RSS

Pinball on 64-Bit Alpha AXP Windows NT

jandeboevrie1 pts0 comments

Pinball on 64-bit Alpha AXP Windows NT | Virtually Fun

-->

--><br>--><br>--><br>-->

Skip to primary content

This is a guest post from Yufeng Gao

One of the most popular OS built-in games is no doubt Pinball, known by its full name 3D Pinball for Windows – Space Cadet. It started out as Full Tilt! Pinball, developed by Cinematronics and published by Maxis. It offered 3 tables, and one of them, Space Cadet, was licensed to Microsoft to be included in Microsoft Plus! 95 and, later, built into the Windows operating system.

Windows XP was the last version of Windows to include Pinball, and Raymond Chen explained why it didn’t make it to Windows Vista on his blog. The reason was it had a collision detector bug when it was compiled for 64-bit Windows, which caused the ball to pass through various objects – falling off the screen through the plunger instead of being launched, for instance. The bug rendered the game unplayable, and Raymond and his colleague were unable to find a fix in a reasonable amount of time, so he removed it. At least that’s the story we were told, for about a decade.

In 2021, NCommander launched a series of investigations to challenge that, testing Pinball on various 64-bit (IA-64 and AMD64) builds of Windows XP and pre-release Vista. He found that the 64-bit versions of Pinball were all highly playable, with only very minor glitches, and speculated that the reason for its removal was that the UI did not fit into the Windows Vista design.

Not long after NCommander published his video, Raymond followed up with a post that filled in some gaps in the story and shed more light on the bug. He said it was the 64-bit Alpha AXP version of Pinball that had the extremely bad collision detection bug. This claim had been unverifiable for the past 5 years, for the following reasons:

No 64-bit Windows was ever released for the Alpha AXP – Compaq killed Windows NT support before NT was ported to 64-bit

One 64-bit Alpha AXP NT build was leaked in 2023, but the included Pinball does not work, as it segfaults immediately upon running

I’ve had an interest in the DEC Alpha for quite some time now, mainly out of my love for DEC architectures and my love for UNIX. VAX is the direct successor of PDP-11, and Alpha is the direct successor of VAX. Earlier, some Alpha emulation breakthroughs dropped, and I was pinged by a few friends that NT 4.0 could now run on a fork of the ES40 emulator, as well as on QEMU. I never thought Alpha NT would ever run under emulation, because unlike the familiar Tru64, Linux and the BSDs, NT uses its own custom PALcode and depends on ARC (Advanced RISC Computing) instead of SRM. Of course, people noted that the emulators couldn’t run the holy grail of Alpha NT – Windows (XP?) build 2210, because its kernel would panic with a memory management error in QEMU, or wouldn’t detect the keyboard and bug out in ES40. A few trips to hell in the symbol-less NT kernel and a few MMU emulation fixes later, I was able to patch up both QEMU and ES40 to boot that only surviving 64-bit build of Alpha NT.

After torturing my brain debugging a symbol-less NT kernel without a kernel debugger, I thought I’d give fixing Pinball a go, to make things worthwhile. One of the benefits of debugging a userland process is that, while there’s still no debugger, there is Dr. Watson, which takes core dumps and performs simple post-mortems. Something is better than nothing, as people would say.

Running Pinball gives the classic crash symptom immediately, with no graphics drawn:

Dr. Watson concludes that it died of a segfault:

It gave a nice dump of registers at the time of the fault:

State Dump for Thread Id 0x124

v0=01002930 00000000 t0=00000000 00360000 t1=00000000 00000001<br>t2=00000000 00360000 t3=00000000 00000000 t4=00000000 00000000<br>t5=00000000 0000011c t6=000003ff fff8f868 t7=00000000 00303030<br>s0=000003ff fff8fac0 s1=01002930 00000000 s2=000003ff fff8fad8<br>s3=00000000 00000000 s4=00000000 0106f2a8 s5=00000000 01000000<br>fp=00000000 00000010 a0=01002930 00000000 a1=00000000 00000000<br>a2=000003ff fff8fad8 a3=00000000 30010000 a4=00000000 69e17610<br>a5=00000000 69e0a360 t8=000003ff fff8f868 t9=00000000 00000000<br>t10=00000000 00300000 t11=00000000 00000002 ra=00000000 69e9d5c0<br>t12=00000000 6a264710 at=ffffffff fffffe10 gp=00000000 00000000<br>sp=000003ff fff8fa50 zero=00000000 00000000 fpcr=08000000 00000000<br>SoftFpcr=00000000 00000000 fir=6a264710<br>psr=00000003<br>mode=1 ie=1 irql=0<br>Some disassembly around the faulting instruction:

function: Otsstrlen<br>FAULT ->00000000'6a264710: 2f700000 ldq_u t12,0(a0)<br>00000000'6a264714: 239fffff lda at,-1(zero)<br>00000000'6a264718: 4b90065c mskql at,a0,at<br>00000000'6a26471c: 4600f000 and a0,#7,v0<br>00000000'6a264720: 477c041b bis t12,at,t12<br>00000000'6a264724: 43fb01fb cmpbge zero,t12,t12<br>00000000'6a264728: 43e00520 subq zero,v0,v0<br>00000000'6a26472c: f7600005 bne t12,00000000'6a264744 Otsstrlen+00000034<br>00000000'6a264730: 2f700008 ldq_u t12,8(a0)<br>00000000'6a264734: 42011410 addq...

windows pinball alpha 000003ff kernel zero

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.