Windows 4.3.16 specifically for errors due to security

Discussions related to using VirtualBox on Windows hosts.
Locked
quiettime
Posts: 32
Joined: 17. Jan 2013, 06:19

Re: Windows 4.3.16 specifically for errors due to security

Post by quiettime »

bird wrote:Test build #2: https://www.virtualbox.org/download/tes ... 87-Win.exe

This hopefully fixes the VERR_SUPDRV_APIPORT_OPEN_ERROR problem some of you have been seeing.
@quiettime, @sydbarrett74, @fhoff2: Would be cool to get feedback on that.
This build works for me, thank you for fixing the issue. What exactly did you do, and were you able to figure out what it is about my system that it uses a different object type? I'm a programmer and I'm curious about the technical details. If there's a commit behind it please point me to it. Thanks again
TH0R
Posts: 2
Joined: 10. Sep 2014, 13:03
Primary OS: MS Windows 7
VBox Version: OSE other
Guest OSses: RHEL,OEL,W2k8,W2k12
Location: Groningen

Re: Windows 4.3.16 specifically for errors due to security

Post by TH0R »

bird wrote: @thor: Some ownership trouble with comctl32.dll (in WinSxS dir), I've relaxed the requirements so that should work. It's possible, though, that the ownership issue was caused by someone modifying the DLL. Please let me know how the new build works for you.

Enjoy,
bird.
Hello bird.

Thanks for the reply.
I installed VirtualBox-4.3.17-96087-Win.exe and my problems are gone

I really like the quick response and quick fix.
A lot of companies can learn alot from this :-)
RelakS
Posts: 15
Joined: 15. Sep 2014, 09:53

Re: Windows 4.3.16 specifically for errors due to security

Post by RelakS »

Oh, hi,

4.3.17 build 96087
Windows 7 64 bit
McAffee (ver 8.0.0.2151, contains endpoit encription too)

When I start a VM:
Error In supR3HardenedWinVerifyProcess
Failed to verify process integrity: (rc-5633)
Next dialog:

Failed to open a session for the virtual machine BentlyTestPC.

The virtual machine 'BentlyTestPC' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\105038609\VirtualBox VMs\BN3500 and System1\BentlyTestPC\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

vboxstartup.log is zipped and attached
Attachments
VBoxStartup.zip
(9.87 KiB) Downloaded 95 times
RobBrownNZ
Posts: 12
Joined: 18. May 2010, 12:31
Primary OS: MS Windows 8
VBox Version: PUEL
Guest OSses: WinXP, Gentoo64, Gentoo32

Re: Windows 4.3.16 specifically for errors due to security

Post by RobBrownNZ »

Hi,

Thanks for your continuing efforts! 4.3.17 r96087 doesn't work for me, but the error is definitely different:

Failed to open a session for the virtual machine Gentoo32.

The virtual machine 'Gentoo32' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\vm2\Gentoo32\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

My Avast! virus definitions are now 140914-1, in case you're interested.
Attachments
VBoxStartup.zip
(2.3 KiB) Downloaded 38 times
spider38
Posts: 6
Joined: 15. Sep 2014, 11:58

Re: Windows 4.3.16 specifically for errors due to security

Post by spider38 »

Trying the second test build of 4.3.17 as 4.3.16 had the issues as reported by others, but cannot start a VM.

OS is Windows 7 Profiessional SP1 64-bit.

Avast version 2014.9.0.2021, definitions version 140914-1.

When attempting to start VM, I get:
VBox error with 4.3.17 build 2.png
Failed to open a session for the virtual machine NewFamilyPC.

