Windows 4.3.18 specifically for errors due to security

Discussions related to using VirtualBox on Windows hosts.

Re: Windows 4.3.18 specifically for errors due to security

Postby MuldeR » 8. Nov 2014, 20:06

VirtualBox 4.3.19, Testbuild 96602 / 96825

Image

This happens with all VM's I try to start. So the bug in v4.3.18 release has not been fixed yet.

The last VirtualBox version that was still working on Windows 7 (x64) was 4.3.16. Anything after that appears broken :?

System: Windows 7 (x64), Service Pack 1, fully patched
Antivirus: Microsoft Security Essentials
Attachments
VBoxStartup.zip
(21.97 KiB) Downloaded 201 times
VBox.zip
(8.16 KiB) Downloaded 155 times
MuldeR
 
Posts: 24
Joined: 25. Aug 2014, 20:45

Re: Windows 4.3.18 specifically for errors due to security

Postby intrepid_ibex » 9. Nov 2014, 14:53

New error after update of Avast.

Virtual-box-version: 4.3.18r96516
Host: Windows 7, 64bit, version.: 6.1, build: 7601
Host-antivirus: Avast Free Antivirus, version: 2015.10.0.2208

Will downgrade to to 4.3.12 until first test-build will be available.
Attachments
VBoxStartup.zip
(36.56 KiB) Downloaded 113 times
intrepid_ibex
 
Posts: 5
Joined: 10. Sep 2014, 19:51

Re: Windows 4.3.18 specifically for errors due to security

Postby MikeDiack » 10. Nov 2014, 10:52

Using test build 4.3.19 r96825
Win7 x64 SP1 Host running Symantec Endpoint Protection 12.1.5 (12.1 RU5) build 5337 (12.1.5337.5000)

Trying to running a Windows XP guest (same effect for Windows 7x86 guests also)

1) Nothing appears to happen after doubleclicking the VM to start it.
2) After approx 1 min a window appears:

Title: VirtualBox - Error In supR3HardNtChildWaitFor
Message: Timed out after 60010 ms waiting for child request #1 (CloseEvents). (rc=258)

With an Abort button.

3) When abort is clicked, another message box is shown:

Title: VirtualBox - Error
Message: Failed to open a session for the virtual machine WS_XP.

The virtual machine 'WS_XP' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\MDiack\VirtualBox VMs\WS_XP\Logs\VBoxStartup.log'.

Details:
Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}

Startup log attached.
Attachments
VBoxStartup.log
Startup log running Using test build 4.3.19 r96825 on Win7 x64 SP1 Host running Symantec Endpoint Protection 12.1.5 (12.1 RU5) build 5337 (12.1.5337.5000), with a Windows XP guest
(16.65 KiB) Downloaded 58 times
MikeDiack
 
Posts: 66
Joined: 20. Mar 2009, 15:57
Location: UK
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Win 7, Vista, XP, Linux, Win 8/ Win 8.1, Win 2000, Win NT 4

Re: Windows 4.3.18 specifically for errors due to security

Postby kyle_stittleburg » 11. Nov 2014, 04:00

VB Version: 4.3.18r96516
Host OS: Windows 7 Enterprise SP1
Host A/V: Symantec Endpoint Protection 11.0.7300.1294
Guest: Ubuntu or Boot2docker's Linux 2.6/3.x image
Error: Result Code: E_FAIL (0x80004005)

It's non-obvious to me based on the log file if it's due to security. I know that the Ubuntu guest I have did run prior to upgrading, my old Virtual Box install was 4.2.16.
Attachments
VBoxStartup.zip
(6.27 KiB) Downloaded 30 times
kyle_stittleburg
 
Posts: 1
Joined: 11. Nov 2014, 03:51

Re: Windows 4.3.18 specifically for errors due to security

Postby parth » 11. Nov 2014, 11:13

Host: Windows 8.1 x64
VirtualBox: 4.3.18 r96516
Security software installed: SpyShelter Premium

When I try to run any virtual machine inside the VirtualBox, I get back an error message.
err.png
err.png (10.65 KiB) Viewed 13023 times


Startup Log:
VBoxStartup.zip
(3.59 KiB) Downloaded 86 times


Even if I disable protection, it still does not work. Only uninstalling SpyShelter helps;.

