virtualbox.org

End user forums for VirtualBox
https://forums.virtualbox.org/

supHardenedWinVerifyProcess failed

https://forums.virtualbox.org/viewtopic.php?t=75821

Page 1 of 1

supHardenedWinVerifyProcess failed

Posted: 20. Jan 2016, 16:43
by marky1124
Hi,

I created a Debian Linux VM in June 2015 using VirtualBox v4.3.28. Shortly afterwards I uninstalled VirtualBox but kept the VM files. I am running Windows 7 Pro 64-bit, and I'm on the same system that originally created the VM.

I have now installed VirtualBox again and when I click 'Start' on the VM I get a popup box with a title of "VirtualBox - Error In supR3HardNtChildPurify" which contains "supHardenedWinVerifyProcess failed with VERR_SUP_VP_KERNEL32_ALREADY_MAPPED: (rc = -5663)"

I've struggled to find a clear discussion that matches this problem although I've seen some comments suggesting that the problem is that KERNEL32.DLL has been patched since the VM was created. I have been applying Windows updates as they've arrived.

I've included the full VBoxStartup.log below. I've also tried installing VirtualBox v5.0 and I get the same error with that. I uninstalled v5.0 and returned back to v4.3.28.

I'd be most appreciative if someone could help me get this VM working again.

