[Bug 48976] New: PowerChute Personal Edition v3.1 (.NET 4.0 app) 'apcrun.exe' utility locks up Xorg/Window Manager with repeated user32.BringWindowToTop calls

WineHQ Bugzilla wine-bugs at winehq.org
Mon Apr 20 05:51:40 CDT 2020 

https://bugs.winehq.org/show_bug.cgi?id=48976

            Bug ID: 48976
           Summary: PowerChute Personal Edition v3.1 (.NET 4.0 app)
                    'apcrun.exe' utility locks up Xorg/Window Manager with
                    repeated user32.BringWindowToTop calls
           Product: Wine
           Version: 5.6
          Hardware: x86-64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: user32
          Assignee: wine-bugs at winehq.org
          Reporter: focht at gmx.net
      Distribution: ---

Hello folks,

this is not aboute device detection (usb/pnpmgr/setupapi), but some nasty
user32 issue.

https://www.apc.com/shop/de/de/categories/power/uninterruptible-power-supply-ups-/ups-management/powerchute-personal-edition/N-1b6nbpp

Snapshot via Internet Archive:

https://web.archive.org/web/20200103074730/https://download.schneider-electric.com/files?p_enDocType=Software+-+Released&p_Doc_Ref=APC_PCPE_310&p_File_Name=PCPE_3.1.0.exe

--- snip ---
$ WINEDEBUG=+seh,+relay,+msi,+setupapi wine ./PCPE_3.1.0.exe >>log.txt 2>&1
...
002d:Call KERNEL32.CreateProcessA(00000000,0040a418 "\"C:\\Program Files
(x86)\\APC\\PowerChute Personal Edition\\vc_redist.x86.exe\"
/S",00000000,00000000,00000000,04000000,00000000,00000000,0042c078,01cefd3c)
ret=0040566e 
...
002d:Ret  KERNEL32.CreateProcessA() retval=00000001 ret=0040566e 
...
002f:Call KERNEL32.CreateProcessW(01bf76a8 L"C:\\Program Files
(x86)\\APC\\PowerChute Personal Edition\\vc_redist.x86.exe",01bf6970
L"\"C:\\Program Files (x86)\\APC\\PowerChute Personal
Edition\\vc_redist.x86.exe\" -burn.unelevated
BurnPipe.{AE46C7E5-539F-4055-877F-EA7361775A38}
{E1F0B3E4-FE47-4ADC-8749-297B27453BB8} 46
/S",00000000,00000000,00000000,00000000,00000000,00000000,0032f7c8,0032f80c)
ret=0043e383 
...
002f:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=0043e383 
...
--- snip ---

Didn't detect APC and launches 'ApcRun.exe' with option to display (error)
dialog.

--- snip ---
...
002d:Call KERNEL32.CreateProcessW(00000000,019fc1f8 L"\"C:\\Program Files
(x86)\\APC\\PowerChute Personal Edition\\\\ApcRun.exe\"
Local\\IDD_NOCOMMS_ON_INSTALL",00000000,00000000,00000000,00000410,00000000,019fc4a0
L"C:\\Program Files (x86)\\APC\\PowerChute Personal
Edition\\",01ced418,01ced408) ret=7dbac867 
...
002d:Ret  KERNEL32.CreateProcessW() retval=00000001 ret=7dbac867 
...
003b:Starting process L"C:\\Program Files (x86)\\APC\\PowerChute Personal
Edition\\apcrun.exe" (entryproc=0x401434) 
...
003b:Call winex11.drv.SetWindowText(000200be,019b8788 L"The installer is unable
to locate the battery backup connected to your computer. In order to disable
native power management, an American Power Conversion battery backup needs to
be attached.") ret=7e84ead4
003b:Ret  winex11.drv.SetWindowText() retval=00000000 ret=7e84ead4 
...
003b:Call winex11.drv.SetWindowText(000200c4,019b8a88 L"If native power
management is not disabled you may receive messages from Windows\00ae relating
to a 'battery'.") ret=7e84ead4
003b:Ret  winex11.drv.SetWindowText() retval=00000000 ret=7e84ead4 
...
--- snip ---

The installer dialog template/text is chosen by the command line arg
'IDD_NOCOMMS_ON_INSTALL'. There is an endless stream of
user32.BringWindowToTop() calls from the app dialog window proc. You have to
quickly kill the process otherwise it's going to lock up Xorg and window
manager process with 100% cpu usage.

