[Bug 36821] New: Multi Theft Auto: San Andreas 1.3.5 'FairplayKD.sys' driver continuously spams terminal due to 'PsLookupProcessByProcessId' stub
https://bugs.winehq.org/show_bug.cgi?id=36821
Bug ID: 36821 Summary: Multi Theft Auto: San Andreas 1.3.5 'FairplayKD.sys' driver continuously spams terminal due to 'PsLookupProcessByProcessId' stub Product: Wine Version: 1.7.20 Hardware: x86 OS: Linux Status: NEW Severity: normal Priority: P2 Component: ntoskrnl Assignee: wine-bugs@winehq.org Reporter: focht@gmx.net
Hello folks,
the kernel driver is part of 'Multi Theft Auto' v1.3.5
Release notes: https://forum.mtasa.com/viewtopic.php?f=31&t=71767
There is a constant spam on terminal:
--- snip --- ... fixme:ntoskrnl:PsLookupProcessByProcessId (0x4 0x53e5bc) stub fixme:ntoskrnl:PsLookupProcessByProcessId (0x8 0x53e5bc) stub fixme:ntoskrnl:PsLookupProcessByProcessId (0xc 0x53e5bc) stub fixme:ntoskrnl:PsLookupProcessByProcessId (0x10 0x53e5bc) stub fixme:ntoskrnl:PsLookupProcessByProcessId (0x14 0x53e5bc) stub fixme:ntoskrnl:PsLookupProcessByProcessId (0x18 0x53e5bc) stub fixme:ntoskrnl:PsLookupProcessByProcessId (0x1c 0x53e5bc) stub ... fixme:ntoskrnl:PsLookupProcessByProcessId (0x7ff8 0x53e5bc) stub fixme:ntoskrnl:PsLookupProcessByProcessId (0x7ffc 0x53e5bc) stub fixme:thread:NtQueryInformationThread info class 22 not supported yet fixme:thread:NtQueryInformationThread info class 22 not supported yet fixme:thread:NtQueryInformationThread info class 22 not supported yet fixme:thread:NtQueryInformationThread info class 22 not supported yet fixme:thread:NtQueryInformationThread info class 22 not supported yet fixme:thread:NtQueryInformationThread info class 22 not supported yet fixme:thread:NtQueryInformationThread info class 22 not supported yet fixme:thread:NtQueryInformationThread info class 22 not supported yet fixme:thread:NtQueryInformationThread info class 22 not supported yet fixme:ntoskrnl:PsLookupProcessByProcessId (0x4 0x53e5bc) stub fixme:ntoskrnl:PsLookupProcessByProcessId (0x8 0x53e5bc) stub ... <repeats forever> --- snip ---
'FairplayKD.sys' kernel driver code:
--- snip --- 00541F06 8BFF MOV EDI,EDI 00541F08 55 PUSH EBP 00541F09 8BEC MOV EBP,ESP 00541F0B 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] ; process id to lookup 00541F0E 53 PUSH EBX 00541F0F 56 PUSH ESI 00541F10 F6C1 03 TEST CL,3 00541F13 75 42 JNZ SHORT 00541F57 00541F15 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+C] 00541F18 F6C3 03 TEST BL,3 00541F1B 75 3A JNZ SHORT 00541F57 00541F1D B8 E8FD0000 MOV EAX,0FDE8 ; max pid (handle) 00541F22 3BC8 CMP ECX,EAX 00541F24 77 31 JA SHORT 00541F57 00541F26 3BD8 CMP EBX,EAX 00541F28 77 2D JA SHORT 00541F57 00541F2A 3BCB CMP ECX,EBX 00541F2C 73 29 JNB SHORT 00541F57 00541F2E 8BF1 MOV ESI,ECX pid_loop: 00541F30 8D45 08 LEA EAX,DWORD PTR SS:[EBP+8] 00541F33 50 PUSH EAX 00541F34 56 PUSH ESI 00541F35 FF15 8C8A5400 CALL DWORD PTR DS:[548A8C] ; PsLookupProcessByProcessId 00541F3B 85C0 TEST EAX,EAX 00541F3D 74 0B JE SHORT 00541F4A 00541F3F 83C6 04 ADD ESI,4 00541F42 3BF3 CMP ESI,EBX 00541F44 72 EA JB SHORT 00541F30 00541F46 8BC3 MOV EAX,EBX 00541F48 EB 0F JMP SHORT 00541F59 00541F4A 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] 00541F4D FF15 888A5400 CALL DWORD PTR DS:[548A88] ; ObfDereferenceObject 00541F53 8BC6 MOV EAX,ESI 00541F55 EB 02 JMP SHORT 00541F59 00541F57 33C0 XOR EAX,EAX 00541F59 5E POP ESI 00541F5A 5B POP EBX 00541F5B 5D POP EBP 00541F5C C2 0800 RETN 8 --- snip ---
If it fails (Wine stub in this case) just go for the next process id ... genius logic at work :)
Silencing via "trace once" might be ok for this - even if the loop is still getting executed.
$ sha1sum mtasa-1.3.5.exe 7f186543892ef0877cd568ce0935c5e9641578c8 mtasa-1.3.5.exe
$ du -sh mtasa-1.3.5.exe 21M mtasa-1.3.5.exe
$ wine --version wine-1.7.21-3-gbf72c67
Regards
https://bugs.winehq.org/show_bug.cgi?id=36821
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |download URL| |http://mirror.mtasa.com/mta | |sa/main/mtasa-1.3.5.exe
https://bugs.winehq.org/show_bug.cgi?id=36821
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Version|1.7.20 |1.7.21
https://bugs.winehq.org/show_bug.cgi?id=36821
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed by SHA1| |01c2af446a325bcb5535ee1665a | |4abc7fa99c2fd Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
fixed by commit https://source.winehq.org/git/wine.git/commitdiff/01c2af446a325bcb5535ee1665...
This should be a lot less noisy now.
Thanks Sebastian
Regards
https://bugs.winehq.org/show_bug.cgi?id=36821
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #2 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 1.7.41.
https://bugs.winehq.org/show_bug.cgi?id=36821
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords| |obfuscation URL|http://mirror.mtasa.com/mta |https://web.archive.org/web |sa/main/mtasa-1.3.5.exe |/20140601064644/http://mirr | |or.mtasa.com/mtasa/main/mta | |sa-1.3.5.exe
-
wine-bugs@winehq.org -
WineHQ Bugzilla