Cheers,
Mark

Code: Select all

3568.1f6c: Log file opened: 4.3.28r100309 g_hStartupLog=00000000000000e8 g_uNtVerCombined=0x611db110
3568.1f6c: \SystemRoot\System32\ntdll.dll:
3568.1f6c:     CreationTime:    2016-01-18T18:21:13.099762100Z
3568.1f6c:     LastWriteTime:   2015-12-30T19:05:33.659216000Z
3568.1f6c:     ChangeTime:      2016-01-19T18:13:43.054756300Z
3568.1f6c:     FileAttributes:  0x20
3568.1f6c:     Size:            0x1a67c0
3568.1f6c:     NT Headers:      0xe0
3568.1f6c:     Timestamp:       0x568429e5
3568.1f6c:     Machine:         0x8664 - amd64
3568.1f6c:     Timestamp:       0x568429e5
3568.1f6c:     Image Version:   6.1
3568.1f6c:     SizeOfImage:     0x1a9000 (1740800)
3568.1f6c:     Resource Dir:    0x14d000 LB 0x5a028
3568.1f6c:     ProductName:     Microsoft® Windows® Operating System
3568.1f6c:     ProductVersion:  6.1.7601.19110
3568.1f6c:     FileVersion:     6.1.7601.19110 (win7sp1_gdr.151230-0600)
3568.1f6c:     FileDescription: NT Layer DLL
3568.1f6c: \SystemRoot\System32\kernel32.dll:
3568.1f6c:     CreationTime:    2016-01-18T18:21:13.001756500Z
3568.1f6c:     LastWriteTime:   2015-12-30T18:57:55.730000000Z
3568.1f6c:     ChangeTime:      2016-01-19T18:13:43.935806700Z
3568.1f6c:     FileAttributes:  0x20
3568.1f6c:     Size:            0x11c000
3568.1f6c:     NT Headers:      0xe8
3568.1f6c:     Timestamp:       0x568429dc
3568.1f6c:     Machine:         0x8664 - amd64
3568.1f6c:     Timestamp:       0x568429dc
3568.1f6c:     Image Version:   6.1
3568.1f6c:     SizeOfImage:     0x11f000 (1175552)
3568.1f6c:     Resource Dir:    0x116000 LB 0x528
3568.1f6c:     ProductName:     Microsoft® Windows® Operating System
3568.1f6c:     ProductVersion:  6.1.7601.19110
3568.1f6c:     FileVersion:     6.1.7601.19110 (win7sp1_gdr.151230-0600)
3568.1f6c:     FileDescription: Windows NT BASE API Client DLL
3568.1f6c: \SystemRoot\System32\KernelBase.dll:
3568.1f6c:     CreationTime:    2016-01-18T18:21:14.710854300Z
3568.1f6c:     LastWriteTime:   2015-12-30T18:57:55.761000000Z
3568.1f6c:     ChangeTime:      2016-01-19T18:13:43.939807000Z
3568.1f6c:     FileAttributes:  0x20
3568.1f6c:     Size:            0x67a00
3568.1f6c:     NT Headers:      0xe8
3568.1f6c:     Timestamp:       0x568429dd
3568.1f6c:     Machine:         0x8664 - amd64
3568.1f6c:     Timestamp:       0x568429dd
3568.1f6c:     Image Version:   6.1
3568.1f6c:     SizeOfImage:     0x6c000 (442368)
3568.1f6c:     Resource Dir:    0x6a000 LB 0x530
3568.1f6c:     ProductName:     Microsoft® Windows® Operating System
3568.1f6c:     ProductVersion:  6.1.7601.19110
3568.1f6c:     FileVersion:     6.1.7601.19110 (win7sp1_gdr.151230-0600)
3568.1f6c:     FileDescription: Windows NT BASE API Client DLL
3568.1f6c: \SystemRoot\System32\apisetschema.dll:
3568.1f6c:     CreationTime:    2016-01-18T18:21:21.323232500Z
3568.1f6c:     LastWriteTime:   2015-12-30T18:54:58.839000000Z
3568.1f6c:     ChangeTime:      2016-01-19T18:13:43.031755000Z
3568.1f6c:     FileAttributes:  0x20
3568.1f6c:     Size:            0x1a00
3568.1f6c:     NT Headers:      0xc0
3568.1f6c:     Timestamp:       0x568428c9
3568.1f6c:     Machine:         0x8664 - amd64
3568.1f6c:     Timestamp:       0x568428c9
3568.1f6c:     Image Version:   6.1
3568.1f6c:     SizeOfImage:     0x50000 (327680)
3568.1f6c:     Resource Dir:    0x30000 LB 0x3f8
3568.1f6c:     ProductName:     Microsoft® Windows® Operating System
3568.1f6c:     ProductVersion:  6.1.7601.19110
3568.1f6c:     FileVersion:     6.1.7601.19110 (win7sp1_gdr.151230-0600)
3568.1f6c:     FileDescription: ApiSet Schema DLL
3568.1f6c: Found driver SysPlant (0x1)
3568.1f6c: Found driver SymNetS (0x2)
3568.1f6c: Found driver SymDS (0x2)
3568.1f6c: Found driver SRTSPX (0x2)
3568.1f6c: Found driver SymEvent (0x2)
3568.1f6c: Found driver SymIRON (0x2)
3568.1f6c: supR3HardenedWinFindAdversaries: 0x3
3568.1f6c: \SystemRoot\System32\drivers\SysPlant.sys:
3568.1f6c:     CreationTime:    2014-03-13T17:46:13.448022700Z
3568.1f6c:     LastWriteTime:   2014-03-13T17:46:13.463622800Z
3568.1f6c:     ChangeTime:      2014-03-13T17:46:13.463622800Z
3568.1f6c:     FileAttributes:  0x20
3568.1f6c:     Size:            0x25ed8
3568.1f6c:     NT Headers:      0x100
3568.1f6c:     Timestamp:       0x52647ffd
3568.1f6c:     Machine:         0x8664 - amd64
3568.1f6c:     Timestamp:       0x52647ffd
3568.1f6c:     Image Version:   5.0
3568.1f6c:     SizeOfImage:     0x2e000 (188416)
3568.1f6c:     Resource Dir:    0x2c000 LB 0x498
3568.1f6c:     ProductName:     Symantec CMC Firewall
3568.1f6c:     ProductVersion:  12.1.4013.4013
3568.1f6c:     FileVersion:     12.1.4013.4013
3568.1f6c:     FileDescription: Symantec CMC Firewall SysPlant
3568.1f6c: \SystemRoot\System32\sysfer.dll:
3568.1f6c:     CreationTime:    2014-03-13T17:46:13.385622600Z
3568.1f6c:     LastWriteTime:   2014-03-13T17:46:13.416822700Z
3568.1f6c:     ChangeTime:      2014-03-13T17:46:13.416822700Z
3568.1f6c:     FileAttributes:  0x20
3568.1f6c:     Size:            0x70190
3568.1f6c:     NT Headers:      0xe8
3568.1f6c:     Timestamp:       0x526480b2
3568.1f6c:     Machine:         0x8664 - amd64
3568.1f6c:     Timestamp:       0x526480b2
3568.1f6c:     Image Version:   0.0
3568.1f6c:     SizeOfImage:     0x87000 (552960)
3568.1f6c:     Resource Dir:    0x85000 LB 0x630
3568.1f6c:     ProductName:     Symantec CMC Firewall
3568.1f6c:     ProductVersion:  12.1.4013.4013
3568.1f6c:     FileVersion:     12.1.4013.4013
3568.1f6c:     FileDescription: Symantec CMC Firewall sysfer
3568.1f6c: \SystemRoot\System32\sysferThunk.dll:
3568.1f6c:     CreationTime:    2014-03-13T17:46:13.416822700Z
3568.1f6c:     LastWriteTime:   2014-03-13T17:46:13.448022700Z
3568.1f6c:     ChangeTime:      2014-03-13T17:46:13.448022700Z
3568.1f6c:     FileAttributes:  0x20
3568.1f6c:     Size:            0x2f90
3568.1f6c:     NT Headers:      0xd0
3568.1f6c:     Timestamp:       0x526480b3
3568.1f6c:     Machine:         0x8664 - amd64
3568.1f6c:     Timestamp:       0x526480b3
3568.1f6c:     Image Version:   0.0
3568.1f6c:     SizeOfImage:     0x8000 (32768)
3568.1f6c:     Resource Dir:    0x6000 LB 0x648
3568.1f6c:     ProductName:     Symantec CMC Firewall
3568.1f6c:     ProductVersion:  12.1.4013.4013
3568.1f6c:     FileVersion:     12.1.4013.4013
3568.1f6c:     FileDescription: Symantec CMC Firewall SysferThunk
3568.1f6c: \SystemRoot\System32\drivers\symevent64x86.sys:
3568.1f6c:     CreationTime:    2012-05-28T20:16:12.421875000Z
3568.1f6c:     LastWriteTime:   2014-03-13T17:42:21.765888100Z
3568.1f6c:     ChangeTime:      2014-03-13T17:42:21.765888100Z
3568.1f6c:     FileAttributes:  0x20
3568.1f6c:     Size:            0x2b658
3568.1f6c:     NT Headers:      0xe8
3568.1f6c:     Timestamp:       0x51f32ff2
3568.1f6c:     Machine:         0x8664 - amd64
3568.1f6c:     Timestamp:       0x51f32ff2
3568.1f6c:     Image Version:   6.0
3568.1f6c:     SizeOfImage:     0x38000 (229376)
3568.1f6c:     Resource Dir:    0x36000 LB 0x3c8
3568.1f6c:     ProductName:     SYMEVENT
3568.1f6c:     ProductVersion:  12.9.5.2
3568.1f6c:     FileVersion:     12.9.5.2
3568.1f6c:     FileDescription: Symantec Event Library
3568.1f6c: Calling main()
3568.1f6c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3568.1f6c: SUPR3HardenedMain: Respawn #1
3568.1f6c: System32:  \Device\HarddiskVolume1\Windows\System32
3568.1f6c: WinSxS:    \Device\HarddiskVolume1\Windows\winsxs
3568.1f6c: KnownDllPath: C:\windows\system32
3568.1f6c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3568.1f6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3568.1f6c: supR3HardNtEnableThreadCreation:
3568.1f6c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f9b630 pvNtTerminateThread=0000000076fbdee0
3568.1f6c: supR3HardenedWinDoReSpawn(1): New child 244c.2784 [kernel32].
3568.1f6c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380
3568.1f6c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076f70000 uNtDllChildAddr=0000000076f70000
3568.1f6c: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076f9b630
3568.1f6c: supR3HardenedWinSetupChildInit: Start child.
3568.1f6c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3568.1f6c: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
