Page 1 of 1

Win7 Guest won't boot on Vbox above v4.3.12 r93733

Posted: 20. Nov 2015, 16:17
by doveman1
I recently upgraded from 4.3.12 r93733 to 5.0.10 r104061 to install a Win10 guest, which didn't work but that's the subject of a different topic
viewtopic.php?f=2&t=74741&p=346152#p346152

I also found that my Win7 guest would no longer boot on that version though. So I started working backwards from 4.3.34 to 4.3.24 and it wouldn't boot with any of them. Then I reinstalled 4.3.12 r93733 and it works fine again now.

I've attached the log from 4.3.12 r93733, 4.3.26 r98988 and 4.3.28 r100309 in case comparing them helps to reveal where the problem might lie.

Hardware is: i5-4670k, 16GB RAM, Asus Z97-A board.

Re: Win7 Guest won't boot on Vbox above v4.3.12 r93733

Posted: 23. Nov 2015, 14:59
by scottgus1
Not running on anything after 4.3.12 is a symptom of security hardening problems. See the sticky at the top of the Windows Hosts forum.

Basically, some programs can use a normal Windows function to inject themselves into other programs to allow cross functionality. This is what causes a theme crack to work in all the windows that appear, or Antivirus to read running programs, or online-meeting software to put into the windows their extra buttons, etc. Malware can do this too, and with a super-powerful program like Virtualbox punching holes in the security levels to get more than one OS to run on a PC at once, bad things can happen.

So Virtualbox checks to see if the program that wants to inject into Virtualbox is signed with an authenticity certificate. If it's not, Virtualbox won't start.

Some program distributors haven't signed their programs. If they haven't you need to ask them to distribute a signed version. Which ones to ask? Look in the logs you posted for "supR3HardenedError", the end of the line is the unsigned program. "RadeonPro\AppProfiles64.dll" and "RivaTuner Statistics Server\RTSSHooks64.dll" are a couple I see right off. Look through the whole log.

There's also a problem where some Windows Updates damaged the Windows authenticity certificate database, causing Virtualbox to not run because it couldn't authenticate core Windows programs. These will show up in the logs as "Lacks WinVerifyTrust" errors. Updates KB3004394, KB3045999, and KB3081320 have done this so far. Uninstall those updates.

Don't run versions 4.3.14 up to, say, 4.3.28. The developers were working on a solution and gradually arrived at the correct method for checking certificates. Versions closer to 4.3.14 were more buggy, later versions less so.

Re: Win7 Guest won't boot on Vbox above v4.3.12 r93733

Posted: 23. Nov 2015, 20:14
by doveman1
Couldn't Virtualbox just block/reject any attempts to inject into it by unsigned programs, rather than just not running at all?

I imagine the reason why those programs aren't signed is because they're free projects and it would cost the authors too much to buy a certificate to sign them. In the case of RadeonPro, it's abandonware anyway.

Re: Win7 Guest won't boot on Vbox above v4.3.12 r93733

Posted: 23. Nov 2015, 20:18
by scottgus1
I'd bet that if merely blocking injection was possible the developers would have gone that way rather than preventing operation. You could ask them on their mailing list if you want.

Re: Win7 Guest won't boot on Vbox above v4.3.12 r93733

Posted: 23. Nov 2015, 20:36
by doveman1
OK. I'll have to see if there's any way to prevent RadeonPro and MSI Afterburner trying to hook into Virtualbox.

Re: Win7 Guest won't boot on Vbox above v4.3.12 r93733

Posted: 23. Nov 2015, 21:18
by doveman1
I created profiles in both programs to prevent them hooking into Virtualbox but that didn't help and they were still listed in the log but then I found I could just close both programs to fix that problem!

However, with v5.0.11-104228 my Win7 guest still didn't boot so I checked the log and found some Lacks WinVerifyTrust errors, so checked for those updates you mentioned and uninstalled KB3004394, which was the only one of those three I had installed. It still doesn't boot however. There are still "Lacks WinVerifyTrust" errors listed for the following in the Windows folders: advapi32.dll, bcrypt.dll, bcryptprimitives.dll, cfgmgr32.dll, combase.dll, crypt32.dll, cryptbase.dll, cryptnet.dll, cryptsp.dll, gpapi.dll, gdi32.dll, hal.dll, imm32.dll, kdcom.dll, kernel32.dll , msasn1.dll, msvcrt.dll, ncrypt.dll, ndis.sys, netio.sys, ntasn1.dll, ntoskrnl.exe, opengl32.dll, profapi.dll, pshed.dll, rpcrt4.dll, rsaenh.dll, sechost.dll, shlwapi.dll, user32.dll, winspool.drv, wintrust.dll,

Further, it identifies the following in the Virtualbox folder as lacking trust: msvcr100.dll, QtCoreVBox4.dll, VBoxSupLib.dll.

So maybe there's some other Windows Update that damages the Windows cert database, in addition to those three you mentioned?