The virtual machine 'NewFamilyPC' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\Nick\VirtualBox VMs\NewFamilyPC\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

VBoxStartup.log attached.
VBoxStartup.zip

Code: Select all

6ec.21c: Log file opened: 4.3.17r96087 g_hStartupLog=0000000000000018 g_uNtVerCombined=0x611db110
6ec.21c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6ec.21c: supR3HardenedWinFindAdversaries: 0x4
6ec.21c: \SystemRoot\System32\drivers\aswHwid.sys:
6ec.21c:     CreationTime:    2014-04-29T13:42:12.731271000Z
6ec.21c:     LastWriteTime:   2014-07-11T15:16:02.321909300Z
6ec.21c:     ChangeTime:      2014-07-11T15:16:06.114126300Z
6ec.21c:     FileAttributes:  0x20
6ec.21c:     Size:            0x7218
6ec.21c:     NT Headers:      0xe8
6ec.21c:     Timestamp:       0x53ac048e
6ec.21c:     Machine:         0x8664 - amd64
6ec.21c:     Timestamp:       0x53ac048e
6ec.21c:     Image Version:   6.0
6ec.21c:     SizeOfImage:     0xa000 (40960)
6ec.21c:     Resource Dir:    0x8000 LB 0x460
6ec.21c:     ProductName:     avast! Antivirus 
6ec.21c:     ProductVersion:  9.0.2021.515
6ec.21c:     FileVersion:     9.0.2021.515
6ec.21c:     SpecialBuild:    feb2012
6ec.21c:     PrivateBuild:    0SpecialBuild
6ec.21c:     FileDescription: avast! HWID
6ec.21c: \SystemRoot\System32\drivers\aswMonFlt.sys:
6ec.21c:     CreationTime:    2011-09-20T14:21:15.492155700Z
6ec.21c:     LastWriteTime:   2014-07-11T15:16:02.343910600Z
6ec.21c:     ChangeTime:      2014-07-11T15:16:06.116126400Z
6ec.21c:     FileAttributes:  0x20
6ec.21c:     Size:            0x13550
6ec.21c:     NT Headers:      0xe0
6ec.21c:     Timestamp:       0x53ac04e3
6ec.21c:     Machine:         0x8664 - amd64
6ec.21c:     Timestamp:       0x53ac04e3
6ec.21c:     Image Version:   6.0
6ec.21c:     SizeOfImage:     0x22000 (139264)
6ec.21c:     Resource Dir:    0x20000 LB 0x3b8
6ec.21c:     ProductName:     avast! Antivirus 
6ec.21c:     ProductVersion:  9.0.2021.515
6ec.21c:     FileVersion:     9.0.2021.515
6ec.21c:     FileDescription: avast! File System Minifilter for Windows 2003/Vista
6ec.21c: \SystemRoot\System32\drivers\aswRdr2.sys:
6ec.21c:     CreationTime:    2012-03-23T15:02:56.824757800Z
6ec.21c:     LastWriteTime:   2014-07-11T15:16:01.899885200Z
6ec.21c:     ChangeTime:      2014-07-11T15:16:06.117126400Z
6ec.21c:     FileAttributes:  0x20
6ec.21c:     Size:            0x16d80
6ec.21c:     NT Headers:      0xf0
6ec.21c:     Timestamp:       0x53ac0508
6ec.21c:     Machine:         0x8664 - amd64
6ec.21c:     Timestamp:       0x53ac0508
6ec.21c:     Image Version:   6.1
6ec.21c:     SizeOfImage:     0x1a000 (106496)
6ec.21c:     Resource Dir:    0x18000 LB 0x3a0
6ec.21c:     ProductName:     avast! Antivirus 
6ec.21c:     ProductVersion:  9.0.2021.515
6ec.21c:     FileVersion:     9.0.2021.515 built by: WinDDK
6ec.21c:     FileDescription: avast! WFP Redirect Driver
6ec.21c: \SystemRoot\System32\drivers\aswRvrt.sys:
6ec.21c:     CreationTime:    2013-03-18T14:06:52.821465600Z
6ec.21c:     LastWriteTime:   2014-07-11T15:16:02.356911400Z
6ec.21c:     ChangeTime:      2014-07-11T15:16:06.118126500Z
6ec.21c:     FileAttributes:  0x20
6ec.21c:     Size:            0x100f0
6ec.21c:     NT Headers:      0xf8
6ec.21c:     Timestamp:       0x53ac058b