Manual run:

--- snip ---
$ pwd
/home/focht/.wine/drive_c/Program Files (x86)/APC/PowerChute Personal Edition

$ WINEDEBUG=+seh,+relay,+win,+msg wine ./apcrun.exe
Local\\IDD_NOCOMMS_ON_INSTALL >>log.txt 2>&1
...
002c:Call user32.CreateWindowExA(00000000,00449940 "APC_RUN_CLASS",004498d8
"APC_RUN",00cf0000,80000000,00000000,80000000,00000000,00000000,00000000,00400000,00000000)
ret=00401143
...
002c:trace:win:WIN_CreateWindowEx "APC_RUN" L"APC_RUN_CLASS" ex=00000000
style=00cf0000 -2147483648,0 -2147483648x0 parent=(nil) menu=(nil)
inst=0x400000 params=(nil)
002c:trace:win:dump_window_styles style: WS_CAPTION WS_SYSMENU WS_THICKFRAME
WS_MINIMIZEBOX WS_MAXIMIZEBOX
002c:trace:win:dump_window_styles exstyle: 
...
002c:trace:win:WIN_CreateWindowEx hwnd 0x10072 cs 0,0 1440x810 (0,0)-(1440,810)
002c:Call window proc 0x401090
(hwnd=0x10072,msg=WM_NCCREATE,wp=00000000,lp=0032fbf0)
002c:Call user32.DefWindowProcA(00010072,00000081,00000000,0032fbf0)
ret=7e8c211c 
...
002c:Call KERNEL32.LoadLibraryA(0032fd94 "C:\\Program Files
(x86)\\APC\\PowerChute Personal Edition\\\\res.dll") ret=10013b66 
...
002c:Ret  PE DLL (proc=0x1aa2a8b,module=0x1aa0000
L"res.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1
...
002c:Ret  KERNEL32.LoadLibraryA() retval=01aa0000 ret=10013b66
...
002c:Call KERNEL32.CreateMutexA(00000000,00000001,10073824
"Local\\IDD_NOCOMMS_ON_INSTALL") ret=10016909 
...
002c:Call user32.DialogBoxParamA(01aa0000,000000c8,00010072,10004377,00000000)
ret=100142ef 
...
002c:trace:win:WIN_CreateWindowEx "PowerChute Personal Edition Setup" #8002
ex=00010001 style=80c00ac4 732,408 455x264 parent=0x10072 menu=(nil)
inst=0x1aa0000 params=(nil)
002c:trace:win:dump_window_styles style: WS_POPUP WS_CAPTION 00000ac4
002c:trace:win:dump_window_styles exstyle: WS_EX_DLGMODALFRAME
WS_EX_CONTROLPARENT 
...
002c:Call window proc 0x7e84e3e0
(hwnd=0x10080,msg=WM_CREATE,wp=00000000,lp=0032f4b0)
002c:trace:win:WIN_SetWindowLong 0x10080 0 0 W
002c:Ret  window proc 0x7e84e3e0
(hwnd=0x10080,msg=WM_CREATE,wp=00000000,lp=0032f4b0) retval=00000000
002c:Call winex11.drv.CreateWindow(00010080) ret=7e8b927c
002c:Ret  winex11.drv.CreateWindow() retval=00000001 ret=7e8b927c
002c:trace:msg:WINPROC_CallProcWtoA
(hwnd=0x10080,msg=WM_SIZE,wp=00000000,lp=00ef01c1)
002c:Call window proc 0x7e84e3e0
(hwnd=0x10080,msg=WM_SIZE,wp=00000000,lp=00ef01c1)
002c:trace:win:WIN_SetWindowLong 0x10080 0 0 W
002c:Ret  window proc 0x7e84e3e0
(hwnd=0x10080,msg=WM_SIZE,wp=00000000,lp=00ef01c1) retval=00000000
002c:trace:msg:WINPROC_CallProcWtoA
(hwnd=0x10080,msg=WM_MOVE,wp=00000000,lp=01ae02df)
002c:Call window proc 0x7e84e3e0
(hwnd=0x10080,msg=WM_MOVE,wp=00000000,lp=01ae02df)
002c:trace:win:WIN_SetWindowLong 0x10080 0 0 W
002c:Ret  window proc 0x7e84e3e0
(hwnd=0x10080,msg=WM_MOVE,wp=00000000,lp=01ae02df) retval=00000000
002c:trace:msg:PostMessageW hwnd 0x10020 msg 210 (WM_PARENTNOTIFY) wp 1 lp
10080
002c:trace:win:WIN_CreateWindowEx created window 0x10080
002c:trace:win:WIN_SetWindowLong 0x10080 4 10004377 A
002c:trace:win:alloc_winproc allocated 0xffff0024 for A 0x10004377 (37/4096
used)
002c:trace:msg:WINPROC_CallProcWtoA
(hwnd=0x10080,msg=WM_SETFONT,wp=00020052,lp=00000000)
002c:Call window proc 0x7e84e3e0
(hwnd=0x10080,msg=WM_SETFONT,wp=00020052,lp=00000000)
002c:trace:win:WIN_SetWindowLong 0x10080 0 0 W
002c:Call dialog proc 0x10004377
(hwnd=0x10080,msg=WM_SETFONT,wp=00020052,lp=00000000)
002c:Call user32.BringWindowToTop(00010080) ret=10018cf6
002c:trace:win:SetWindowPos hwnd 0x10080, after (nil), 0,0 (0x0), flags
00000003
002c:trace:win:dump_winpos_flags flags: SWP_NOSIZE SWP_NOMOVE
002c:trace:msg:WINPROC_CallProcWtoA
(hwnd=0x10080,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032ed44)
002c:Call window proc 0x7e84e3e0
(hwnd=0x10080,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032ed44)
002c:trace:win:WIN_SetWindowLong 0x10080 0 0 W
002c:Call dialog proc 0x10004377
(hwnd=0x10080,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032ed44)
002c:Call user32.BringWindowToTop(00010080) ret=10018cf6
002c:trace:win:SetWindowPos hwnd 0x10080, after (nil), 0,0 (0x0), flags
00000003
002c:trace:win:dump_winpos_flags flags: SWP_NOSIZE SWP_NOMOVE
002c:trace:msg:WINPROC_CallProcWtoA
(hwnd=0x10080,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032e224)
002c:Call window proc 0x7e84e3e0
(hwnd=0x10080,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032e224)
002c:trace:win:WIN_SetWindowLong 0x10080 0 0 W
002c:Call dialog proc 0x10004377
(hwnd=0x10080,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032e224)
002c:Call user32.BringWindowToTop(00010080) ret=10018cf6 
...
<dozen of user32.BringWindowToTop() calls)>
...
002c:Ret  winex11.drv.WindowPosChanging() retval=00000000 ret=7e8bdb66
002c:trace:win:set_window_pos win 0x10080 surface (nil) -> (nil)
002c:Call
winex11.drv.WindowPosChanged(00010080,00000000,0000180f,00302470,00302480,00302300,00000000,00000000)
ret=7e8be223 
...
002c:trace:win:SetForegroundWindow 0x10080
002c:trace:msg:send_inter_thread_message hwnd 0x10020 msg 80000006
(WM_WINE_SETACTIVEWINDOW) wp 0 lp 0
002c:trace:msg:PostMessageW hwnd 0x10020 msg 210 (WM_PARENTNOTIFY) wp 86 lp
10080
002c:Call winex11.drv.SetFocus(00010080) ret=7e8640f4
002c:Ret  winex11.drv.SetFocus() retval=00000000 ret=7e8640f4
002c:trace:win:USER_SetWindowPos     status flags = 1807
002c:Ret  user32.BringWindowToTop() retval=00000001 ret=10018cf6 
...
<repeats again, eating up cpu>
--- snip ---