On windows 7x64, VirtualBox works fine with SpyShelter.
parth
 
Posts: 2
Joined: 11. Nov 2014, 10:53

Re: Windows 4.3.18 specifically for errors due to security

Postby elementary OS » 11. Nov 2014, 11:55

I'm getting random errors when trying to open a Virtual Machine (guest OS doesn't matter, it's the same behavior for elementary OS, Xubuntu, Windows XP). After retrying, the VM usually loads without errors.

Host system: Windows 8.1 x64
* clean OS installation (nothing installed but VirtualBox and some portable apps)
* clean VirtualBox installation (no upgrade from a previous version)
* built in Administrator account without UAC
* Windows Defender disabled
* Windows Firewall disabled
* Microsoft Security Essentials

Error message: VirtualBox - Fehler
Für die virtuelle Maschine elementary OS konnte keine neue Sitzung eröffnet werden.
Details
Callee RC: RPC_S_SERVER_UNAVAILABLE 0x800706BA (0x800706BA)

VBoxStartup.zip
Screenshot & VBoxStartup.log
(68.29 KiB) Downloaded 63 times
elementary OS
 
Posts: 1
Joined: 11. Nov 2014, 11:18

Re: Windows 4.3.18 specifically for errors due to security

Postby TriAnMan » 12. Nov 2014, 00:38

Windows 7 x64
VBox 4.3.18
Avast 2015


Failed to open a session for the virtual machine CentOS 6.6.

Unable to load R3 module C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (VBoxDD): GetLastError=1790 (VERR_UNRESOLVED_ERROR).

Result Code: E_FAIL (0x80004005)
Component: Console
Interface: IConsole {8ab7c520-2442-4b66-8d74-4ff1e195d2b6}


UPD: solved
Have found windows\system32\uxtheme.dll and uxtheme.111
Renamed uxtheme.111 back to uxtheme.dll
Attachments
VBoxStartup.zip
(18.98 KiB) Downloaded 48 times
TriAnMan
 
Posts: 1
Joined: 12. Nov 2014, 00:34

Re: Windows 4.3.18 specifically for errors due to security

Postby mjb0001 » 12. Nov 2014, 13:48

On Windows 7 Professional SP1 64-bit, after upgrading from VirtualBox 4.3.8 to 4.3.18, my VMs refused to start.

Failed to open a session for the virtual machine Windows XP Professional SP3 (32-bit).

The virtual machine 'Windows XP Professional SP3 (32-bit)' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\XXXX\VirtualBox VMs\Windows XP Professional SP3 (32-bit)\Logs\VBoxStartup.log'.

Result Code: E_FAIL (0x80004005)
Component: Machine
Interface: IMachine {480cf695-2d8d-4256-9c7c-cce4184fa048}


Not the most helpful error message, and the log isn't very informative, either.

It was a brief mention of MacType in the 4.3.14 thread that clued me in to this particular problem being a security issue, and what the solution might be. Here's what I found:

If MacType is running in registry or service mode, i.e. such that all apps are rendered with MacType, then your profile—that is, the .ini file you choose in the MacType Tray/Wizard GUI after choosing the mode—must have VirtualBox.exe listed in its [UnloadDll] section. This will disable MacType for VirtualBox. Just edit your profile's .ini file in %ProgramFiles(x86)%\MacType\ini, configure MacType to use a different profile, apply those changes, then configure it to use the one you edited, and the VMs should work again.