6ec.21c:     Machine:         0x8664 - amd64
6ec.21c:     Timestamp:       0x53ac058b
6ec.21c:     Image Version:   6.0
6ec.21c:     SizeOfImage:     0x13000 (77824)
6ec.21c:     Resource Dir:    0x11000 LB 0x468
6ec.21c:     ProductName:     avast! Antivirus 
6ec.21c:     ProductVersion:  9.0.2021.515
6ec.21c:     FileVersion:     9.0.2021.515
6ec.21c:     SpecialBuild:    feb2012
6ec.21c:     PrivateBuild:    0SpecialBuild
6ec.21c:     FileDescription: avast! Revert
6ec.21c: \SystemRoot\System32\drivers\aswSnx.sys:
6ec.21c:     CreationTime:    2011-09-20T14:21:16.693357800Z
6ec.21c:     LastWriteTime:   2014-07-11T15:16:02.448916600Z
6ec.21c:     ChangeTime:      2014-07-11T15:16:06.118126500Z
6ec.21c:     FileAttributes:  0x20
6ec.21c:     Size:            0xfe310
6ec.21c:     NT Headers:      0xe8
6ec.21c:     Timestamp:       0x53ac0554
6ec.21c:     Machine:         0x8664 - amd64
6ec.21c:     Timestamp:       0x53ac0554
6ec.21c:     Image Version:   6.0
6ec.21c:     SizeOfImage:     0x102000 (1056768)
6ec.21c:     Resource Dir:    0xfa000 LB 0x380
6ec.21c:     ProductName:     avast! Antivirus 
6ec.21c:     ProductVersion:  9.0.2021.515
6ec.21c:     FileVersion:     9.0.2021.515
6ec.21c:     FileDescription: avast! Virtualization Driver
6ec.21c: \SystemRoot\System32\drivers\aswsp.sys:
6ec.21c:     CreationTime:    2011-09-20T14:21:20.028674500Z
6ec.21c:     LastWriteTime:   2014-07-11T15:16:17.264764000Z
6ec.21c:     ChangeTime:      2014-07-11T15:16:17.264764000Z
6ec.21c:     FileAttributes:  0x20
6ec.21c:     Size:            0x68560
6ec.21c:     NT Headers:      0xf0
6ec.21c:     Timestamp:       0x53b44384
6ec.21c:     Machine:         0x8664 - amd64
6ec.21c:     Timestamp:       0x53b44384
6ec.21c:     Image Version:   6.0
6ec.21c:     SizeOfImage:     0x6e000 (450560)
6ec.21c:     Resource Dir:    0x6c000 LB 0x378
6ec.21c:     ProductName:     avast! Antivirus 
6ec.21c:     ProductVersion:  9.0.2021.522
6ec.21c:     FileVersion:     9.0.2021.522
6ec.21c:     FileDescription: avast! self protection module
6ec.21c: \SystemRoot\System32\drivers\aswStm.sys:
6ec.21c:     CreationTime:    2014-01-03T12:37:38.460848800Z
6ec.21c:     LastWriteTime:   2014-07-11T15:16:02.565923300Z
6ec.21c:     ChangeTime:      2014-07-11T15:16:06.120126600Z
6ec.21c:     FileAttributes:  0x20
6ec.21c:     Size:            0x16768
6ec.21c:     NT Headers:      0x108
6ec.21c:     Timestamp:       0x53ac083d
6ec.21c:     Machine:         0x8664 - amd64
6ec.21c:     Timestamp:       0x53ac083d
6ec.21c:     Image Version:   6.2
6ec.21c:     SizeOfImage:     0x19000 (102400)
6ec.21c:     Resource Dir:    0x17000 LB 0x358
6ec.21c:     ProductName:     avast! Antivirus 
6ec.21c:     ProductVersion:  9.0.2021.515
6ec.21c:     FileVersion:     9.0.2021.515
6ec.21c:     FileDescription: Stream Filter
6ec.21c: \SystemRoot\System32\drivers\aswVmm.sys:
6ec.21c:     CreationTime:    2013-03-18T14:06:53.788667300Z
6ec.21c:     LastWriteTime:   2014-07-11T15:16:02.482918600Z
6ec.21c:     ChangeTime:      2014-07-11T15:16:06.121126700Z
6ec.21c:     FileAttributes:  0x20
6ec.21c:     Size:            0x36e80
6ec.21c:     NT Headers:      0xf0
6ec.21c:     Timestamp:       0x53ac0595
6ec.21c:     Machine:         0x8664 - amd64
6ec.21c:     Timestamp:       0x53ac0595
6ec.21c:     Image Version:   6.0