3568.1f6c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3568.1f6c:  *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000
3568.1f6c:  *0000000000020000-000000000001efff 0x0002/0x0002 0x0040000
3568.1f6c:   0000000000021000-0000000000011fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000030000-0000000000027fff 0x0040/0x0040 0x0020000 !!
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000030000 (LB 0x8000, 0000000000030000 LB 0x8000)
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000030000/0000000000030000 LB 0/0x8000]
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000030000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
3568.1f6c:   0000000000038000-000000000002ffff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000040000-000000000003bfff 0x0002/0x0002 0x0040000
3568.1f6c:   0000000000044000-0000000000037fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
3568.1f6c:   0000000000051000-0000000000041fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000060000-000000000005efff 0x0040/0x0040 0x0020000 !!
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000060000 (LB 0x1000, 0000000000060000 LB 0x1000)
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000060000/0000000000060000 LB 0/0x1000]
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000060000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
3568.1f6c:   0000000000061000-0000000000051fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000070000-0000000000008fff 0x0002/0x0002 0x0040000
3568.1f6c:   00000000000d7000-00000000000cdfff 0x0001/0x0000 0x0000000
3568.1f6c:  *00000000000e0000-00000000000d8fff 0x0004/0x0004 0x0020000
3568.1f6c:   00000000000e7000-00000000000ddfff 0x0000/0x0004 0x0020000
3568.1f6c:  *00000000000f0000-00000000000eefff 0x0002/0x0002 0x0040000
3568.1f6c:   00000000000f1000-00000000000e1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000100000-00000000000fefff 0x0002/0x0002 0x0040000
3568.1f6c:   0000000000101000-00000000000f1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000110000-000000000010efff 0x0004/0x0004 0x0020000
3568.1f6c:   0000000000111000-0000000000101fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000120000-000000000011efff 0x0004/0x0004 0x0020000
3568.1f6c:   0000000000121000-0000000000111fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000130000-0000000000122fff 0x0008/0x0008 0x0040000
3568.1f6c:   000000000013d000-0000000000109fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000170000-0000000000073fff 0x0000/0x0004 0x0020000
3568.1f6c:   000000000026c000-0000000000268fff 0x0104/0x0004 0x0020000
3568.1f6c:   000000000026f000-000000000026dfff 0x0004/0x0004 0x0020000
3568.1f6c:   0000000000270000-000000000024ffff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000290000-000000000028bfff 0x0004/0x0004 0x0020000
3568.1f6c:   0000000000294000-0000000000217fff 0x0000/0x0004 0x0020000
3568.1f6c:   0000000000310000-00000000002fffff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000320000-000000000022dfff 0x0000/0x0004 0x0020000
3568.1f6c:   0000000000412000-000000000040ffff 0x0104/0x0004 0x0020000
3568.1f6c:   0000000000414000-0000000000407fff 0x0004/0x0004 0x0020000
3568.1f6c:  *0000000000420000-0000000000376fff 0x0004/0x0004 0x0020000
3568.1f6c:   00000000004c9000-0000000000471fff 0x0000/0x0004 0x0020000
3568.1f6c:  *0000000000520000-0000000000489fff 0x0004/0x0004 0x0020000
3568.1f6c:   00000000005b6000-000000000054bfff 0x0000/0x0004 0x0020000
3568.1f6c:  *0000000000620000-000000000051dfff 0x0004/0x0004 0x0020000
3568.1f6c:   0000000000722000-0000000000713fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000730000-00000000006c7fff 0x0004/0x0004 0x0020000
3568.1f6c:   0000000000798000-00000000006fffff 0x0000/0x0004 0x0020000
3568.1f6c:   0000000000830000-00000000007dffff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000880000-0000000000876fff 0x0004/0x0004 0x0020000
3568.1f6c:   0000000000889000-0000000000881fff 0x0000/0x0004 0x0020000
3568.1f6c:   0000000000890000-000000000086ffff 0x0001/0x0000 0x0000000
3568.1f6c:  *00000000008b0000-00000000008a7fff 0x0004/0x0004 0x0020000
3568.1f6c:   00000000008b8000-00000000008affff 0x0000/0x0004 0x0020000
3568.1f6c:  *00000000008c0000-00000000008a4fff 0x0002/0x0002 0x0040000
3568.1f6c:   00000000008db000-0000000000775fff 0x0000/0x0002 0x0040000
3568.1f6c:   0000000000a40000-0000000000a3cfff 0x0002/0x0002 0x0040000
3568.1f6c:   0000000000a43000-0000000000a3dfff 0x0000/0x0002 0x0040000
3568.1f6c:   0000000000a48000-0000000000a3ffff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000a50000-00000000008cefff 0x0002/0x0002 0x0040000
3568.1f6c:   0000000000bd1000-0000000000bc1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000000be0000-00000000009c2fff 0x0002/0x0002 0x0040000
3568.1f6c:   0000000000dfd000-ffffffffffc19fff 0x0000/0x0002 0x0040000
3568.1f6c:   0000000001fe0000-0000000001faffff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000002010000-0000000002009fff 0x0004/0x0004 0x0020000
3568.1f6c:   0000000002016000-0000000001f9bfff 0x0000/0x0004 0x0020000
3568.1f6c:  *0000000002090000-0000000002027fff 0x0004/0x0004 0x0020000
3568.1f6c:   00000000020f8000-000000000205ffff 0x0000/0x0004 0x0020000
3568.1f6c:  *0000000002190000-0000000001ec0fff 0x0002/0x0002 0x0040000
3568.1f6c:   000000000245f000-000000000242dfff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000002490000-0000000002393fff 0x0000/0x0004 0x0020000
3568.1f6c:   000000000258c000-0000000002589fff 0x0104/0x0004 0x0020000
3568.1f6c:   000000000258e000-000000000258bfff 0x0004/0x0004 0x0020000
3568.1f6c:   0000000002590000-ffffffff9726ffff 0x0001/0x0000 0x0000000
3568.1f6c:  *000000006d8b0000-000000006d8b0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000000006d8b0000 (000000006d8b0000 LB 0x1000) - 'detoured.dll'
3568.1f6c:   000000006d8b1000-000000006b781fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000000006f9e0000-000000006f9e0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files (x86)\Blue Coat\ProxyClient\proxyclient64.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000000006f9e0000 (000000006f9e0000 LB 0x1000) - 'proxyclient64.dll'
3568.1f6c:   000000006f9e1000-000000006f3d1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000000006fff0000-000000006ffdffff 0x0020/0x0040 0x0020000 !!
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000000006fff0000 (LB 0x10000, 000000006fff0000 LB 0x10000)
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000006fff0000/000000006fff0000 LB 0/0x10000]
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000006fff0000 LB 0x4a20000 s=0x10000 ap=0x0 rp=0x00000100000001
3568.1f6c:   0000000070000000-000000006b5effff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000074a10000-0000000074a10fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\sysfer.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 0000000074a10000 (0000000074a10000 LB 0x1000) - 'sysfer.dll'
3568.1f6c:   0000000074a11000-00000000726e1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000076d40000-0000000076d2ffff 0x0040/0x0040 0x0020000 !!
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000076d40000 (LB 0x10000, 0000000076d40000 LB 0x10000)
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000076d40000/0000000076d40000 LB 0/0x10000]
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000076d40000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000100000001
3568.1f6c:  *0000000076d50000-0000000076d50fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
3568.1f6c:   0000000076d51000-0000000076d6cfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
3568.1f6c:   0000000076d6d000-0000000076d6dfff 0x0040/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
3568.1f6c:   0000000076d6e000-0000000076debfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
3568.1f6c:   0000000076dec000-0000000076e59fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
3568.1f6c:   0000000076e5a000-0000000076e5bfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
3568.1f6c:   0000000076e5c000-0000000076e6efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
3568.1f6c:   0000000076e6f000-0000000076e6dfff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000076e70000-0000000076e70fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\user32.dll