More generally, any nonstandard font/theme mods of this sort are probably not going to be compatible with VirtualBox on Windows hosts. Hope this helps a few of you.
Attachments
VBoxStartup.log
(17.96 KiB) Downloaded 38 times
mjb0001
 
Posts: 1
Joined: 12. Nov 2014, 13:28
Primary OS: MS Windows 7
VBox Version: OSE other
Guest OSses: Windows XP, Linux

Re: Windows 4.3.18 specifically for errors due to security

Postby bird » 14. Nov 2014, 17:53

Test build #1: VirtualBox-4.3.19 (rev 96923)

Relevant changes since 4.3.18:
* Fixes problem loading some 3D related graphics DLLs (associated with drivers).
* Fixes VBoxDrv BSOD caused by race during process creation.
* Fixes VBoxManage crash when getting shared folders from saved state (++).

Enjoy,
bird.
Knut St. Osmundsen
Oracle Corporation
bird
Oracle Corporation
 
Posts: 119
Joined: 10. May 2007, 10:27

Re: Windows 4.3.18 specifically for errors due to security

Postby MrComp » 14. Nov 2014, 21:17

And BIRD for the win! Just recently started having this problem trying to start a VM session. This update fixed it. I was thinking it was related to a recent Windows Update or Avast Update. THANK YOU!
MrComp
 
Posts: 1
Joined: 14. Nov 2014, 21:15

Re: Windows 4.3.18 specifically for errors due to security

Postby intrepid_ibex » 14. Nov 2014, 23:36

Thank you for the testbuild, it works for me.

But i can only start vm's if i disbale USB 2.0 in the settings. Updating the guest-additions doesn't change anything.
Could it be that it is a problem with hardened security, because i get a lot of messages related to it in the VBOXStartup.log .

Host-anti-virus and OS are still the same as in my first post.

https://forums.virtualbox.org/viewtopic.php?f=6&t=64111&start=75#p303887

Virtual-box-version: 4.3.19rev9623
Guest-additions: 4.3.19

Error-Message:
Code: Select all   Expand viewCollapse view
Failed to open a session for the virtual machine Debian7.0.1.

Implementation of the USB 2.0 controller not found!

Because the USB 2.0 controller state is part of the saved VM state, the VM cannot be started. To fix this problem, either install the 'Oracle VM VirtualBox Extension Pack' or disable USB 2.0 support in the VM settings (VERR_NOT_FOUND).

Result Code: E_FAIL (0x80004005)
Component: Console
Interface: IConsole {8ab7c520-2442-4b66-8d74-4ff1e195d2b6}

Attachments
VBoxStartup.zip
(29 KiB) Downloaded 23 times
intrepid_ibex
 
Posts: 5
Joined: 10. Sep 2014, 19:51

Re: Windows 4.3.18 specifically for errors due to security

Postby frg » 15. Nov 2014, 16:07

r96923 has the same problem as r96825 for me. Does not work. See post from 8. Nov 2014, 12:24.

FRG
Attachments
VBox.log.zip
(8.08 KiB) Downloaded 11 times
frg
 
Posts: 74
Joined: 29. Sep 2013, 12:22

Re: Windows 4.3.18 specifically for errors due to security

Postby Shumron » 15. Nov 2014, 18:07

OS: Windows 2003 x86/PAE - 32gb

VBox 4.3.18 (and previous few builds) are incompatible with Outpost Firewall Pro v6.7.x and others, that used "WL_HOOK.DLL" to inject to all processes to get some information in RING3 (usermode). WL_HOOK.DLL is digitally signed, and must be allowed (I can attach this file, if needed). But VirtualBox incorrectly recognize a path to it. There is a bug in VirtualBox path parsing (probably, is because of special inject technics, that used). Please see a VBoxStartup.log:

Please see a lot of garbage (binary garbage) after "\Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume3\Program Files\Outpost Firewall" string.
The real path to wl_hook.dll is E:\Program Files\Outpost Firewall Pro\wl_hook.dll
So it must be like: "\Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume3\Program Files\Outpost Firewall\wl_hook.dll"

But you had incorrectly parsed details, like string's zero is missed or something, so you are reading garbage memory. After that you a providing this information to a system function WinVerifyTrust to check digital signature. But path is invalid (garbaged), so it cannot to find it to check. So you are REJECTING to load this .dll. After that, we have a problems to use VirtualMachine. Because Outpost cannot read information about process without this dll injected to it, so it can't get correct ProcessName and can't allow/create_rule to any network or other activity from VM, so it is UNUSABLE.

