WhatChanged, RegShot, and WINE

1. Responsibility Required by Reader: I am saying this in hopes to get things to work with WINE, not to promote piracy. Please have the same motive of operation.
2.  
3. There is a free program called WhatChanged. I haven't had a chance to use it myself yet, but plan to use it on Hype the Time Quest when I have time.
4.  
5. WhatChanged takes "snapshots" and can compare those snapshots and tells you...well...as the name says...what changed between the snapshots. What you can do is use WhatChanged to find EVERY registry key and EVERY file added to your system by the installation of a program. This is super useful, especially if you are trying to uninstall something like Norton.
6.  
7. "Tried to install in windows virtual machine, installation ran fine, i'm currently looking for the registry key / file that seems to be written during activation process." - Kaël
8.  
9. Here's what you do:
10. 1. Make a virtual machine and install a fresh installation of Windows.
11. 2. Install WhatChanged into that Windows.
12. 3*. Tell WhatChanged to take a snapshot. This snapshot includes every registry key and every file on the %homedrive% (usually C:)
13. 4*. Install the program you want to know all the locations of all the pieces of, like Norton or Hype the Time Quest or Assassins of Kings.
14. 5*. Immediately after installation, tell WhatChanged to take another snapshot of all the registry keys and all the files on the %homedrive%.
15. 6. Have WhatChanged compare the two snapshots. WhatChanged will then tell you all the registry keys and all the files that have been added or removed.
16. 7. Record that info to a text file or something.
17. 8. Save that info in a safe place.
18.  
19. * Replace steps 3, 4, and 5 with what is applicable to your situation. In Kaël's case, he may or may not want to take a snapshot right after installing Windows before installing the game. He at least needs to take a snapshot of the game before activation, but after installation of the game, and then another snapshot immediately after activation, and target what changes/ is added/ is removed during activation by comparing the two snapshots. I recommend having all 3 snapshots (those two and one before installation), that way they could compare before installation with after activation to have a complete list of all the registry keys and files to copy from the Windows virtual machine into WINE. Immediately is the key word here. You want to minimize catching irrelevant files and registry keys. You will catch a lot of irrelevant keys, and need a sense of what is a "hit" and what isn't. For example, I compared snapshots (using RegShot, not WhatChaged) of the registry to find the registry key that saves Virtual CloneDrive's region setting, and out of many keys that changed, only one was the "hit". And that was me taking the snapshots as immediately as possible. Here is a video that gives an example of comparing snapshots of the registry, and gives you an idea of some of the "irrelevant" key changes - http://www.youtube.com/watch?v=Y5jQC23Jepk
20.  
21. Now knowing all the pieces that make up a program, like Norton, you can throughly remove it! It's easier to just nuke the hard drive and install Linux, though. Then you don't have to worry about viruses unless you do something that asks for it - like logging in as root or running FireFox as root.
22.  
23. My hope is that knowing all the pieces that make up Hype, I can copy all those registry keys and files into WINE from the virtual machine. Hype the Time Quest is installed with a Ubisoft installer and ran by a Ubisoft game launcher. It utterly fails in WINE. That installer is doing something screwy.
24.  
25. I know there was a previous thread about a Ubisoft Game Launcher not letting a game work in online mode in WINE, so this isn't the first time a Ubisoft program has been incompatible with WINE.
26.  
27. As far as our friend, Mateusz Stachowski, trying to get "The Witcher 2: Assassins of Kings" to work in WINE, I think Mateusz Stachowski should try the above method to find all the pieces (both files and registry keys) and copy them over to WINE. Then save a copy of that WINE drive folder in a safe place. Maybe it will get it to work.
28. If you feel uncomfortable with this, thinking I just empowered pirates, consider this analogy:
29. You have a legal copy of Windows XP Home Edition and a legally acquired product key for it. You install Windows XP Home Edition with that product key and copy. You call up and activate it. You backup your activation files. You get a virus. You nuke your hard drive and reinstall Windows XP Home Edition with that same product key. Then you restore your activation files, activating Windows XP. In that same way, our friend is first activating in a virtual machine, then transferring that activation to WINE. No harm done. Mateusz Stachowski can just keep his product key and activation files to himself. He can share where they are and how to transfer them so that others can transfer their own activation files, but he keeps his activation files and key to himself and gives them to no one.
30.  
31. Also know that the activation files are not the only concern. Maybe the reason why it isn't working is because of another file or registry key that didn't get added. WhatChanged will catch that too.
32.  
33. Also know that there is a free program called RegShot that takes and compares snapshots of only the registry. As you can imagine, this is a quicker processes, and sometimes proves to be useful when you know ahead of time that what it is you are trying to find is in the registry only.
34. I suppose you could even run RegShot in the Windows virtual machine, save the snapshot, then run RegShot in WINE, save that snapshot, then compare the snapshot of Windows's registry with WINE's registry to see all the differences.
