
PowerBullet 1.35 +ole,+relay,+seh,+tid trace (lzma compressed)
Comment 14 Rob Shearman 2009-11-25 09:03:33 UTC 
...
0019:Ret  user32.DestroyWindow() retval=00000001 ret=7d943d3e
0019:Call ntdll.RtlFreeHeap(00110000,00000000,028c5248) ret=7d945158
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7d945158
0019:Call ntdll.RtlFreeHeap(00110000,00000000,001b6820) ret=7d8fcd5a
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7d8fcd5a
0019:Call KERNEL32.InterlockedDecrement(00cd0594) ret=00ccb394
0019:Ret  KERNEL32.InterlockedDecrement() retval=00000000 ret=00ccb394
0019:Call msvcrt.??3@YAXPAX@Z(001b3a70) ret=00ccb611
0019:Call ntdll.RtlFreeHeap(00110000,00000000,001b3a70) ret=7d9ce16e
0019:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=7d9ce16e
0019:Ret  msvcrt.??3@YAXPAX@Z() retval=00000001 ret=00ccb611
0019:trace:seh:raise_exception code=c0000005 flags=0 addr=0xcb675c ip=00cb675c tid=0019
0019:trace:seh:raise_exception  info[0]=00000000
0019:trace:seh:raise_exception  info[1]=00000000
0019:trace:seh:raise_exception  eax=00000000 ebx=001b3a90 ecx=001b3a70 edx=0011005c esi=001b3a70 edi=001b3a70
0019:trace:seh:raise_exception  ebp=00000000 esp=0033cfc4 cs=0073 ds=007b es=007b fs=0033 gs=003b flags=00010216

Not sure what is going on, but this doesn't look related to ole32 so I'll set the component to unknown.
Comment 15 Austin English 2010-03-31 11:29:59 UTC 
Removing NoAppDBEntry keyword.
Comment 16 Xavier Vachon 2011-01-26 15:14:00 UTC 
In today's git, when I run wine Powerbullet.exe nothing happens. The app uses CPU power, but no window appears, and there is no console output.

xavier@environnement ~/.wine/drive_c/test $ wine Powerbullet.exe 
Terminated

Can someone else test this?
Comment 17 Austin English 2011-02-14 12:42:42 UTC 
I get an application error on start, in a message box. Terminal shows:
austin@aw21 ~/.wine/drive_c/Program Files/Powerbullet $ wine Powerbullet.exe 
fixme:system:SetProcessDPIAware stub!
fixme:iphlpapi:NotifyAddrChange (Handle 0xe7e934, overlapped 0xe7e938): stub
fixme:ntdll:NtLockFile I/O completion on lock not implemented yet
err:seh:raise_exception Unhandled exception code c0000005 flags 0 addr 0xb4675c
Comment 18 Anastasius Focht 2011-04-27 08:20:54 UTC 
Hello,

the "Powerbullet.dll" file in question is wrapped with Armadillo protection:

--- snip ---
Scanning -> H:\.wine\drive_c\Program Files\Powerbullet\Powerbullet.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 1736704 (01A8000h) Byte(s)
[File Heuristics] -> Flag : 00000000000000001100001100100001 (0x0000C321)
[!] Armadillo v4.00 - v4.42 detected !
[CompilerDetect] -> Visual C/C++
- Scan Took : 0.439 Second(s)
--- snip ---

Trace log reveals not very much, various anti-debugging trickery, virtual machine/emlulator detection and the like... 

--- snip ---
...
0023:Call KERNEL32.OutputDebugStringA(0033f06c "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s") ret=10022111
0023:Ret  KERNEL32.OutputDebugStringA() retval=00000000 ret=10022111 
--- snip ---

Interesting tidebit: That OutputDebugStringA() call is actually a known vulnerability to trash some OllyDbg (debugger) versions ;-)

Hardware-id gathering before the error:

--- snip ---
...
0023:Call rpcrt4.UuidCreateSequential(0033e718) ret=10008be5 
...
0023:Call iphlpapi.GetAdaptersInfo(001b28e0,0033e624) ret=6857e046 
...
0023:Ret  iphlpapi.GetAdaptersInfo() retval=0000006f ret=6857e046 
...
0023:Call iphlpapi.GetAdaptersInfo(001b28e0,0033e624) ret=6857e0b9 
...
0023:Ret  iphlpapi.GetAdaptersInfo() retval=00000000 ret=6857e0b9 
...
0023:Ret  rpcrt4.UuidCreateSequential() retval=00000000 ret=10008be5 
...
0023:Call KERNEL32.MultiByteToWideChar(00000000,00000000,10038050 "InvalidKey",ffffffff,00dc8038,00010000) ret=1002f0ec 
...
0023:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00db4030 L"This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it.",ffffffff,0032e424,00010000,00000000,00000000) ret=1002f0ba
--- snip ---