Please fix path parsing or this inject method allowing and allow WL_HOOK.DLL (digitally signed) to inject to your process.

Log is above, please see details.

P.S.
And some advice about this "security function" from the guy, who are working in Windows security area for more than 15+ years (anti-rootkits / anti-malware / anti-viruses / debugging / etc). It is really bad idea to do not allow to map any modules to your process, to filter this. You will have a lot of non-solving issues on most of the users computers. There are a very big amount of .dlls that are injected by some reasons to all or some processes to work. Like special keyboard keys hooks, special capabilities, special software, etc. And not all of them are signed. I seen, that you had ignoring this, so, just saying what I know for sure, my experience in that.
The other way - do it as option (default enabled, if you want) - Hardening. Most of adequate users will disable it. Or users who have a problems with VB working. (Option in GUI or even in XML-settings).

VBoxStartup.log:
Code: Select all   Expand viewCollapse view
...
e4.11ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume3\WINDOWS\system32\imm32.dll [lacks WinVerifyTrust]
e4.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76290000 'E:\WINDOWS\system32\IMM32.DLL'
e4.11ec: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume3\Program Files\Outpost Firewallц╜ОцХоц╝атБжцб┤тБетА▒цЕ░цб┤чМитАйцЕицХ╢цДачРачХ▓чС│цДацНоц╜ит╣▓тА║фСЬчЩецНйх▒ецЕИцС▓цедцн│ц╡Дц╜ЦчХмцХнх▒│цбРчН╣цНйц▒бц╡Дц╜ЦчХмцХнх▒│ц▒ВцНпхЩлц▒пц╡╡уНехБЬц╜▓чЙзц╡бфШац▒йчНеф╜ЬчС╡ц╜░чС│фШачЙйчЭец▒бюЩмш║╜щЧжюЪоъВ╝шЗвюЪжыТбшЗвюКеыЖАшЧжюЪ░ыТбш│зюКиъжАшЧжюЪиыЪХшУжюЮаъВРщЧзюЮ▓ыОСшУжюЪаъ║Ны╖жюКиыК╣шГв┬║)
e4.11ec: Error (rc=0):
e4.11ec: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume3\Program Files\Outpost Firewallц╜ОцХоц╝атБжцб┤тБетА▒цЕ░цб┤чМитАйцЕицХ╢цДачРачХ▓чС│цДацНоц╜ит╣▓тА║фСЬчЩецНйх▒ецЕИцС▓цедцн│ц╡Дц╜ЦчХмцХнх▒│цбРчН╣цНйц▒бц╡Дц╜ЦчХмцХнх▒│ц▒ВцНпхЩлц▒пц╡╡уНехБЬц╜▓чЙзц╡бфШац▒йчНеф╜ЬчС╡ц╜░чС│фШачЙйчЭец▒бюЩмш║╜щЧжюЪоъВ╝шЗвюЪжыТбшЗвюКеыЖАшЧжюЪ░ыТбш│зюКиъжАшЧжюЪиыЪХшУжюЮаъВРщЧзюЮ▓ыОСшУжюЪаъ║Ны╖жюКиыК╣шГв┬║: None of the 1 path(s) have a trust anchor.: \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume3\Program Files\Outpost Firewallц╜ОцХоц╝атБжцб┤тБетА▒цЕ░цб┤чМитАйцЕицХ╢цДачРачХ▓чС│цДацНоц╜ит╣▓тА║
e4.11ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume3\Program Files\Outpost Firewallц╜ОцХоц╝атБжцб┤тБетА▒цЕ░цб┤чМитАйцЕицХ╢цДачРачХ▓чС│цДацНоц╜ит╣▓тА║фСЬчЩецНйх▒ецЕИцС▓цедцн│ц╡Дц╜ЦчХмцХнх▒│цбРчН╣цНйц▒бц╡Дц╜ЦчХмцХнх▒│ц▒ВцНпхЩлц▒пц╡╡уНехБЬц╜▓чЙзц╡бфШац▒йчНеф╜ЬчС╡ц╜░чС│фШачЙйчЭец▒бюЩмш║╜щЧжюЪоъВ╝шЗвюЪжыТбшЗвюКеыЖАшЧжюЪ░ыТбш│зюКиъжАшЧжюЪиыЪХшУжюЮаъВРщЧзюЮ▓ыОСшУжюЪаъ║Ны╖жюКиыК╣шГв┬║
e4.11ec: Error (rc=0):
e4.11ec: supR3HardenedMonitor_LdrLoadDll: rejecting 'e:\progra~1\outpos~1\wl_hook.dll': rcNt=0xc0000190
e4.11ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'e:\progra~1\outpos~1\wl_hook.dll'
...