35.  
36. I think WhatChanged can be a powerful tool in getting programs to work with WINE.
37.  
38. Anyways, more specific to the original post about getting "The Witcher 2: Assassins of Kings" non-GOG version to work...
39. Mateusz Stachowski said "I have the Retail version which is using secuROM." The whole point of SecuRom is to gain more direct access to your hardware by installing what is basically a rootkit - SecuROM is basically a rootkit. This is so the game can see if the disk is really inserted, or if you are using a CD emulator.
40. In a normal world, when you boot into Linux, Mac, Windows, or almost any operating system, you have a bootloader tell the processor to execute a program called a supervisory program, a.k.a kernel. The idea is that this kernel is THE ONLY program the processor is directly running. Therefore only the kernel has access to the pins on the processor through which hardware can be detected (all hardware visible to the operating system has an electrical path going from the hardware to a pin on the processor, and by the kernel listening to and sending signals down these pins, hardware can be detected).
41. THEN you tell the kernel to run your programs, rather than only running one program at a time on the processor. Only the kernel has access to the hardware, and the kernel can deny a program it is running of anything - such as hardware access, file access, memory access, anything. The programs have to be allowed through the kernel by the kernel to the processor to be ran. This makes life MUCH safer, because if you had all your programs running directly on the processor, you couldn't deny any of them any privileges, and a malicious software could nuke or infect your BIOS - something much more scary than a superficial software infection that could be cured with a simple nuke of the hard drive. Not to mention this makes software development much easier because a kernel can offer a program much ready-made code, rather than having to write everything a program needs to run from the processor up - welcome to modern computing where life is made simpler and and more secure with the use of the modern supervisory program!
42. So all those hardware detection programs like Sandra Lite, Speccy, PC Wizard, HardInfo, CPUID, GPUID, SpeedFan, and WMI are all reporting hardware info that the kernel has passed on to them. These programs do not have access to the pins on the processor by which to detect hardware- only the kernel does.
43. A kernel could thus lie to any program asking about what hardware is present. A kernel could lie to all programs saying that a CD drive is present that really isn't. That's how a CD drive is emulated.
44. That was a normal world...
45. In a world infected by a true rootkit...
46. The bootloader is modified to have the processor execute both the kernel (supervisory program) that the operating system is based off of, as well as another program, the rootkit, so that during the booting process these two programs get running directly on the processor. Since the rootkit is being ran directly by the processor just like the kernel is, the kernel cannot deny the rootkit any privileges because the kernel is not executing the rootkit, and the rootkit is not going through the kernel. The rootkit has access to all memory, and if "smart" enough, can interact with a program running through the kernel by them both reading and writing messages to the same memory area (the malicious program in kahoots with the rootkit would be made specifically to go with the rootkit), and could thus snag passwords (like to a bank account) and e-mail them somewhere.
47. Not all rootkits go that deep, though. Some just modify the kernel and reside in the kernel, and others run in an elevated user mode.
48. A true rootkit could directly look at your hardware through the pins on the processor. If a program communicates with a rootkit, it can get hardware info without going through the kernel. If you are emulating a CD drive by having the kernel lie to all the programs it is executing, a program can communicate with a rootkit and see that that hardware actually isn't present. That's what SecuROM does, though I doubt it modifies your bootloader. I imagine it uses a driver or something. If it actually modified your NT kernel, that would be pretty spooky.
49.  
50. My point of bringing that all up is that if the game really does have SecuRom, you will need to have the CD (or emulate a CD drive), so it might be good to clear up what Kaël said, "Seems strange that it needs 'no-cd'... The game requires online activation, but CD Projekt Red told in an interview t[h]at the game won't need the DVD during game." The launcher won't launch the game unless it detects the CD, but once the game is launched, you can take the disc out because it isn't actually executing executable files on the CD, the game is the execution of executable files copied onto the hard drive during installation. The idea is that if the game refuses to run unless the CD is inserted, that will reduce piracy. That logic makes zero sense to me, but apparently it made sense to the makers of the game - or at least the people who sold it. The online activation (or alternatively, by phone), however, if done right, DOES make sense. They could just maintain a list of used product keys, and refuse to give an activation code to someone who gives an already used product key.
51. As you can imagine, supporting rootkits like SecuROM is the bane of the WINE dev team, and if things switched over to only online/ phone activation, things would work easier in WINE. However, the WINE dev team has already bent over backwards several times to support such things - see Myth 11 - http://wiki.winehq.org/Debunking_Wine_Myths . So if this game uses older SecuROM 4.xx, you're good. If it used 5.xx, then not so good - http://wiki.winehq.org/CopyProtection .
52.  
53. Cheers,
54. Jake
55.  
56. P.S. Why is there an "L" before paths (directories + file) in WINE terminal outs?