3568.1f6c:   0000000076e71000-0000000076ef1fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\user32.dll
3568.1f6c:   0000000076ef2000-0000000076f01fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\user32.dll
3568.1f6c:   0000000076f02000-0000000076f03fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\user32.dll
3568.1f6c:   0000000076f04000-0000000076f69fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\user32.dll
3568.1f6c:   0000000076f6a000-0000000076f63fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000076f70000-0000000076f70fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   0000000076f71000-0000000076f95fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   0000000076f96000-0000000076f96fff 0x0040/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   0000000076f97000-000000007706efff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   000000007706f000-000000007709dfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   000000007709e000-000000007709efff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   000000007709f000-000000007709ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   00000000770a0000-00000000770a0fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   00000000770a1000-00000000770a2fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   00000000770a3000-00000000770a3fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   00000000770a4000-00000000770a4fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   00000000770a5000-00000000770a6fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   00000000770a7000-00000000770a7fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   00000000770a8000-00000000770a9fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   00000000770aa000-0000000077118fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3568.1f6c:   0000000077119000-0000000077111fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000077120000-000000007711dfff 0x0040/0x0040 0x0020000 !!
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000077120000 (LB 0x2000, 0000000077120000 LB 0x2000)
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000077120000/0000000077120000 LB 0/0x2000]
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000077120000 LB 0x20000 s=0x10000 ap=0x0 rp=0x00000100000001
3568.1f6c:   0000000077122000-0000000077103fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000077140000-0000000077140fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\psapi.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 0000000077140000 (0000000077140000 LB 0x1000) - 'psapi.dll'
3568.1f6c:   0000000077141000-000000006f2a1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000
3568.1f6c:   000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000
3568.1f6c:  *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000
3568.1f6c:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3568.1f6c:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3568.1f6c:   000000007fff0000-ffffffffc082ffff 0x0001/0x0000 0x0000000
3568.1f6c:  *000000013f7b0000-000000013f7b0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3568.1f6c:   000000013f7b1000-000000013f835fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3568.1f6c:   000000013f836000-000000013f836fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3568.1f6c:   000000013f837000-000000013f874fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3568.1f6c:   000000013f875000-000000013f875fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3568.1f6c:   000000013f876000-000000013f876fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3568.1f6c:   000000013f877000-000000013f878fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3568.1f6c:   000000013f879000-000000013f879fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3568.1f6c:   000000013f87a000-000000013f87afff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3568.1f6c:   000000013f87b000-000000013f87efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3568.1f6c:   000000013f87f000-000000013f8b7fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3568.1f6c:   000000013f8b8000-000000013f8affff 0x0001/0x0000 0x0000000
3568.1f6c:  *000000013f8c0000-000000013f8befff 0x0040/0x0040 0x0020000 !!
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000000013f8c0000 (LB 0x1000, 000000013f8c0000 LB 0x1000)
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000013f8c0000/000000013f8c0000 LB 0/0x1000]
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000013f8c0000 LB 0x40740000 s=0x10000 ap=0x0 rp=0x00000100000001
3568.1f6c:   000000013f8c1000-00000000ff181fff 0x0001/0x0000 0x0000000
3568.1f6c:  *0000000180000000-0000000180000fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files (x86)\Blue Coat\ProxyClient\EasyHook64.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 0000000180000000 (0000000180000000 LB 0x1000) - 'EasyHook64.dll'
3568.1f6c:   0000000180001000-fffff8040e0e1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fef1f20000-000007fef1f20fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fef1f20000 (000007fef1f20000 LB 0x1000) - 'nvdxgiwrapx.dll'
3568.1f6c:   000007fef1f21000-000007fef1911fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fef2530000-000007fef2530fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fef2530000 (000007fef2530000 LB 0x1000) - 'nvd3d9wrapx.dll'
3568.1f6c:   000007fef2531000-000007feea081fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefa9e0000-000007fefa9e0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\wkscli.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefa9e0000 (000007fefa9e0000 LB 0x1000) - 'wkscli.dll'
3568.1f6c:   000007fefa9e1000-000007fefa9c1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefaa00000-000007fefaa00fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\netutils.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefaa00000 (000007fefaa00000 LB 0x1000) - 'netutils.dll'
3568.1f6c:   000007fefaa01000-000007fefa9f1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefaa10000-000007fefaa10fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\netapi32.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefaa10000 (000007fefaa10000 LB 0x1000) - 'netapi32.dll'
3568.1f6c:   000007fefaa11000-000007fefa9f1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefaa30000-000007fefaa2dfff 0x0040/0x0040 0x0020000 !!
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000007fefaa30000 (LB 0x2000, 000007fefaa30000 LB 0x2000)
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000007fefaa30000/000007fefaa30000 LB 0/0x2000]
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000007fefaa30000 LB 0x1dd0000 s=0x10000 ap=0x0 rp=0x00000100000001
3568.1f6c:   000007fefaa32000-000007fef8c63fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefc800000-000007fefc7effff 0x0040/0x0040 0x0020000 !!
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000007fefc800000 (LB 0x10000, 000007fefc800000 LB 0x10000)
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000007fefc800000/000007fefc800000 LB 0/0x10000]
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000007fefc800000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000100000001
3568.1f6c:  *000007fefc810000-000007fefc7fffff 0x0040/0x0040 0x0020000 !!
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000007fefc810000 (LB 0x10000, 000007fefc810000 LB 0x10000)
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000007fefc810000/000007fefc810000 LB 0/0x10000]
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000007fefc810000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000100000001
3568.1f6c:  *000007fefc820000-000007fefc820fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\srvcli.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefc820000 (000007fefc820000 LB 0x1000) - 'srvcli.dll'
3568.1f6c:   000007fefc821000-000007fefc411fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefcc30000-000007fefcc30fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\version.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefcc30000 (000007fefcc30000 LB 0x1000) - 'version.dll'