How it seems in modules list normally? For example, in explorer.exe. Windows parsing path to the module correctly. Any software showing modules - showing them correctly, including "wl_hook.dll".
Code: Select all   Expand viewCollapse view
Modules:
  Base      Size    Path, version, description
  01000000  104000 E:\WINDOWS\Explorer.EXE      6.00.3790.3959 (srv03_sp2_rtm.070216-1710) Windows Explorer
  7C800000   C3000 E:\WINDOWS\system32\ntdll.dll   5.2.3790.4937 (srv03_sp2_gdr.111121-0236) NT Layer DLL
  77E40000  104000 E:\WINDOWS\system32\kernel32.dll   5.2.3790.5295 (srv03_sp2_qfe.140205-1447) Windows NT BASE API Client DLL
...
  71B70000   36000 E:\WINDOWS\system32\UxTheme.dll   6.00.3790.3959 (srv03_sp2_rtm.070216-1710) Microsoft UxTheme Library
  76290000   1D000 E:\WINDOWS\system32\IMM32.DLL   5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Windows IMM32 API Client DLL
  10000000   A4000 e:\progra~1\outpos~1\wl_hook.dll   6.7.2922.10022   Outpost Hooking Module
  00870000    E000 E:\WINDOWS\system32\hplun.dll   1.00.2           HotPlug help module
  77420000  103000 E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.5190_x-ww_319264BE\comctl32.dll   6.0 (srv03_sp2_qfe.130703-1535) User Experience Controls Library
  75E60000   27000 E:\WINDOWS\system32\apphelp.dll   5.2.3790.3959 (srv03_sp2_rtm.070216-1710) Application Compatibility Client Library
...
Shumron
 
Posts: 5
Joined: 15. Nov 2014, 17:57

Re: Windows 4.3.18 specifically for errors due to security

Postby mpack » 16. Nov 2014, 11:07

@Shumron, please confirm that you have the same problem with the latest test build, available in the first post of this topic.
mpack
Site Moderator
 
Posts: 29686
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Windows 4.3.18 specifically for errors due to security

Postby numb3rs666 » 16. Nov 2014, 12:33

After a lot of tests I was not able to understand the reason of my problem.
I try to explain it:
Host Win 8.1 with Comodo Internet Security
Guest Win 8.1

My problem is the USB, the guest freeze when I attach my Lumia 800 with Windows Phone.
If I prepare the Guest VM using Virtualbox 4.3.12-93733 and then I upgrade (Guest Addition also) to the last VIrtualbox, included the latest test build, available in the first post of this topic, all work well. If I prepare the Guest VM with the last version of Virtualbox and I follow the same procedure for the USB the guest freeze.

If you need more details or log file, please tell me.

Thanks for your work.

:D

p.s. added 2 Logs VBoxStartup-Working Guest and VBoxStartup-Guest not working if you beed to compare.
Attachments
VBoxStartup.zip
(61.3 KiB) Downloaded 30 times
Last edited by numb3rs666 on 16. Nov 2014, 13:38, edited 1 time in total.
numb3rs666
 
Posts: 22
Joined: 30. Dec 2013, 18:14

PreviousNext

Return to VirtualBox on Windows Hosts

Who is online

Users browsing this forum: No registered users and 20 guests