6ec.21c:     SizeOfImage:     0x39000 (233472)
6ec.21c:     Resource Dir:    0x36000 LB 0x470
6ec.21c:     ProductName:     avast! Antivirus 
6ec.21c:     ProductVersion:  9.0.2021.515
6ec.21c:     FileVersion:     9.0.2021.515
6ec.21c:     SpecialBuild:    feb2012
6ec.21c:     PrivateBuild:    0SpecialBuild
6ec.21c:     FileDescription: avast! VM Monitor
6ec.21c: Calling main()
6ec.21c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
6ec.21c: SUPR3HardenedMain: Respawn #1
6ec.21c: System32:  \Device\HarddiskVolume1\Windows\System32
6ec.21c: WinSxS:    \Device\HarddiskVolume1\Windows\winsxs
6ec.21c: ProgDir:   \Device\HarddiskVolume1\Program Files
6ec.21c: ComDir:    \Device\HarddiskVolume1\Program Files\Common Files
6ec.21c: ProgDir32: \Device\HarddiskVolume1\Program Files (x86)
6ec.21c: ComDir32:  \Device\HarddiskVolume1\Program Files (x86)\Common Files
6ec.21c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6ec.21c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
6ec.21c: supR3HardNtEnableThreadCreation:
6ec.21c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000771ec340 pvNtTerminateThread=00000000772117e0
6ec.21c: supR3HardenedWinDoReSpawn(1): New child 1458.17e8 [kernel32].
6ec.21c: supR3HardenedWinPurifyChild: PebBaseAddress=000007fffffdb000 cbPeb=0x380
6ec.21c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000771c0000 uNtDllChildAddr=00000000771c0000
6ec.21c: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=00000000771ec340 uNtTerminateThread=00000000772117e0
6ec.21c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000771ec340 pvNtTerminateThread=00000000772117e0
6ec.21c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll
6ec.21c: supR3HardNtPuChTriggerInitialImageEvents: kernel32.dll mapped at 0000000076fa0000 LB 0x11f000
6ec.21c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of KernelBase.dll
6ec.21c: supR3HardNtPuChTriggerInitialImageEvents: KernelBase.dll mapped at 000007fefd090000 LB 0x6c000
6ec.21c: supR3HardNtPuChTriggerInitialImageEvents: Startup delay kludge #1: 78 ms
6ec.21c: supR3HardNtEnableThreadCreation:
6ec.21c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
6ec.21c:  *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
6ec.21c:  *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
6ec.21c:  *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
6ec.21c:   0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
6ec.21c:  *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
6ec.21c:   0000000000041000-ffffffffffeb1fff 0x0001/0x0000 0x0000000
6ec.21c:  *00000000001d0000-00000000000d3fff 0x0000/0x0004 0x0020000
6ec.21c:   00000000002cc000-00000000002c8fff 0x0104/0x0004 0x0020000
6ec.21c:   00000000002cf000-00000000002cdfff 0x0004/0x0004 0x0020000
6ec.21c:  *00000000002d0000-00000000002cdfff 0x0040/0x0040 0x0020000 !!
6ec.21c: supHardNtVpScanVirtualMemory: Freeing exec mem at 00000000002d0000 (00000000002d0000 LB 0x2000)
6ec.21c:   00000000002d2000-ffffffff89603fff 0x0001/0x0000 0x0000000
6ec.21c:  *0000000076fa0000-0000000076f9efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
6ec.21c:   0000000076fa1000-0000000076f05fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
6ec.21c:   000000007703c000-0000000076fcdfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