3568.1f6c:   000007fefcc31000-000007fefcc21fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefcc40000-000007fefcc40fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\nvinitx.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefcc40000 (000007fefcc40000 LB 0x1000) - 'nvinitx.dll'
3568.1f6c:   000007fefcc41000-000007fefca41fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefce40000-000007fefce2ffff 0x0020/0x0040 0x0020000 !!
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000007fefce40000 (LB 0x10000, 000007fefce40000 LB 0x10000)
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000007fefce40000/000007fefce40000 LB 0/0x10000]
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000007fefce40000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000100000001
3568.1f6c:  *000007fefce50000-000007fefce50fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
3568.1f6c:   000007fefce51000-000007fefce9afff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
3568.1f6c:   000007fefce9b000-000007fefceb0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
3568.1f6c:   000007fefceb1000-000007fefceb2fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
3568.1f6c:   000007fefceb3000-000007fefcebbfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
3568.1f6c:   000007fefcebc000-000007fefcd17fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefd060000-000007fefd060fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefd060000 (000007fefd060000 LB 0x1000) - 'cfgmgr32.dll'
3568.1f6c:   000007fefd061000-000007fefd021fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefd0a0000-000007fefd0a0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\devobj.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefd0a0000 (000007fefd0a0000 LB 0x1000) - 'devobj.dll'
3568.1f6c:   000007fefd0a1000-000007fefd071fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefd0d0000-000007fefd0d0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\advapi32.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefd0d0000 (000007fefd0d0000 LB 0x1000) - 'advapi32.dll'
3568.1f6c:   000007fefd0d1000-000007fefcd21fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefd480000-000007fefd480fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefd480000 (000007fefd480000 LB 0x1000) - 'msvcrt.dll'
3568.1f6c:   000007fefd481000-000007fefd3e1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefd520000-000007fefd520fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\lpk.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefd520000 (000007fefd520000 LB 0x1000) - 'lpk.dll'
3568.1f6c:   000007fefd521000-000007fefd411fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefd630000-000007fefd630fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\msctf.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefd630000 (000007fefd630000 LB 0x1000) - 'msctf.dll'
3568.1f6c:   000007fefd631000-000007fefd521fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefd740000-000007fefd740fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\imm32.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefd740000 (000007fefd740000 LB 0x1000) - 'imm32.dll'
3568.1f6c:   000007fefd741000-000007fefd3a1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefdae0000-000007fefdae0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\setupapi.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefdae0000 (000007fefdae0000 LB 0x1000) - 'setupapi.dll'
3568.1f6c:   000007fefdae1000-000007fefd901fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefdcc0000-000007fefdcc0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\sechost.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefdcc0000 (000007fefdcc0000 LB 0x1000) - 'sechost.dll'
3568.1f6c:   000007fefdcc1000-000007fefdca1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefdce0000-000007fefdce0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\gdi32.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefdce0000 (000007fefdce0000 LB 0x1000) - 'gdi32.dll'
3568.1f6c:   000007fefdce1000-000007fefdc71fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefdd50000-000007fefdd50fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\nsi.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefdd50000 (000007fefdd50000 LB 0x1000) - 'nsi.dll'
3568.1f6c:   000007fefdd51000-000007fefdd41fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefdd60000-000007fefdd60fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefdd60000 (000007fefdd60000 LB 0x1000) - 'oleaut32.dll'
3568.1f6c:   000007fefdd61000-000007fefdbe1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefdee0000-000007fefdee0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ole32.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefdee0000 (000007fefdee0000 LB 0x1000) - 'ole32.dll'
3568.1f6c:   000007fefdee1000-000007fefdcd1fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefe0f0000-000007fefe0f0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\usp10.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefe0f0000 (000007fefe0f0000 LB 0x1000) - 'usp10.dll'
3568.1f6c:   000007fefe0f1000-000007fefe021fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefe1c0000-000007fefe1c0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefe1c0000 (000007fefe1c0000 LB 0x1000) - 'ws2_32.dll'
3568.1f6c:   000007fefe1c1000-000007fefe171fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefe210000-000007fefe20dfff 0x0040/0x0040 0x0020000 !!
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000007fefe210000 (LB 0x2000, 000007fefe210000 LB 0x2000)
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000007fefe210000/000007fefe210000 LB 0/0x2000]
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000007fefe210000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000100000001
3568.1f6c:   000007fefe212000-000007fefe203fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fefe220000-000007fefe21dfff 0x0040/0x0040 0x0020000 !!
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000007fefe220000 (LB 0x2000, 000007fefe220000 LB 0x2000)
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000007fefe220000/000007fefe220000 LB 0/0x2000]
3568.1f6c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000007fefe220000 LB 0xf30000 s=0x10000 ap=0x0 rp=0x00000100000001
3568.1f6c:   000007fefe222000-000007fefd2f3fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007feff150000-000007feff150fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
3568.1f6c: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007feff150000 (000007feff150000 LB 0x1000) - 'rpcrt4.dll'
3568.1f6c:   000007feff151000-000007feff011fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007feff290000-000007feff290fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
3568.1f6c:   000007feff291000-000007fdfe571fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
3568.1f6c:   000007fffffd3000-000007fffffcdfff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fffffd8000-000007fffffd6fff 0x0004/0x0004 0x0020000
3568.1f6c:   000007fffffd9000-000007fffffd7fff 0x0001/0x0000 0x0000000
3568.1f6c:  *000007fffffda000-000007fffffd7fff 0x0004/0x0004 0x0020000
3568.1f6c:  *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000
3568.1f6c:  *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
3568.1f6c:  *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
3568.1f6c: apisetschema.dll: timestamp 0x568428c9 (rc=VINF_SUCCESS)
3568.1f6c: kernelbase.dll: timestamp 0x568429dd (rc=VINF_SUCCESS)
3568.1f6c: VirtualBox.exe: timestamp 0x555369a5 (rc=VINF_SUCCESS)
3568.1f6c: user32.dll: timestamp 0x56423d2a (rc=VINF_SUCCESS)
3568.1f6c: kernel32.dll: timestamp 0x568429dc (rc=VINF_SUCCESS)
3568.1f6c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3568.1f6c: Error (rc=-5663):
3568.1f6c: The process already has KERNEL32.DLL loaded.
3568.1f6c: Error (rc=-5663):
3568.1f6c: supHardenedWinVerifyProcess failed with Unknown Status -5663 (0xffffe9e1): The process already has KERNEL32.DLL loaded.
3568.1f6c: Error -5663 in supR3HardNtChildPurify! (enmWhat=5)
3568.1f6c: supHardenedWinVerifyProcess failed with Unknown Status -5663 (0xffffe9e1): The process already has KERNEL32.DLL loaded.
3568.1f6c: supR3HardNtEnableThreadCreation:

Re: supHardenedWinVerifyProcess failed

Posted: 8. Feb 2016, 12:28
by marky1124
I guess this isn't a regular problem that a lot of people have encountered. Can anyone tell me how I might recover the data from this broken VM?

Re: supHardenedWinVerifyProcess failed

Posted: 8. Feb 2016, 13:16
by bird
marky1124, thanks for the report!

the first suspect is the symantec endpoint protection (new version/patch?), though I see one or two other things it could be too. I will try reproduce it when I'm back from vacation next week.

-bird

Re: supHardenedWinVerifyProcess failed

Posted: 8. Feb 2016, 13:48
by marky1124
Hi Bird,

Thank you for the reply. It's possible Symantec has been upgraded since I created the VM. I'm not sure. I've now tried disabling it and the VM still fails to start with the same error. I also checked every log I could find in Symantec and nothing had a timestamp that corresponded with my attempt, nor seemed relevant.

Have a great holiday,

Cheers,
Mark

Re: supHardenedWinVerifyProcess failed

Posted: 29. Feb 2016, 14:37
by marky1124
Hi Bird (or anyone else ;)),

Have you had any chance to look at this?

Cheers,
Mark

Re: supHardenedWinVerifyProcess failed

Posted: 29. Feb 2016, 15:57
by marky1124
After a fresh look into this problem I found advice about going back to an older version of VirtualBox before the w32Hardened code was introduced. So I uninstalled v4.3.28 and installed v4.3.12. I wasn't able to resume my client machine because the saved state wasn't compatible (Unsupported version 11 of data unit 'vga'). However once I threw away the saved state and booted from scratch it worked.

Re: supHardenedWinVerifyProcess failed

Posted: 13. Sep 2016, 11:30
by hill
I also have the same problems,how can i fix this problems.

Re: supHardenedWinVerifyProcess failed

Posted: 13. Sep 2016, 13:59
by scottgus1
Hill, you'll need to start a new thread and see this tutorial: Minimum info needed to post what we'll need to help.

Re: supHardenedWinVerifyProcess failed

Posted: 14. Sep 2016, 05:37
by hill
when I start a virtual machine。Show Error .