Unchecking the following settings in 'winecfg' mitigates the issue at bit,
avoiding a complete lockup:

* 'Allow the window manager to decorate the windows'
* 'Allow the window manager to control the windows'

The sequence is still there though (shown for window destruction):

--- snip ---
...
003c:Call window proc 0x7e84e3e0
(hwnd=0x2008a,msg=WM_NCDESTROY,wp=00000000,lp=00000000)
003c:Call dialog proc 0x10004377
(hwnd=0x2008a,msg=WM_NCDESTROY,wp=00000000,lp=00000000)
003c:Call user32.BringWindowToTop(0002008a) ret=10018cf6
003c:Call window proc 0x7e84e3e0
(hwnd=0x2008a,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032ee74)
003c:Call dialog proc 0x10004377
(hwnd=0x2008a,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032ee74)
003c:Call user32.BringWindowToTop(0002008a) ret=10018cf6
003c:Call window proc 0x7e84e3e0
(hwnd=0x2008a,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032e354)
003c:Call dialog proc 0x10004377
(hwnd=0x2008a,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032e354)
003c:Call user32.BringWindowToTop(0002008a) ret=10018cf6
003c:Call window proc 0x7e84e3e0
(hwnd=0x2008a,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032d834)
003c:Call dialog proc 0x10004377
(hwnd=0x2008a,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032d834)
003c:Call user32.BringWindowToTop(0002008a) ret=10018cf6
003c:Call window proc 0x7e84e3e0
(hwnd=0x2008a,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032cd14)
003c:Call dialog proc 0x10004377
(hwnd=0x2008a,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032cd14)
003c:Call user32.BringWindowToTop(0002008a) ret=10018cf6
003c:Call window proc 0x7e84e3e0
(hwnd=0x2008a,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032c1f4)
003c:Call dialog proc 0x10004377
(hwnd=0x2008a,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0032c1f4)
003c:Call user32.BringWindowToTop(0002008a) ret=10018cf6 
...
<many more>
--- snip ---

I didn't look at it in detail yet, to check if it's a hooking and/or incorrect
message sequence issue.

$ sha1sum PCPE_3.1.0.exe 
e9a10abb4af842a7c98db1aff2e1e00d3f74b749  PCPE_3.1.0.exe

$ du -sh PCPE_3.1.0.exe 
36M    PCPE_3.1.0.exe

$ wine --version
wine-5.6-193-g59987bc9ec

Regards

-- 
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.

More information about the wine-bugs mailing list