The hardening related access violation usually means that a DLL got ejected because it wasn't signed - other parts of whatever app (something invasive, that wants to run inside the VirtualBox program space) wanted that DLL crash when they try to call it.jroselarsen wrote: Error code 0xc00000005 is 'access violation'.
I can't imagine what possible relevance you thought that would have. We aren't trying to find a conflict with VMWare, and I have no idea what hardening checks (if any) VMWare does anyway.jroselarsen wrote: I have VMWare WS12 as well, and it works perfectly......
Things usually work until they breakjroselarsen wrote:This is strange, because it has worked previously.
I'm afraid that's not enough. You need to uninstall it, since it loads kernel drivers at system startup. Disabling the front end does not disable the loaded components or the engine.jroselarsen wrote:I've tried to disable AVG, and the problem persists.
The log is incomplete. I don't know where you saw those things that your refer to. Did you grab the log before the process ended?jroselarsen wrote:From the log it seems that VB has passed checking the drivers and is starting the VM, but can't write to it's memory.
AVG won't show you errors, VirtualBox will. That doesn't change the fact that AVG will load itself with any process.jroselarsen wrote:Nothing in AVG logs points at any error either and Virtualbox has been added to exceptions.
Could be? When was the last update?jroselarsen wrote:Wonder if Microsoft has hardened anything recently?
Yes, due to hardened security.jroselarsen wrote:Error code 0xc0000005 is 'access violation'.
Not a good idea. You should run it as "you". No "Run as Administrator", nor logging as Administrator. Unless you are the Administrator, but still the "Run as Administrator" is a no-go.jroselarsen wrote:VB is running with administrator priviledge.
Not related to this discussion I'm afraid. I bet that Notepad or SolidWork runs fine as well.jroselarsen wrote:I have VMWare WS12 as well, and it works perfectly......
Code: Select all
/**
* Sets up the early process init.
*
* @param pThis The child process data structure.
*/
static void supR3HardNtChildSetUpChildInit(PSUPR3HARDNTCHILD pThis)
{
uintptr_t const uChildExeAddr = (uintptr_t)pThis->Peb.ImageBaseAddress;
/*
* Plant the process parameters. This ASSUMES the handle inheritance is
* performed when creating the child process.
*/
RT_ZERO(pThis->ProcParams);
pThis->ProcParams.hEvtChild = pThis->hEvtChild;
pThis->ProcParams.hEvtParent = pThis->hEvtParent;
pThis->ProcParams.uNtDllAddr = pThis->uNtDllAddr;
pThis->ProcParams.enmRequest = kSupR3WinChildReq_Error;
pThis->ProcParams.rc = VINF_SUCCESS;
uintptr_t uChildAddr = uChildExeAddr + ((uintptr_t)&g_ProcParams - (uintptr_t)NtCurrentPeb()->ImageBaseAddress);
SIZE_T cbIgnored;
NTSTATUS rcNt = NtWriteVirtualMemory(pThis->hProcess, (PVOID)uChildAddr, &pThis->ProcParams,
sizeof(pThis->ProcParams), &cbIgnored);
if (!NT_SUCCESS(rcNt))
supR3HardenedWinKillChild(pThis, "supR3HardenedWinSetupChildInit", rcNt,
"NtWriteVirtualMemory(,%p,) failed writing child process parameters: %#x\n", uChildAddr, rcNt);Interesting, I didn't know it was mirrored in GitHub. You can also find the snippet in the official source code in "vbox/trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp", function "supR3HardNtChildSetUpChildInit", around line 3570 (as of this writing).jroselarsen wrote:Found the code on Github.
Debuggers these days have been known to use VT-x. I'm not sure if AVG is doing it, and if it is working in a "cooperative multitasking", "VT-x sharing" kind of a way. But it's something to keep in mind...mpack wrote:Caused by AVG Software which activates ifself as debugger for, in this case, virtualbox.exe.