6ec.21c:   00000000770aa000-00000000770a7fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
6ec.21c:   00000000770ac000-0000000077098fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
6ec.21c:   00000000770bf000-0000000076fbdfff 0x0001/0x0000 0x0000000
6ec.21c:  *00000000771c0000-00000000771befff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
6ec.21c:   00000000771c1000-00000000770befff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
6ec.21c:   00000000772c3000-0000000077293fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
6ec.21c:   00000000772f2000-00000000772e9fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
6ec.21c:   00000000772fa000-00000000772f8fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
6ec.21c:   00000000772fb000-00000000772f7fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
6ec.21c:   00000000772fe000-0000000077292fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
6ec.21c:   0000000077369000-000000006f6f1fff 0x0001/0x0000 0x0000000
6ec.21c:  *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
6ec.21c:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
6ec.21c:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
6ec.21c:   000000007fff0000-ffffffffc081ffff 0x0001/0x0000 0x0000000
6ec.21c:  *000000013f7c0000-000000013f7befff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
6ec.21c:   000000013f7c1000-000000013f740fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
6ec.21c:   000000013f841000-000000013f83ffff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
6ec.21c:   000000013f842000-000000013f807fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
6ec.21c:   000000013f87c000-000000013f872fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
6ec.21c:   000000013f885000-000000013f84bfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
6ec.21c:   000000013f8be000-fffff803820ebfff 0x0001/0x0000 0x0000000
6ec.21c:  *000007fefd090000-000007fefd08efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
6ec.21c:   000007fefd091000-000007fefd046fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
6ec.21c:   000007fefd0db000-000007fefd0c4fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
6ec.21c:   000007fefd0f1000-000007fefd0eefff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
6ec.21c:   000007fefd0f3000-000007fefd0e9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
6ec.21c:   000007fefd0fc000-000007fefad17fff 0x0001/0x0000 0x0000000
6ec.21c:  *000007feff4e0000-000007feff4defff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
6ec.21c:   000007feff4e1000-000007fdfea11fff 0x0001/0x0000 0x0000000
6ec.21c:  *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
6ec.21c:   000007fffffd3000-000007fffffcafff 0x0001/0x0000 0x0000000
6ec.21c:  *000007fffffdb000-000007fffffd9fff 0x0004/0x0004 0x0020000
6ec.21c:   000007fffffdc000-000007fffffd9fff 0x0001/0x0000 0x0000000
6ec.21c:  *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
6ec.21c:  *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
6ec.21c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6ec.21c: Error (rc=-5663):
6ec.21c: The process already has KERNEL32.DLL loaded.
6ec.21c: Fatal error:
6ec.21c: The process already has KERNEL32.DLL loaded.
bird
Oracle Corporation
Posts: 127
Joined: 10. May 2007, 10:27

