Hardening problem on 14946?

For discussions related to using VirtualBox on Windows pre-releases (e.g. Windows 10 > build 10240).
Post Reply
Garrett
Posts: 2
Joined: 18. Oct 2016, 16:17

Hardening problem on 14946?

Post by Garrett »

I've just installed the 5.1.7 r111203 (Qt5.5.1) test build, and I seem to have run into hardening issues. When I try to start an existing VM, I get the error message

---------------------------
VirtualBox - Error In supR3HardenedWinReSpawn
---------------------------
<html><b>NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e)<br>VBoxDrvStub error: Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 9c 0a 80 01 00 00 00 08 20 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume5\Windows\System32\ntdll.dll'). (rc=-626)</b><br/><br/>Make sure the kernel module has been loaded successfully.<br><br><!--EOM-->where: supR3HardenedWinReSpawn
what: 3
VERR_LDRPE_LOAD_CONFIG_SIZE (-626) - The PE loader encountered an unknown load config directory/header size.
</html>

I'm not sure how to parse the suggestion "Make sure the kernel module has been loaded successfully" on Windows... there doesn't seem to be a service named 'Oracle' anything or 'VirtualBox' anything that might have failed to start.

(Edited to fix version number.)
Last edited by Garrett on 18. Oct 2016, 19:12, edited 1 time in total.
Top
mpack
Site Moderator
Posts: 39134
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Hardening problem on 14946?

Post by mpack »

Garrett wrote:I've just installed the 5.0.1 r111203 (Qt 5.51) test build
Why? The 5.0.2 release version came out in August 2015. The 5.0.x development branch has reached 5.0.26. The current release is 5.1.6.

You understand that test builds are unsupported short term experiments, right?

I'm puzzled why someone would expect an older VirtualBox test build to be compatible with the latest Win10 preview host?
Top
Garrett
Posts: 2
Joined: 18. Oct 2016, 16:17

Re: Hardening problem on 14946?

Post by Garrett »

mpack wrote:
Garrett wrote:I've just installed the 5.0.1 r111203 (Qt 5.51) test build
Why? The 5.0.2 release version came out in August 2015. The 5.0.x development branch has reached 5.0.26. The current release is 5.1.6.

You understand that test builds are unsupported short term experiments, right?

I'm puzzled why someone would expect an older VirtualBox test build to be compatible with the latest Win10 preview host?
My apologies. I reported the wrong version number. I am indeed using Version 5.1.7 r111203 (Qt5.5.1).
Top
Palarnik
Posts: 13
Joined: 21. Jun 2016, 15:05

Re: Hardening problem on 14946?

Post by Palarnik »

I too am having this problem. At least 5.1.8 started on the last windows insider release.
Unfortunately for all of us a new new insider release showed up today - 14951.

More details:

Code: Select all

2888.48a8: Log file opened: 5.1.8r111374 g_hStartupLog=0000000000000060 g_uNtVerCombined=0xa03a6700
2888.48a8: \SystemRoot\System32\ntdll.dll:
2888.48a8:     CreationTime:    2016-10-15T08:33:03.782472300Z
2888.48a8:     LastWriteTime:   2016-10-15T08:33:03.782472300Z
2888.48a8:     ChangeTime:      2016-10-20T03:30:16.065714900Z
2888.48a8:     FileAttributes:  0x20
2888.48a8:     Size:            0x1cce58
2888.48a8:     NT Headers:      0xe0
2888.48a8:     Timestamp:       0x5801a0c2
2888.48a8:     Machine:         0x8664 - amd64
2888.48a8:     Timestamp:       0x5801a0c2
2888.48a8:     Image Version:   10.0
2888.48a8:     SizeOfImage:     0x1d1000 (1904640)
2888.48a8:     Resource Dir:    0x168000 LB 0x67da8
2888.48a8:     ProductName:     Microsoft® Windows® Operating System
2888.48a8:     ProductVersion:  10.0.14951.1000
2888.48a8:     FileVersion:     10.0.14951.1000 (rs_prerelease.161014-1700)
2888.48a8:     FileDescription: NT Layer DLL
2888.48a8: \SystemRoot\System32\kernel32.dll:
2888.48a8:     CreationTime:    2016-10-15T08:32:50.687836500Z
2888.48a8:     LastWriteTime:   2016-10-15T08:32:50.687836500Z
2888.48a8:     ChangeTime:      2016-10-20T03:30:15.596965300Z
2888.48a8:     FileAttributes:  0x20
2888.48a8:     Size:            0xa9b90
2888.48a8:     NT Headers:      0xf0
2888.48a8:     Timestamp:       0x5801a32f
2888.48a8:     Machine:         0x8664 - amd64
2888.48a8:     Timestamp:       0x5801a32f
2888.48a8:     Image Version:   10.0
2888.48a8:     SizeOfImage:     0xac000 (704512)
2888.48a8:     Resource Dir:    0xaa000 LB 0x528
2888.48a8:     ProductName:     Microsoft® Windows® Operating System
2888.48a8:     ProductVersion:  10.0.14951.1000
2888.48a8:     FileVersion:     10.0.14951.1000 (rs_prerelease.161014-1700)
2888.48a8:     FileDescription: Windows NT BASE API Client DLL
2888.48a8: \SystemRoot\System32\KernelBase.dll:
2888.48a8:     CreationTime:    2016-10-15T08:33:01.172920600Z
2888.48a8:     LastWriteTime:   2016-10-15T08:33:01.172920600Z
2888.48a8:     ChangeTime:      2016-10-20T03:30:15.612590100Z
2888.48a8:     FileAttributes:  0x20
2888.48a8:     Size:            0x230800
2888.48a8:     NT Headers:      0x100
2888.48a8:     Timestamp:       0x5801a169
2888.48a8:     Machine:         0x8664 - amd64
2888.48a8:     Timestamp:       0x5801a169
2888.48a8:     Image Version:   10.0
2888.48a8:     SizeOfImage:     0x231000 (2297856)
2888.48a8:     Resource Dir:    0x213000 LB 0x550
2888.48a8:     ProductName:     Microsoft® Windows® Operating System
2888.48a8:     ProductVersion:  10.0.14951.1000
2888.48a8:     FileVersion:     10.0.14951.1000 (rs_prerelease.161014-1700)
2888.48a8:     FileDescription: Windows NT BASE API Client DLL
2888.48a8: \SystemRoot\System32\apisetschema.dll:
2888.48a8:     CreationTime:    2016-10-15T08:32:59.344671700Z
2888.48a8:     LastWriteTime:   2016-10-15T08:32:59.344671700Z
2888.48a8:     ChangeTime:      2016-10-20T03:30:14.800091200Z
2888.48a8:     FileAttributes:  0x20
2888.48a8:     Size:            0x19310
2888.48a8:     NT Headers:      0xc8
2888.48a8:     Timestamp:       0x5801a5cb
2888.48a8:     Machine:         0x8664 - amd64
2888.48a8:     Timestamp:       0x5801a5cb
2888.48a8:     Image Version:   10.0
2888.48a8:     SizeOfImage:     0x1b000 (110592)
2888.48a8:     Resource Dir:    0x1a000 LB 0x418
2888.48a8:     ProductName:     Microsoft® Windows® Operating System
2888.48a8:     ProductVersion:  10.0.14951.1000
2888.48a8:     FileVersion:     10.0.14951.1000 (rs_prerelease.161014-1700)
2888.48a8:     FileDescription: ApiSet Schema DLL
2888.48a8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2888.48a8: supR3HardenedWinFindAdversaries: 0x0
2888.48a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox'
2888.48a8: Calling main()
2888.48a8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2888.48a8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox'
2888.48a8: SUPR3HardenedMain: Respawn #1
2888.48a8: System32:  \Device\HarddiskVolume6\Windows\System32
2888.48a8: WinSxS:    \Device\HarddiskVolume6\Windows\WinSxS
2888.48a8: KnownDllPath: C:\WINDOWS\System32
2888.48a8: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2888.48a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2888.48a8: supR3HardNtEnableThreadCreation:
2888.48a8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcc1feae70 pvNtTerminateThread=00007ffcc20130b0
2888.48a8: supR3HardenedWinDoReSpawn(1): New child 2fd8.3eec [kernel32].
2888.48a8: supR3HardNtChildGatherData: PebBaseAddress=0000000001091000 cbPeb=0x388
2888.48a8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcc1f70000 uNtDllChildAddr=00007ffcc1f70000
2888.48a8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcc1feae70
2888.48a8: supR3HardenedWinSetupChildInit: Start child.
2888.48a8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2888.48a8: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 30 sleeps
2888.48a8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2888.48a8:  *0000000000000000-ffffffffff02ffff 0x0001/0x0000 0x0000000
2888.48a8:  *0000000000fd0000-0000000000faffff 0x0004/0x0004 0x0020000
2888.48a8:  *0000000000ff0000-0000000000febfff 0x0002/0x0002 0x0040000
2888.48a8:   0000000000ff4000-0000000000fe7fff 0x0001/0x0000 0x0000000
2888.48a8:  *0000000001000000-0000000000f6efff 0x0000/0x0004 0x0020000
2888.48a8:   0000000001091000-000000000108dfff 0x0004/0x0004 0x0020000
2888.48a8:   0000000001094000-0000000000f27fff 0x0000/0x0004 0x0020000