Anything bogus from UuidCreateSequential() is most likely not the cause for the error.
The code following checks the first 3 bytes of uuid->Data4 for constant values (0x00,0x03,0xFF) probably to detect some virtual network adapters from PC emulators (like VirtualPC).
After that it processes internal data and calculates something like a checksum.
Prelimary debugging though the code mess pinpoints the validation failure between checkpoint LP5 and LP6.
The internal error code is 0x17 - it is never printed but one can see it in debugger data/code string references.
CCx,LPx = some Armadillo internal mechanism to track the stage of protector initialization.

Will revisit later ...

Regards
Comment 19 Anastasius Focht 2011-06-19 08:20:10 UTC 
Hello,

still present, updating some fields...

$ sha1sum install_powerbullet1.44.exe 
41540db64c69d4dfba78a983622c01d54e2fd10b  install_powerbullet1.44.exe

$ wine --version
wine-1.3.22-164-g17e6d75

Regards
Comment 20 butraxz 2013-03-04 11:50:53 UTC 
There has been no activity for two years. Is this still relevant on 1.5.25 or should this be closed as abandoned ?
Comment 21 Bruno Jesus 2013-03-04 21:46:24 UTC 
Still in wine 1.5.25.
Comment 22 Anastasius Focht 2013-06-23 11:16:15 UTC 
Hello folks,

well it seems the CRC error detected between Armadillo LP5 and LP6 checkpoints results from much earlier problems.

In unpacking phase, "powerbullet.dll" header and PE sections are re-created in memory (obviously modified).
A time later some parts of the original MZ/PE header are validated against on-disk image.

Relevant part of trace log, resulting in later failure:

--- snip ---
$ WINEDEBUG=+tid,+seh,+relay wine regsvr32.exe Powerbullet.dll >> log.txt 2>&1
...
0025:Call PE DLL (proc=0x10275337,module=0x10000000 L"Powerbullet.dll",reason=PROCESS_ATTACH,res=(nil)) 
...
0025:Call KERNEL32.VirtualAlloc(10000000,0004b000,00001000,00000004) ret=102637a6
0025:Ret  KERNEL32.VirtualAlloc() retval=10000000 ret=102637a6
0025:Call msvcrt.memcpy(10000000,0014a3d0,00001000) ret=10263873
0025:Ret  msvcrt.memcpy() retval=10000000 ret=10263873
0025:Call msvcrt.memcpy(10001000,0014b3d0,00031000) ret=102638e9
0025:Ret  msvcrt.memcpy() retval=10001000 ret=102638e9
0025:Call msvcrt.memcpy(10032000,0017c3d0,00003000) ret=102638e9
0025:Ret  msvcrt.memcpy() retval=10032000 ret=102638e9
0025:Call msvcrt.memcpy(10035000,0017f3d0,00006000) ret=102638e9
0025:Ret  msvcrt.memcpy() retval=10035000 ret=102638e9
0025:Call msvcrt.memcpy(10044000,001853d0,00003000) ret=102638e9
0025:Ret  msvcrt.memcpy() retval=10044000 ret=102638e9
0025:Call msvcrt.memcpy(10047000,001883d0,00004000) ret=102638e9
0025:Ret  msvcrt.memcpy() retval=10047000 ret=102638e9 
--- snip ---

Wine allows "VirtualAlloc( dll_image_base, size, MEM_COMMIT, PAGE_READWRITE)" to succeed, returning the original image base where "Powerbullet.dll" is mapped to.
The original headers/sections of the dll are partly overwritten with newly created headers and sections during unpack phase, resulting in later CRC mismatch.

The allocation request should have been denied which results in app calling VirtualAlloc() another time, now passing NULL (letting Wine determine the address).

