[Bug 36821] New: Multi Theft Auto: San Andreas 1.3.5 'FairplayKD.sys' driver continuously spams terminal due to 'PsLookupProcessByProcessId' stub
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Jun 29 14:32:55 CDT 2014
https://bugs.winehq.org/show_bug.cgi?id=36821
Bug ID: 36821
Summary: Multi Theft Auto: San Andreas 1.3.5 'FairplayKD.sys'
driver continuously spams terminal due to
'PsLookupProcessByProcessId' stub
Product: Wine
Version: 1.7.20
Hardware: x86
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ntoskrnl
Assignee: wine-bugs at winehq.org
Reporter: focht at gmx.net
Hello folks,
the kernel driver is part of 'Multi Theft Auto' v1.3.5
Release notes: https://forum.mtasa.com/viewtopic.php?f=31&t=71767
There is a constant spam on terminal:
--- snip ---
...
fixme:ntoskrnl:PsLookupProcessByProcessId (0x4 0x53e5bc) stub
fixme:ntoskrnl:PsLookupProcessByProcessId (0x8 0x53e5bc) stub
fixme:ntoskrnl:PsLookupProcessByProcessId (0xc 0x53e5bc) stub
fixme:ntoskrnl:PsLookupProcessByProcessId (0x10 0x53e5bc) stub
fixme:ntoskrnl:PsLookupProcessByProcessId (0x14 0x53e5bc) stub
fixme:ntoskrnl:PsLookupProcessByProcessId (0x18 0x53e5bc) stub
fixme:ntoskrnl:PsLookupProcessByProcessId (0x1c 0x53e5bc) stub
...
fixme:ntoskrnl:PsLookupProcessByProcessId (0x7ff8 0x53e5bc) stub
fixme:ntoskrnl:PsLookupProcessByProcessId (0x7ffc 0x53e5bc) stub
fixme:thread:NtQueryInformationThread info class 22 not supported yet
fixme:thread:NtQueryInformationThread info class 22 not supported yet
fixme:thread:NtQueryInformationThread info class 22 not supported yet
fixme:thread:NtQueryInformationThread info class 22 not supported yet
fixme:thread:NtQueryInformationThread info class 22 not supported yet
fixme:thread:NtQueryInformationThread info class 22 not supported yet
fixme:thread:NtQueryInformationThread info class 22 not supported yet
fixme:thread:NtQueryInformationThread info class 22 not supported yet
fixme:thread:NtQueryInformationThread info class 22 not supported yet
fixme:ntoskrnl:PsLookupProcessByProcessId (0x4 0x53e5bc) stub
fixme:ntoskrnl:PsLookupProcessByProcessId (0x8 0x53e5bc) stub
...
<repeats forever>
--- snip ---
'FairplayKD.sys' kernel driver code:
--- snip ---
00541F06 8BFF MOV EDI,EDI
00541F08 55 PUSH EBP
00541F09 8BEC MOV EBP,ESP
00541F0B 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; process id to lookup
00541F0E 53 PUSH EBX
00541F0F 56 PUSH ESI
00541F10 F6C1 03 TEST CL,3
00541F13 75 42 JNZ SHORT 00541F57
00541F15 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+C]
00541F18 F6C3 03 TEST BL,3
00541F1B 75 3A JNZ SHORT 00541F57
00541F1D B8 E8FD0000 MOV EAX,0FDE8 ; max pid (handle)
00541F22 3BC8 CMP ECX,EAX
00541F24 77 31 JA SHORT 00541F57
00541F26 3BD8 CMP EBX,EAX
00541F28 77 2D JA SHORT 00541F57
00541F2A 3BCB CMP ECX,EBX
00541F2C 73 29 JNB SHORT 00541F57
00541F2E 8BF1 MOV ESI,ECX
pid_loop:
00541F30 8D45 08 LEA EAX,DWORD PTR SS:[EBP+8]
00541F33 50 PUSH EAX
00541F34 56 PUSH ESI
00541F35 FF15 8C8A5400 CALL DWORD PTR DS:[548A8C] ;
PsLookupProcessByProcessId
00541F3B 85C0 TEST EAX,EAX
00541F3D 74 0B JE SHORT 00541F4A
00541F3F 83C6 04 ADD ESI,4
00541F42 3BF3 CMP ESI,EBX
00541F44 72 EA JB SHORT 00541F30
00541F46 8BC3 MOV EAX,EBX
00541F48 EB 0F JMP SHORT 00541F59
00541F4A 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00541F4D FF15 888A5400 CALL DWORD PTR DS:[548A88] ; ObfDereferenceObject
00541F53 8BC6 MOV EAX,ESI
00541F55 EB 02 JMP SHORT 00541F59
00541F57 33C0 XOR EAX,EAX
00541F59 5E POP ESI
00541F5A 5B POP EBX
00541F5B 5D POP EBP
00541F5C C2 0800 RETN 8
--- snip ---
If it fails (Wine stub in this case) just go for the next process id ... genius
logic at work :)
Silencing via "trace once" might be ok for this - even if the loop is still
getting executed.
$ sha1sum mtasa-1.3.5.exe
7f186543892ef0877cd568ce0935c5e9641578c8 mtasa-1.3.5.exe
$ du -sh mtasa-1.3.5.exe
21M mtasa-1.3.5.exe
$ wine --version
wine-1.7.21-3-gbf72c67
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list