2888.48a8:  *0000000001200000-00000000011e7fff 0x0002/0x0002 0x0040000
2888.48a8:   0000000001218000-000000000120ffff 0x0001/0x0000 0x0000000
2888.48a8:  *0000000001220000-0000000001124fff 0x0000/0x0004 0x0020000
2888.48a8:   000000000131b000-0000000001317fff 0x0104/0x0004 0x0020000
2888.48a8:   000000000131e000-000000000131bfff 0x0004/0x0004 0x0020000
2888.48a8:  *0000000001320000-000000000131dfff 0x0004/0x0004 0x0020000
2888.48a8:   0000000001322000-ffffffff82663fff 0x0001/0x0000 0x0000000
2888.48a8:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2888.48a8:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2888.48a8:   000000007fff0000-ffff800a07faffff 0x0001/0x0000 0x0000000
2888.48a8:  *00007ff6f8030000-00007ff6f800cfff 0x0002/0x0002 0x0040000
2888.48a8:   00007ff6f8053000-00007ff6f70f5fff 0x0001/0x0000 0x0000000
2888.48a8:  *00007ff6f8fb0000-00007ff6f8fb0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
2888.48a8:   00007ff6f8fb1000-00007ff6f901ffff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
2888.48a8:   00007ff6f9020000-00007ff6f9020fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
2888.48a8:   00007ff6f9021000-00007ff6f9065fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
2888.48a8:   00007ff6f9066000-00007ff6f9066fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
2888.48a8:   00007ff6f9067000-00007ff6f9067fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
2888.48a8:   00007ff6f9068000-00007ff6f906cfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
2888.48a8:   00007ff6f906d000-00007ff6f906dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
2888.48a8:   00007ff6f906e000-00007ff6f906efff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
2888.48a8:   00007ff6f906f000-00007ff6f9072fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
2888.48a8:   00007ff6f9073000-00007ff6f90bafff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
2888.48a8:   00007ff6f90bb000-00007ff130205fff 0x0001/0x0000 0x0000000
2888.48a8:  *00007ffcc1f70000-00007ffcc1f70fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2888.48a8:   00007ffcc1f71000-00007ffcc2078fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2888.48a8:   00007ffcc2079000-00007ffcc20bcfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2888.48a8:   00007ffcc20bd000-00007ffcc20c4fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2888.48a8:   00007ffcc20c5000-00007ffcc20d2fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2888.48a8:   00007ffcc20d3000-00007ffcc20d3fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2888.48a8:   00007ffcc20d4000-00007ffcc20d6fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2888.48a8:   00007ffcc20d7000-00007ffcc2140fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2888.48a8:   00007ffcc2141000-00007ff9842a1fff 0x0001/0x0000 0x0000000
2888.48a8:  *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2888.48a8: VirtualBox.exe: timestamp 0x58062715 (rc=VINF_SUCCESS)
2888.48a8: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2888.48a8: '\Device\HarddiskVolume6\Windows\System32\ntdll.dll' has no imports
2888.48a8: supR3HardNtChildPurify: Done after 286 ms and 0 fixes (loop #0).
2fd8.3eec: Log file opened: 5.1.8r111374 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03a6700
2fd8.3eec: supR3HardenedVmProcessInit: uNtDllAddr=00007ffcc1f70000 g_uNtVerCombined=0xa03a6700
2888.48a8: supR3HardNtEnableThreadCreation:
2fd8.3eec: ntdll.dll: timestamp 0x5801a0c2 (rc=VINF_SUCCESS)
2fd8.3eec: New simple heap: #1 0000000001430000 LB 0x400000 (for 1904640 allocation)
2fd8.3eec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox'
2fd8.3eec: System32:  \Device\HarddiskVolume6\Windows\System32
2fd8.3eec: WinSxS:    \Device\HarddiskVolume6\Windows\WinSxS
2fd8.3eec: KnownDllPath: C:\WINDOWS\System32
2fd8.3eec: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2fd8.3eec: supR3HardenedWinReadErrorInfoDevice: 'Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 5e 0a 80 01 00 00 00 08 70 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume6\Windows\System32\ntdll.dll').'
2fd8.3eec: Error -626 in supR3HardenedWinReSpawn! (enmWhat=3)
2fd8.3eec: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e)
VBoxDrvStub error: Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 5e 0a 80 01 00 00 00 08 70 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume6\Windows\System32\ntdll.dll').
2888.48a8: supR3HardenedWinCheckChild: enmRequest=2 rc=-626 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e)
VBoxDrvStub error: Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 5e 0a 80 01 00 00 00 08 70 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume6\Windows\System32\ntdll.dll').
2888.48a8: Error -626 in supR3HardenedWinReSpawn! (enmWhat=3)
2888.48a8: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e)
VBoxDrvStub error: Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 5e 0a 80 01 00 00 00 08 70 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume6\Windows\System32\ntdll.dll').
Top
Palarnik
Posts: 13
Joined: 21. Jun 2016, 15:05

Re: Hardening problem on 14959 (vbox 5.1.8)

Post by Palarnik »

Still having issues on yet another insider release 14959 - Still reporting "Grown load config (192 to 232 bytes)"
Top
Palarnik
Posts: 13
Joined: 21. Jun 2016, 15:05

Re: Hardening problem on 14946?

Post by Palarnik »

Seems that Insider Fast releases haven't fixed it yet. Currently on 14959.
Top
Post Reply

Return to “VirtualBox on Windows pre-releases”