Dump of memory map for the dll:

--- snip ---
address   size     section     contains     type access   initial access
========================================================================
10000000  00001000             PE header    Img  R        RWX CopyOnWr
10001000  001A4000  .text                   Img  R X      RWX CopyOnWr
101A5000  0004D000  .rdata     Exports      Img  R        RWX CopyOnWr
101F2000  00035000  .data      Data         Img  RW Copy> RWX CopyOnWr
10227000  0000D000  STLPORT_                Img  RW Copy> RWX CopyOnWr
10234000  00019000  .reloc                  Img  R        RWX CopyOnWr
1024D000  00040000  .text1,.ad Code         Img  R X      RWX CopyOnWr
1028D000  00010000  .data1                  Img  RW Copy> RWX CopyOnWr
1029D000  00010000  .reloc1    Relocations  Img  R        RWX CopyOnWr
102AD000  00110000  .pdata     Imports      Img  RW Copy> RWX CopyOnWr
103BD000  0000C000  .rsrc      Resources    Img  R        RWX CopyOnWr
--- snip ---

How it should look like (dll is registered successfully):

--- snip ---
0028:Call KERNEL32.VirtualAlloc(10000000,0004b000,00001000,00000004) ret=102637a6
0028:trace:virtual:NtAllocateVirtualMemory 0xffffffff 0x10000000 0004b000 1000 00000004
0028:Ret  KERNEL32.VirtualAlloc() retval=00000000 ret=102637a6
0028:Call KERNEL32.VirtualAlloc(00000000,0004b000,00001000,00000004) ret=10263845
0028:trace:virtual:NtAllocateVirtualMemory 0xffffffff (nil) 0004b000 1000 00000004
0028:trace:virtual:map_view got mem in reserved area 0x4d0000-0x51b000
0028:trace:virtual:VIRTUAL_DumpView View: 0x4d0000 - 0x51afff (valloc)
0028:trace:virtual:VIRTUAL_DumpView       0x4d0000 - 0x51afff c-rw-
0028:trace:virtual:create_view forcing exec permission on 0x4d0000-0x51afff
0028:Ret  KERNEL32.VirtualAlloc() retval=004d0000 ret=10263845
0028:Call msvcrt.memcpy(004d0000,0014a4f0,00001000) ret=10263873
0028:Ret  msvcrt.memcpy() retval=004d0000 ret=10263873
0028:Call msvcrt.memcpy(004d1000,0014b4f0,00031000) ret=102638e9
0028:Ret  msvcrt.memcpy() retval=004d1000 ret=102638e9
0028:Call msvcrt.memcpy(00502000,0017c4f0,00003000) ret=102638e9
0028:Ret  msvcrt.memcpy() retval=00502000 ret=102638e9
0028:Call msvcrt.memcpy(00505000,0017f4f0,00006000) ret=102638e9
0028:Ret  msvcrt.memcpy() retval=00505000 ret=102638e9
0028:Call msvcrt.memcpy(00514000,001854f0,00003000) ret=102638e9
0028:Ret  msvcrt.memcpy() retval=00514000 ret=102638e9
0028:Call msvcrt.memcpy(00517000,001884f0,00004000) ret=102638e9
0028:Ret  msvcrt.memcpy() retval=00517000 ret=102638e9 
--- snip ---

(newly created headers/sections are written to different place, leaving the original image intact).

After installation the app fails later on startup which is another Wine bug.

Regards
Comment 23 Dmitry Timoshkov 2013-06-25 02:30:58 UTC 
Created attachment 44956 [details]
ntdll: NtAllocateVirtualMemory should fail to commit if an address range is already committed for a memory mapped file.

Please try the attached patch, it at least makes the test cases pass.
Comment 24 Anastasius Focht 2013-06-25 15:26:26 UTC 
Hello Dmitry,

yes, your patch applied against wine-1.6-rc3 works (as expected) ;-)

Regards
Comment 25 Anastasius Focht 2013-07-07 11:26:36 UTC 
*** Bug 24886 has been marked as a duplicate of this bug. ***
Comment 27 Anastasius Focht 2013-07-19 15:58:54 UTC 
Hello folks,

fixed by http://source.winehq.org/git/wine.git/commitdiff/3d759a0c69732721fab2881e484bf716c196dfe3

Thanks Dmitry

Regards
Comment 28 Alexandre Julliard 2013-08-02 13:18:16 UTC 
Closing bugs fixed in 1.7.0.
Comment 29 Alexandre Julliard 2013-11-15 13:39:41 UTC 
Removing 1.6.x milestone from bugs included in 1.6.1.
First Last Prev Next    This bug is not in your last search results.

Privacy Policy
If you have a privacy inquiry regarding this site, please write to [email protected]

Hosted By CodeWeavers