views:

134

answers:

1

I am using some dell workstations(running WinXP Pro SP 2 & DeepFreeze) for development, but something was recenlty loaded onto these machines that prevents any opengl call(the call locks) from completing(and I know the code works as I have tested it on 'clean' machines, I also tested with simple opengl apps generated by dev-cpp, which will also lock on the dell machines).

I have tried to debug my own apps to see where exactly the gl calls freeze, but there is some global system hook on ZwQueryInformationProcess that messes up calls to ZwQueryInformationThread(used by ExitThread), preventing me from debugging at all(it causes the debugger, OllyDBG, to go into an access violation reporting loop or the program to crash if the exception is passed along). the hook:

ntdll.ZwQueryInformationProcess 7C90D7E0       B8 9A000000          MOV EAX,9A
7C90D7E5                                       BA 0003FE7F          MOV EDX,7FFE0300
7C90D7EA                                       FF12                 CALL DWORD PTR DS:[EDX]
7C90D7EC                                     - E9 0F28448D          JMP 09D50000
7C90D7F1                                       9B                   WAIT
7C90D7F2                                       0000                 ADD BYTE PTR DS:[EAX],AL
7C90D7F4                                       00BA 0003FE7F        ADD BYTE PTR DS:[EDX+7FFE0300],BH
7C90D7FA                                       FF12                 CALL DWORD PTR DS:[EDX]
7C90D7FC                                       C2 1400              RETN 14
7C90D7FF                                       90                   NOP
ntdll.ZwQueryInformationToken 7C90D800         B8 9C000000          MOV EAX,9C

the messed up function + call:

ntdll.ZwQueryInformationThread 7C90D7F0        8D9B 000000BA        LEA EBX,DWORD PTR DS:[EBX+BA000000]
7C90D7F6                                       0003                 ADD BYTE PTR DS:[EBX],AL
7C90D7F8                                       FE                   ???                                                          ; Unknown command
7C90D7F9                                       7F FF                JG SHORT ntdll.7C90D7FA
7C90D7FB                                       12C2                 ADC AL,DL
7C90D7FD                                       14 00                ADC AL,0
7C90D7FF                                       90                   NOP
ntdll.ZwQueryInformationToken 7C90D800         B8 9C000000          MOV EAX,9C

So firstly, anyone know what if anything would lead to OpenGL calls cause an infinite lock,and if there are any ways around it? and what would be creating such a hook in kernal memory ?

Update: After some more fiddling, I have discovered a few more kernal hooks, a lot of them are used to nullify data returned by system information calls(such as the remote debugging port), I also managed to find out the what ever is doing this is using madchook.dll(by madshi) to do this, this dll is also injected into every running process(these seem to be some anti debugging code). Also, on the OpenGL side, it seems Direct X is fine/unaffected(I ran one of the DX 9 demo's without problems), so could one of these kernal hooks somehow affect OpenGL?

A: 

This smells awfully like some malware trying to hide itself on your system (and getting it wrong). Have you tried scanning your system with an up-to-date antivirus?

Edit: A quick Google search for madchook.dll reveals that it's used by various spyware/dialers/other malware. DO run your antivirus ASAP.

slacker
1) I googled madchooh(how else would I know who madshi it?) when I found out what its doing, I know exactly what its varous uses are2) these machines aren't my property, they also cannot have any new programs loaded onto that require restarts(which is like 90% of the AV's out there), due to deep freeze3) the PC's do have anti-virus(McAffee), but its utterly useless, however the use of madchook isn't part of a virus/malware in this case, its part of something else(some system/network admin tool suite or something in that vein)
Necrolis
@Necrolis:In this case, you should ask your administrator about this. It is perfectly possible that those kernel hooks screw up the OpenGL driver.
slacker
I already have, however they are pretty much as useless as the anti-virus they use :|, hence the need to find a way around it, doesn matter much anymore though, switched over to Direct X
Necrolis