Code: Select all

1828.1824: Log file opened: 5.0.24r108355 g_hStartupLog=0000000000000030 g_uNtVerCombined=0x611db110
1828.1824: \SystemRoot\System32\ntdll.dll:
1828.1824:     CreationTime:    2016-05-17T06:49:45.627269700Z
1828.1824:     LastWriteTime:   2016-04-09T06:59:27.660769000Z
1828.1824:     ChangeTime:      2016-05-18T05:12:27.735278800Z
1828.1824:     FileAttributes:  0x20
1828.1824:     Size:            0x1a7100
1828.1824:     NT Headers:      0xe0
1828.1824:     Timestamp:       0x5708a857
1828.1824:     Machine:         0x8664 - amd64
1828.1824:     Timestamp:       0x5708a857
1828.1824:     Image Version:   6.1
1828.1824:     SizeOfImage:     0x1aa000 (1744896)
1828.1824:     Resource Dir:    0x14e000 LB 0x5a028
1828.1824:     ProductName:     Microsoft® Windows® Operating System
1828.1824:     ProductVersion:  6.1.7601.23418
1828.1824:     FileVersion:     6.1.7601.23418 (win7sp1_ldr.160408-2045)
1828.1824:     FileDescription: NT Layer DLL
1828.1824: \SystemRoot\System32\kernel32.dll:
1828.1824:     CreationTime:    2016-05-17T06:49:46.200302400Z
1828.1824:     LastWriteTime:   2016-04-09T06:57:53.879000000Z
1828.1824:     ChangeTime:      2016-05-18T05:12:31.354485100Z
1828.1824:     FileAttributes:  0x20
1828.1824:     Size:            0x11c000
1828.1824:     NT Headers:      0xe0
1828.1824:     Timestamp:       0x5708a89b
1828.1824:     Machine:         0x8664 - amd64
1828.1824:     Timestamp:       0x5708a89b
1828.1824:     Image Version:   6.1
1828.1824:     SizeOfImage:     0x11f000 (1175552)
1828.1824:     Resource Dir:    0x116000 LB 0x528
1828.1824:     ProductName:     Microsoft® Windows® Operating System
1828.1824:     ProductVersion:  6.1.7601.23418
1828.1824:     FileVersion:     6.1.7601.23418 (win7sp1_ldr.160408-2045)
1828.1824:     FileDescription: Windows NT BASE API Client DLL
1828.1824: \SystemRoot\System32\KernelBase.dll:
1828.1824:     CreationTime:    2016-05-17T06:49:48.824452500Z
1828.1824:     LastWriteTime:   2016-04-09T06:57:53.879000000Z
1828.1824:     ChangeTime:      2016-05-18T05:12:31.370085200Z
1828.1824:     FileAttributes:  0x20
1828.1824:     Size:            0x66800
1828.1824:     NT Headers:      0xe8
1828.1824:     Timestamp:       0x5708a89c
1828.1824:     Machine:         0x8664 - amd64
1828.1824:     Timestamp:       0x5708a89c
1828.1824:     Image Version:   6.1
1828.1824:     SizeOfImage:     0x6a000 (434176)
1828.1824:     Resource Dir:    0x68000 LB 0x530
1828.1824:     ProductName:     Microsoft® Windows® Operating System
1828.1824:     ProductVersion:  6.1.7601.23418
1828.1824:     FileVersion:     6.1.7601.23418 (win7sp1_ldr.160408-2045)
1828.1824:     FileDescription: Windows NT BASE API Client DLL
1828.1824: \SystemRoot\System32\apisetschema.dll:
1828.1824:     CreationTime:    2016-05-17T06:49:55.278821700Z
1828.1824:     LastWriteTime:   2016-04-09T06:57:48.684000000Z
1828.1824:     ChangeTime:      2016-05-18T05:12:27.423278200Z
1828.1824:     FileAttributes:  0x20
1828.1824:     Size:            0x1a00
1828.1824:     NT Headers:      0xc0
1828.1824:     Timestamp:       0x5708a835
1828.1824:     Machine:         0x8664 - amd64
1828.1824:     Timestamp:       0x5708a835
1828.1824:     Image Version:   6.1
1828.1824:     SizeOfImage:     0x50000 (327680)
1828.1824:     Resource Dir:    0x30000 LB 0x3f8
1828.1824:     ProductName:     Microsoft® Windows® Operating System
1828.1824:     ProductVersion:  6.1.7601.23418
1828.1824:     FileVersion:     6.1.7601.23418 (win7sp1_ldr.160408-2045)
1828.1824:     FileDescription: ApiSet Schema DLL
1828.1824: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1828.1824: supR3HardenedWinFindAdversaries: 0x3
1828.1824: \SystemRoot\System32\drivers\SysPlant.sys:
1828.1824:     CreationTime:    2013-07-17T08:43:58.968750000Z
1828.1824:     LastWriteTime:   2015-04-16T07:25:47.998436000Z
1828.1824:     ChangeTime:      2015-04-16T07:25:47.998436000Z
1828.1824:     FileAttributes:  0x20
1828.1824:     Size:            0x25ed8
1828.1824:     NT Headers:      0x100
1828.1824:     Timestamp:       0x52647ffd
1828.1824:     Machine:         0x8664 - amd64
1828.1824:     Timestamp:       0x52647ffd
1828.1824:     Image Version:   5.0
1828.1824:     SizeOfImage:     0x2e000 (188416)
1828.1824:     Resource Dir:    0x2c000 LB 0x498
1828.1824:     ProductName:     Symantec CMC Firewall
1828.1824:     ProductVersion:  12.1.4013.4013
1828.1824:     FileVersion:     12.1.4013.4013
1828.1824:     FileDescription: Symantec CMC Firewall SysPlant
1828.1824: \SystemRoot\System32\sysfer.dll:
1828.1824:     CreationTime:    2013-07-17T08:43:58.953125000Z
1828.1824:     LastWriteTime:   2015-04-16T07:25:47.873635800Z
1828.1824:     ChangeTime:      2015-04-16T07:25:47.873635800Z
1828.1824:     FileAttributes:  0x20
1828.1824:     Size:            0x70190
1828.1824:     NT Headers:      0xe8
1828.1824:     Timestamp:       0x526480b2
1828.1824:     Machine:         0x8664 - amd64
1828.1824:     Timestamp:       0x526480b2
1828.1824:     Image Version:   0.0
1828.1824:     SizeOfImage:     0x87000 (552960)
1828.1824:     Resource Dir:    0x85000 LB 0x630
1828.1824:     ProductName:     Symantec CMC Firewall
1828.1824:     ProductVersion:  12.1.4013.4013
1828.1824:     FileVersion:     12.1.4013.4013
1828.1824:     FileDescription: Symantec CMC Firewall sysfer
1828.1824: \SystemRoot\System32\sysferThunk.dll:
1828.1824:     CreationTime:    2013-07-17T08:43:58.968750000Z
1828.1824:     LastWriteTime:   2015-04-16T07:25:47.920435900Z
1828.1824:     ChangeTime:      2015-04-16T07:25:47.920435900Z
1828.1824:     FileAttributes:  0x20
1828.1824:     Size:            0x2f90
1828.1824:     NT Headers:      0xd0
1828.1824:     Timestamp:       0x526480b3
1828.1824:     Machine:         0x8664 - amd64
1828.1824:     Timestamp:       0x526480b3
1828.1824:     Image Version:   0.0
1828.1824:     SizeOfImage:     0x8000 (32768)
1828.1824:     Resource Dir:    0x6000 LB 0x648
1828.1824:     ProductName:     Symantec CMC Firewall
1828.1824:     ProductVersion:  12.1.4013.4013
1828.1824:     FileVersion:     12.1.4013.4013
1828.1824:     FileDescription: Symantec CMC Firewall SysferThunk
1828.1824: \SystemRoot\System32\drivers\symevent64x86.sys:
1828.1824:     CreationTime:    2013-07-17T08:45:19.437500000Z
1828.1824:     LastWriteTime:   2015-04-16T07:19:13.843563700Z
1828.1824:     ChangeTime:      2015-04-16T07:19:13.843563700Z
1828.1824:     FileAttributes:  0x20
1828.1824:     Size:            0x2b658
1828.1824:     NT Headers:      0xe8
1828.1824:     Timestamp:       0x51f32ff2
1828.1824:     Machine:         0x8664 - amd64
1828.1824:     Timestamp:       0x51f32ff2
1828.1824:     Image Version:   6.0
1828.1824:     SizeOfImage:     0x38000 (229376)
1828.1824:     Resource Dir:    0x36000 LB 0x3c8
1828.1824:     ProductName:     SYMEVENT
1828.1824:     ProductVersion:  12.9.5.2
1828.1824:     FileVersion:     12.9.5.2
1828.1824:     FileDescription: Symantec Event Library
1828.1824: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1828.1824: Calling main()
1828.1824: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1828.1824: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1828.1824: SUPR3HardenedMain: Respawn #1
1828.1824: System32:  \Device\HarddiskVolume1\Windows\System32
1828.1824: WinSxS:    \Device\HarddiskVolume1\Windows\winsxs
1828.1824: KnownDllPath: C:\windows\system32
1828.1824: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1828.1824: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1828.1824: supR3HardNtEnableThreadCreation:
1828.1824: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007702a0e0 pvNtTerminateThread=000000007704c060
1828.1824: supR3HardenedWinDoReSpawn(1): New child 1bc8.1bd8 [kernel32].
1828.1824: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
1828.1824: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077000000 uNtDllChildAddr=0000000077000000
1828.1824: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007702a0e0
1828.1824: supR3HardenedWinSetupChildInit: Start child.
1828.1824: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1828.1824: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 31 sleeps
1828.1824: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1828.1824:  *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
1828.1824:  *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000
1828.1824:  *0000000000020000-000000000001efff 0x0002/0x0002 0x0040000
1828.1824:   0000000000021000-0000000000011fff 0x0001/0x0000 0x0000000
1828.1824:  *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
1828.1824:   0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
1828.1824:  *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
1828.1824:   0000000000041000-0000000000021fff 0x0001/0x0000 0x0000000
1828.1824:  *0000000000060000-ffffffffffff8fff 0x0002/0x0002 0x0040000
1828.1824:   00000000000c7000-00000000000bdfff 0x0001/0x0000 0x0000000
1828.1824:  *00000000000d0000-00000000000cefff 0x0020/0x0020 0x0020000 !!
1828.1824: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00000000000d0000 (LB 0x1000, 00000000000d0000 LB 0x1000)
1828.1824: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00000000000d0000/00000000000d0000 LB 0/0x1000]
1828.1824: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00000000000d0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
1828.1824:   00000000000d1000-00000000000c1fff 0x0001/0x0000 0x0000000
1828.1824:  *00000000000e0000-00000000000defff 0x0020/0x0020 0x0020000 !!
1828.1824: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00000000000e0000 (LB 0x1000, 00000000000e0000 LB 0x1000)