Re: Windows 4.3.16 specifically for errors due to security

Post by bird »

@quiettime: Glad to hear it works.
Background: I need to figure out which CSRSS.EXE process to allow a little extra access privileges to the VM process. There is one CSRSS per session, so with Vista+ there are generally at least two to choose from. More importantly I cannot allow myself to be fooled by fake CSRSS processes. Now, each csrss creates an ApiPort LPC/APLC port object in \Windows\ or \Sessions\x\Windows\ in the NT namespace. The object of course keeps track of which process created it, i.e. storing the EPROCESS pointer somewhere inside the object data. So, to positively identify the correct CSRSS I get the pointer to the ApiPort object for the VM process and checks if I can find the process pointer for CSRSS candidates inside it.

Now, to get to the ApiPort object I need the NT object type pointer. This is normally pointed to by the LpcPortObjectType export of ntoskrnl.exe. Except on your system it isn't. I've no idea why, that is so, I've got four theories: 1. The NT kernel may be configured to provide something compatible with the pre-Vista LPC implementation. 2. Some AV/protection software or the NT kernel has changed it on purpose so that getting to ALPC objects are more difficult. 3. Some driver is messing with it by accident. 4. Some rootkit-like thing is present and has hooked it.

The workaround I implemented was to create a temporary ALPC object of my own and get its type using the undocumented ObGetObjectType() API that was added in Windows 7.
You can find the actual code here: https://www.virtualbox.org/browser/vbox ... .cpp#L2136

-bird

PS. Build #2 broke avast, new build is being built...
Knut St. Osmundsen
Oracle Corporation
rexcat
Posts: 32
Joined: 13. Sep 2014, 16:11

Re: Windows 4.3.16 specifically for errors due to security

Post by rexcat »

VirtualBox-4.3.17-96087,virtualbox.exe is still cannot run.

Code: Select all

Faulting application name: VirtualBox.exe, version: 0.0.0.0, time stamp: 0x5415fe08
Faulting module name: VirtualBox.exe, version: 0.0.0.0, time stamp: 0x5415fe08
Exception code: 0xc0000005
Fault offset: 0x0000000000018158
Faulting process id: 0x1640
Faulting application start time: 0x01cfd0dbc3ccefa2
Faulting application path: C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
Faulting module path: C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
Report Id: 019724ba-3ccf-11e4-9913-902b343974b0
bird
Oracle Corporation
Posts: 127
Joined: 10. May 2007, 10:27

Re: Windows 4.3.16 specifically for errors due to security

Post by bird »

Hi!

the previous build (#2) broke things for all avast users. Frightfully sorry about that. Here is a new build that fixes that blunder.

Test build #3: https://www.virtualbox.org/download/tes ... 01-Win.exe

@RobBrownNZ, @spider38: Please try the new build, it should fix the problem you were seeing with build #2.

@derscherjm, @Limeroli, @rnewman, @Gurvender.Bahia: Would be great if you could take the new build for a spin.

Cheers,
bird.
Knut St. Osmundsen
Oracle Corporation
bird
Oracle Corporation
Posts: 127
Joined: 10. May 2007, 10:27

Re: Windows 4.3.16 specifically for errors due to security

Post by bird »

rexcat wrote:VirtualBox-4.3.17-96087,virtualbox.exe is still cannot run.

Code: Select all

Faulting application name: VirtualBox.exe, version: 0.0.0.0, time stamp: 0x5415fe08
Faulting module name: VirtualBox.exe, version: 0.0.0.0, time stamp: 0x5415fe08
Exception code: 0xc0000005
Fault offset: 0x0000000000018158
Faulting process id: 0x1640
Faulting application start time: 0x01cfd0dbc3ccefa2
Faulting application path: C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
Faulting module path: C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
Report Id: 019724ba-3ccf-11e4-9913-902b343974b0
The disassembly at 0x18158 in VirtualBox.exe unfortunately makes no sense to me, I mean, we should not be executing anything at that address. So, the question is what caused us to get there.

I need at least the VBoxStartup.log for the crashing process in order to be able to help you (ideally I'd like a minidump of the crashing process of course).

Cheers,
bird.
Knut St. Osmundsen
Oracle Corporation
spider38
Posts: 6
Joined: 15. Sep 2014, 11:58

Re: Windows 4.3.16 specifically for errors due to security

Post by spider38 »

Test build #3 installer won't run to completion, I get an error:

There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.
VBox 4.3.17 build 3 installer error.png
VBox 4.3.17 build 3 installer error.png (25.68 KiB) Viewed 12899 times
bird
Oracle Corporation
Posts: 127
Joined: 10. May 2007, 10:27

Re: Windows 4.3.16 specifically for errors due to security

Post by bird »

LangTuBuon wrote:1. Windows Server 2003 R2 SP2 + VirtualBox-4.3.16-95972-Win.exe
2. Attachments
3. Symantec Endpoint Protection v11.0.5002.333

Note: Unikey (Vietnamese Keyboard for Windows - unikey (.) org )
Could you please describe your problem? Because I cannot see anything obviously wrong in the log file, except that (1) you didn't try the latest test build, and (2) you won't have UniKey functionality available in the VM process. The problem with UniKey is that they don't ship signed binaries, and we just won't load anything that isn't signed in some verifiable way.

Cheers,
bird.
Knut St. Osmundsen
Oracle Corporation
MikeDiack
Posts: 75
Joined: 20. Mar 2009, 15:57
Primary OS: MS Windows 8.1
VBox Version: PUEL
Guest OSses: Win 10, Win 7, XP, Linux, Win 8.1, Win 2000, Win NT 4
Location: UK

Re: Windows 4.3.16 specifically for errors due to security

Post by MikeDiack »

Hi bird

I agree with spider38. The earlier build 4.3.17.96087 installs and works fine for me (Win 7 x64 SP1, SEP 12.1.4112.4156)

BUT:

Test build 3, 4.3.17.96096, fails to install with the same message about a DLL not being able to be run (as spider's screenshot showed).

It looks to me like the installer for that build is broken in some way.

Mike
Last edited by MikeDiack on 15. Sep 2014, 15:47, edited 1 time in total.
bird
Oracle Corporation
Posts: 127
Joined: 10. May 2007, 10:27

Re: Windows 4.3.16 specifically for errors due to security

Post by bird »

te777 wrote:I am using VBox 4.3.12 on Windows 7 SP1 64 bit Home Premium host. Tried 4.3.16 but VMs wouldn't launch. Spinning circle only. I am using Norton Internet Security 2014. I used a Windows 7 SP1 32 bit virtual machine to install VBox 4.3.16 on. That VM has no anti-virus except the stock Windows Defender. Windows updates on it hadn't been done since 7/21/2014. I then created a small Windows XP VM inside that Windows 7 VM and it ran fine. I then did the Windows Updates on that Windows 7 VM and the XP VM still ran fine inside the Windows 7 VM. Hope this info helps.
Tom, could you please try the latest test build (#3).

Kind Regards,
bird.
Knut St. Osmundsen
Oracle Corporation
MikeDiack
Posts: 75
Joined: 20. Mar 2009, 15:57
Primary OS: MS Windows 8.1
VBox Version: PUEL
Guest OSses: Win 10, Win 7, XP, Linux, Win 8.1, Win 2000, Win NT 4
Location: UK

Re: Windows 4.3.16 specifically for errors due to security

Post by MikeDiack »

Hi bird

For what it's worth, I found this in Windows Event Log indicative of the problem that occuredd installing test build 3:

Mike

See below :

Product: Oracle VM VirtualBox 4.3.17 -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action ca_UninstallTAPInstances, entry: UninstallTAPInstances, library: C:\WINDOWS\Installer\MSI126A.tmp
(NULL)
(NULL)
(NULL)
(NULL)
(NULL)

7B43354436313533442D303132302D343632342D393330452D3237373136384143343637367D


--------------------------------------------------------------------------------

Binary data:


In Words

0000: 4435437B 33353136 31302D44 342D3032
0008: 2D343236 45303339 3737322D 41383631
0010: 37363443 7D36


In Bytes

0000: 7B 43 35 44 36 31 35 33 {C5D6153
0008: 44 2D 30 31 32 30 2D 34 D-0120-4
0010: 36 32 34 2D 39 33 30 45 624-930E
0018: 2D 32 37 37 31 36 38 41 -277168A
0020: 43 34 36 37 36 7D C4676}
bird
Oracle Corporation
Posts: 127
Joined: 10. May 2007, 10:27

Re: Windows 4.3.16 specifically for errors due to security

Post by bird »

Test build #3 is broken. Working on a replacement...
Knut St. Osmundsen
Oracle Corporation
Locked