1828.1824: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00000000000e0000/00000000000e0000 LB 0/0x1000]
1828.1824: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00000000000e0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
1828.1824:   00000000000e1000-00000000000d1fff 0x0001/0x0000 0x0000000
1828.1824:  *00000000000f0000-00000000000e7fff 0x0004/0x0004 0x0020000
1828.1824:   00000000000f8000-00000000000effff 0x0000/0x0004 0x0020000
1828.1824:  *0000000000100000-00000000000c7fff 0x0004/0x0004 0x0020000
1828.1824:   0000000000138000-000000000006ffff 0x0000/0x0004 0x0020000
1828.1824:   0000000000200000-00000000001effff 0x0001/0x0000 0x0000000
1828.1824:  *0000000000210000-0000000000113fff 0x0000/0x0004 0x0020000
1828.1824:   000000000030c000-0000000000309fff 0x0104/0x0004 0x0020000
1828.1824:   000000000030e000-000000000030bfff 0x0004/0x0004 0x0020000
1828.1824:   0000000000310000-000000000014ffff 0x0001/0x0000 0x0000000
1828.1824:  *00000000004d0000-0000000000497fff 0x0004/0x0004 0x0020000
1828.1824:   0000000000508000-000000000043ffff 0x0000/0x0004 0x0020000
1828.1824:   00000000005d0000-00000000005bffff 0x0001/0x0000 0x0000000
1828.1824:  *00000000005e0000-0000000000599fff 0x0004/0x0004 0x0020000
1828.1824:   0000000000626000-000000000056bfff 0x0000/0x0004 0x0020000
1828.1824:   00000000006e0000-000000000057ffff 0x0001/0x0000 0x0000000
1828.1824:  *0000000000840000-0000000000837fff 0x0004/0x0004 0x0020000
1828.1824:   0000000000848000-000000000083ffff 0x0000/0x0004 0x0020000
1828.1824:   0000000000850000-ffffffff8a2bffff 0x0001/0x0000 0x0000000
1828.1824:  *0000000076de0000-0000000076de0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1828.1824:   0000000076de1000-0000000076e7bfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1828.1824:   0000000076e7c000-0000000076ee9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1828.1824:   0000000076eea000-0000000076eebfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1828.1824:   0000000076eec000-0000000076efefff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1828.1824:   0000000076eff000-0000000076dfdfff 0x0001/0x0000 0x0000000
1828.1824:  *0000000077000000-0000000077000fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   0000000077001000-00000000770fdfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   00000000770fe000-000000007712cfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   000000007712d000-000000007712dfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   000000007712e000-000000007712efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   000000007712f000-000000007712ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   0000000077130000-0000000077131fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   0000000077132000-0000000077132fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   0000000077133000-0000000077135fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   0000000077136000-0000000077137fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   0000000077138000-0000000077138fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   0000000077139000-0000000077139fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   000000007713a000-000000007713afff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   000000007713b000-00000000771a9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1828.1824:   00000000771aa000-000000006f373fff 0x0001/0x0000 0x0000000
1828.1824:  *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000
1828.1824:   000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000
1828.1824:  *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000
1828.1824:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1828.1824:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1828.1824:   000000007fff0000-ffffffffc086ffff 0x0001/0x0000 0x0000000
1828.1824:  *000000013f770000-000000013f770fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1828.1824:   000000013f771000-000000013f7e0fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1828.1824:   000000013f7e1000-000000013f7e1fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1828.1824:   000000013f7e2000-000000013f826fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1828.1824:   000000013f827000-000000013f827fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1828.1824:   000000013f828000-000000013f828fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1828.1824:   000000013f829000-000000013f82dfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1828.1824:   000000013f82e000-000000013f82efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1828.1824:   000000013f82f000-000000013f82ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1828.1824:   000000013f830000-000000013f833fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1828.1824:   000000013f834000-000000013f87bfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1828.1824:   000000013f87c000-fffff804012d7fff 0x0001/0x0000 0x0000000
1828.1824:  *000007fe7de20000-000007fe7de1efff 0x0020/0x0020 0x0020000 !!
1828.1824: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000007fe7de20000 (LB 0x1000, 000007fe7de20000 LB 0x1000)
1828.1824: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000007fe7de20000/000007fe7de20000 LB 0/0x1000]
1828.1824: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000007fe7de20000 LB 0x40000 s=0x10000 ap=0x0 rp=0x00000000000001
1828.1824:   000007fe7de21000-000007fe7dde1fff 0x0001/0x0000 0x0000000
1828.1824:  *000007fe7de60000-000007fe7de5efff 0x0020/0x0020 0x0020000 !!
1828.1824: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000007fe7de60000 (LB 0x1000, 000007fe7de60000 LB 0x1000)
1828.1824: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000007fe7de60000/000007fe7de60000 LB 0/0x1000]
1828.1824: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000007fe7de60000 LB 0x7edb0000 s=0x10000 ap=0x0 rp=0x00000000000001
1828.1824:   000007fe7de61000-000007fdff0b1fff 0x0001/0x0000 0x0000000
1828.1824:  *000007fefcc10000-000007fefcc10fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\SABLEA2Z64.DLL
1828.1824: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefcc10000 (000007fefcc10000 LB 0x1000) - 'SABLEA2Z64.DLL'
1828.1824:   000007fefcc11000-000007fefcab1fff 0x0001/0x0000 0x0000000
1828.1824:  *000007fefcd70000-000007fefcd70fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1828.1824:   000007fefcd71000-000007fefcdb9fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1828.1824:   000007fefcdba000-000007fefcdcefff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1828.1824:   000007fefcdcf000-000007fefcdd0fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1828.1824:   000007fefcdd1000-000007fefcdd9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1828.1824:   000007fefcdda000-000007fefc853fff 0x0001/0x0000 0x0000000
1828.1824:  *000007fefd360000-000007fefd360fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1828.1824: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefd360000 (000007fefd360000 LB 0x1000) - 'msvcrt.dll'
1828.1824:   000007fefd361000-000007fefd2c1fff 0x0001/0x0000 0x0000000
1828.1824:  *000007fefd400000-000007fefd400fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\sechost.dll
1828.1824: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefd400000 (000007fefd400000 LB 0x1000) - 'sechost.dll'
1828.1824:   000007fefd401000-000007fefcf51fff 0x0001/0x0000 0x0000000
1828.1824:  *000007fefd8b0000-000007fefd8b0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1828.1824: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefd8b0000 (000007fefd8b0000 LB 0x1000) - 'rpcrt4.dll'
1828.1824:   000007fefd8b1000-000007fefd361fff 0x0001/0x0000 0x0000000
1828.1824:  *000007fefde00000-000007fefde00fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1828.1824: supHardNtVpScanVirtualMemory: Unmapping image mem at 000007fefde00000 (000007fefde00000 LB 0x1000) - 'advapi32.dll'
1828.1824:   000007fefde01000-000007fefc8e1fff 0x0001/0x0000 0x0000000
1828.1824:  *000007feff320000-000007feff320fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
1828.1824:   000007feff321000-000007fdfe6a1fff 0x0001/0x0000 0x0000000
1828.1824:  *000007fffffa0000-000007fffff6cfff 0x0002/0x0002 0x0040000
1828.1824:   000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
1828.1824:  *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
1828.1824:  *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
1828.1824:  *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
1828.1824: apisetschema.dll: timestamp 0x5708a835 (rc=VINF_SUCCESS)
1828.1824: kernelbase.dll: timestamp 0x5708a89c (rc=VINF_SUCCESS)
1828.1824: VirtualBox.exe: timestamp 0x5772960f (rc=VINF_SUCCESS)
1828.1824: kernel32.dll: timestamp 0x5708a89b (rc=VINF_SUCCESS)
1828.1824: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1828.1824: Error (rc=-5663):
1828.1824: The process already has KERNEL32.DLL loaded.
1828.1824: Error (rc=-5663):
1828.1824: supHardenedWinVerifyProcess failed with Unknown Status -5663 (0xffffe9e1): The process already has KERNEL32.DLL loaded.
1828.1824: Error -5663 in supR3HardNtChildPurify! (enmWhat=5)
1828.1824: supHardenedWinVerifyProcess failed with Unknown Status -5663 (0xffffe9e1): The process already has KERNEL32.DLL loaded.
1828.1824: supR3HardNtEnableThreadCreation:

Re: supHardenedWinVerifyProcess failed

Posted: 14. Sep 2016, 13:00
by scottgus1
Permit me to quote myself:
scottgus1 wrote:Hill, you'll need to start a new thread
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited