virtualbox.org

End user forums for VirtualBox
https://forums.virtualbox.org/

VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED

https://forums.virtualbox.org/viewtopic.php?t=69083

Page 1 of 1

VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED

Posted: 22. Jul 2015, 15:17
by wingbase
Hello,

I upgraded VirtualBox yesterday to the latest 5.0 release (I'm not exactly sure what I was on previously, I think version 4.1). After the upgrade, I cannot start VMs and get the error message:

supHardenedWinVerifyProcess failed with
VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED: (rc=-5673)

The log is included below.

I have tried uninstalling, reinstalling, going back to the latest copies of 4.3, 4.2, and 4.1 but now all of them have the same error message. Any help? I can't seem to get any specific resolution to the VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED error message when Googling for an answer.

Thanks!

Code: Select all

8a4.24dc: Log file opened: 5.0.0r101573 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
8a4.24dc: \SystemRoot\System32\ntdll.dll:
8a4.24dc:     CreationTime:    2015-04-21T12:22:50.492851500Z
8a4.24dc:     LastWriteTime:   2015-03-17T05:19:37.641771700Z
8a4.24dc:     ChangeTime:      2015-04-24T20:44:56.548185400Z
8a4.24dc:     FileAttributes:  0x20
8a4.24dc:     Size:            0x1a5da0
8a4.24dc:     NT Headers:      0xe0
8a4.24dc:     Timestamp:       0x5507b864
8a4.24dc:     Machine:         0x8664 - amd64
8a4.24dc:     Timestamp:       0x5507b864
8a4.24dc:     Image Version:   6.1
8a4.24dc:     SizeOfImage:     0x1a8000 (1736704)
8a4.24dc:     Resource Dir:    0x14c000 LB 0x5a028
8a4.24dc:     ProductName:     Microsoft® Windows® Operating System
8a4.24dc:     ProductVersion:  6.1.7601.18798
8a4.24dc:     FileVersion:     6.1.7601.18798 (win7sp1_gdr.150316-1654)
8a4.24dc:     FileDescription: NT Layer DLL
8a4.24dc: \SystemRoot\System32\kernel32.dll:
8a4.24dc:     CreationTime:    2015-04-21T12:22:50.403842600Z
8a4.24dc:     LastWriteTime:   2015-03-17T05:16:34.921000000Z
8a4.24dc:     ChangeTime:      2015-04-24T20:44:56.763185400Z
8a4.24dc:     FileAttributes:  0x20
8a4.24dc:     Size:            0x11c000
8a4.24dc:     NT Headers:      0xe8
8a4.24dc:     Timestamp:       0x5507b879
8a4.24dc:     Machine:         0x8664 - amd64
8a4.24dc:     Timestamp:       0x5507b879
8a4.24dc:     Image Version:   6.1
8a4.24dc:     SizeOfImage:     0x11f000 (1175552)
8a4.24dc:     Resource Dir:    0x116000 LB 0x528
8a4.24dc:     ProductName:     Microsoft® Windows® Operating System
8a4.24dc:     ProductVersion:  6.1.7601.18798
8a4.24dc:     FileVersion:     6.1.7601.18798 (win7sp1_gdr.150316-1654)
8a4.24dc:     FileDescription: Windows NT BASE API Client DLL
8a4.24dc: \SystemRoot\System32\KernelBase.dll:
8a4.24dc:     CreationTime:    2015-04-21T12:22:51.460948300Z
8a4.24dc:     LastWriteTime:   2015-03-17T05:16:34.921000000Z
8a4.24dc:     ChangeTime:      2015-04-24T20:44:56.767185400Z
8a4.24dc:     FileAttributes:  0x20
8a4.24dc:     Size:            0x67a00
8a4.24dc:     NT Headers:      0xe8
8a4.24dc:     Timestamp:       0x5507b87a
8a4.24dc:     Machine:         0x8664 - amd64
8a4.24dc:     Timestamp:       0x5507b87a
8a4.24dc:     Image Version:   6.1
8a4.24dc:     SizeOfImage:     0x6c000 (442368)
8a4.24dc:     Resource Dir:    0x6a000 LB 0x530
8a4.24dc:     ProductName:     Microsoft® Windows® Operating System
8a4.24dc:     ProductVersion:  6.1.7601.18798
8a4.24dc:     FileVersion:     6.1.7601.18798 (win7sp1_gdr.150316-1654)
8a4.24dc:     FileDescription: Windows NT BASE API Client DLL
8a4.24dc: \SystemRoot\System32\apisetschema.dll:
8a4.24dc:     CreationTime:    2015-04-21T12:22:53.107112900Z
8a4.24dc:     LastWriteTime:   2015-03-17T05:11:07.952000000Z
8a4.24dc:     ChangeTime:      2015-04-24T20:44:56.529185400Z
8a4.24dc:     FileAttributes:  0x20
8a4.24dc:     Size:            0x1a00
8a4.24dc:     NT Headers:      0xc0
8a4.24dc:     Timestamp:       0x5507b7b1
8a4.24dc:     Machine:         0x8664 - amd64
8a4.24dc:     Timestamp:       0x5507b7b1
8a4.24dc:     Image Version:   6.1
8a4.24dc:     SizeOfImage:     0x50000 (327680)
8a4.24dc:     Resource Dir:    0x30000 LB 0x3f8
8a4.24dc:     ProductName:     Microsoft® Windows® Operating System
8a4.24dc:     ProductVersion:  6.1.7601.18798
8a4.24dc:     FileVersion:     6.1.7601.18798 (win7sp1_gdr.150316-1654)
8a4.24dc:     FileDescription: ApiSet Schema DLL
8a4.24dc: Found driver SysPlant (0x1)
8a4.24dc: Found driver SymNetS (0x2)
8a4.24dc: Found driver SymDS (0x2)
8a4.24dc: Found driver dgmaster (0x2000)
8a4.24dc: Found driver SRTSPX (0x2)
8a4.24dc: Found driver SymEvent (0x2)
8a4.24dc: Found driver SymIRON (0x2)
8a4.24dc: supR3HardenedWinFindAdversaries: 0x2003
8a4.24dc: \SystemRoot\System32\drivers\SysPlant.sys:
8a4.24dc:     CreationTime:    2013-10-07T11:01:46.858035800Z
8a4.24dc:     LastWriteTime:   2013-10-07T11:01:46.858035800Z
8a4.24dc:     ChangeTime:      2014-07-10T18:11:18.176084600Z
8a4.24dc:     FileAttributes:  0x20
8a4.24dc:     Size:            0x26ef0
8a4.24dc:     NT Headers:      0xf8
8a4.24dc:     Timestamp:       0x51a0ec2d
8a4.24dc:     Machine:         0x8664 - amd64
8a4.24dc:     Timestamp:       0x51a0ec2d
8a4.24dc:     Image Version:   5.0
8a4.24dc:     SizeOfImage:     0x2f000 (192512)
8a4.24dc:     Resource Dir:    0x2d000 LB 0x490
8a4.24dc:     ProductName:     Symantec CMC Firewall
8a4.24dc:     ProductVersion:  12.1.3001.165
8a4.24dc:     FileVersion:     12.1.3001.165
8a4.24dc:     FileDescription: Symantec CMC Firewall SysPlant
8a4.24dc: \SystemRoot\System32\sysfer.dll:
8a4.24dc:     CreationTime:    2013-10-07T11:01:46.842435800Z
8a4.24dc:     LastWriteTime:   2013-10-07T11:01:46.842435800Z
8a4.24dc:     ChangeTime:      2014-07-10T18:11:50.880354700Z
8a4.24dc:     FileAttributes:  0x20
8a4.24dc:     Size:            0x70190
8a4.24dc:     NT Headers:      0xe8
8a4.24dc:     Timestamp:       0x51a0ecb5
8a4.24dc:     Machine:         0x8664 - amd64
8a4.24dc:     Timestamp:       0x51a0ecb5
8a4.24dc:     Image Version:   0.0
8a4.24dc:     SizeOfImage:     0x87000 (552960)
8a4.24dc:     Resource Dir:    0x85000 LB 0x628
8a4.24dc:     ProductName:     Symantec CMC Firewall
8a4.24dc:     ProductVersion:  12.1.3001.165
8a4.24dc:     FileVersion:     12.1.3001.165
8a4.24dc:     FileDescription: Symantec CMC Firewall sysfer
8a4.24dc: \SystemRoot\System32\sysferThunk.dll:
8a4.24dc:     CreationTime:    2013-10-07T11:01:46.842435800Z
8a4.24dc:     LastWriteTime:   2013-10-07T11:01:46.842435800Z
8a4.24dc:     ChangeTime:      2014-07-10T18:11:50.881354800Z
8a4.24dc:     FileAttributes:  0x20
8a4.24dc:     Size:            0x2f90
8a4.24dc:     NT Headers:      0xd0
8a4.24dc:     Timestamp:       0x51a0ecb6
8a4.24dc:     Machine:         0x8664 - amd64
8a4.24dc:     Timestamp:       0x51a0ecb6
8a4.24dc:     Image Version:   0.0
8a4.24dc:     SizeOfImage:     0x8000 (32768)
8a4.24dc:     Resource Dir:    0x6000 LB 0x640
8a4.24dc:     ProductName:     Symantec CMC Firewall
8a4.24dc:     ProductVersion:  12.1.3001.165
8a4.24dc:     FileVersion:     12.1.3001.165
8a4.24dc:     FileDescription: Symantec CMC Firewall SysferThunk
8a4.24dc: \SystemRoot\System32\drivers\symevent64x86.sys:
8a4.24dc:     CreationTime:    2013-10-07T11:01:49.775240900Z
8a4.24dc:     LastWriteTime:   2013-10-07T11:01:49.759640900Z
8a4.24dc:     ChangeTime:      2014-07-10T18:11:18.171084100Z
8a4.24dc:     FileAttributes:  0x20
8a4.24dc:     Size:            0x2b4a0
8a4.24dc:     NT Headers:      0xe8
8a4.24dc:     Timestamp:       0x50346f1e
8a4.24dc:     Machine:         0x8664 - amd64
8a4.24dc:     Timestamp:       0x50346f1e
8a4.24dc:     Image Version:   6.0
8a4.24dc:     SizeOfImage:     0x38000 (229376)
8a4.24dc:     Resource Dir:    0x36000 LB 0x3c8
8a4.24dc:     ProductName:     SYMEVENT
8a4.24dc:     ProductVersion:  12.9.3.1
8a4.24dc:     FileVersion:     12.9.3.1
8a4.24dc:     FileDescription: Symantec Event Library
8a4.24dc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
8a4.24dc: Calling main()
8a4.24dc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
8a4.24dc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
8a4.24dc: SUPR3HardenedMain: Respawn #1
8a4.24dc: System32:  \Device\HarddiskVolume1\Windows\System32
8a4.24dc: WinSxS:    \Device\HarddiskVolume1\Windows\winsxs
8a4.24dc: KnownDllPath: C:\WINDOWS\system32
8a4.24dc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8a4.24dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8a4.24dc: supR3HardNtEnableThreadCreation:
8a4.24dc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f0b690 pvNtTerminateThread=0000000076f2e100
8a4.24dc: supR3HardenedWinDoReSpawn(1): New child 1f58.e1c [kernel32].
8a4.24dc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd4000 cbPeb=0x380
8a4.24dc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076ee0000 uNtDllChildAddr=0000000076ee0000
8a4.24dc: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076f0b690
8a4.24dc: supR3HardenedWinSetupChildInit: Start child.
8a4.24dc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
8a4.24dc: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
8a4.24dc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
8a4.24dc:  *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
8a4.24dc:  *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
8a4.24dc:  *0000000000030000-000000000002efff 0x0040/0x0040 0x0020000 !!
8a4.24dc: supHardNtVpFreeOrReplacePrivateExecMemory: Replacing exec mem at 0000000000030000 (LB 0x1000, 0000000000030000 LB 0x1000)
8a4.24dc: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000030000/0000000000030000 LB 0/0x1000]
8a4.24dc: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000030000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
8a4.24dc: Error (rc=-5673):
8a4.24dc: NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
8a4.24dc: Error (rc=-5645):
8a4.24dc: Too many virtual memory regions.

8a4.24dc: Error (rc=-5673):
8a4.24dc: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details 
[rc=-5645] Too many virtual memory regions.
8a4.24dc: Error -5673 in supR3HardNtChildPurify! (enmWhat=5)
8a4.24dc: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details 
[rc=-5645] Too many virtual memory regions.
8a4.24dc: supR3HardNtEnableThreadCreation:

Re: VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED

Posted: 22. Jul 2015, 15:27
by wingbase
Some more searching came up with a suggesting to try version 4.3.12. I've done so, and that version does work.

Still would like thoughts on upgrading and going to later versions down the road if anyone has input. Thanks!

Re: VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED

Posted: 22. Jul 2015, 15:30
by mpack
If you are not prepared to fix the underlying cause then you have no upgade path.

All you have done so far is avoid an error message by reverting to an older version of the software that doesn't implement the check. You seem to have ignored the possibility that both the check and the error message were legitimate.

See the "security" discussion at the top of this forum, take note of the diagnostics you need to provide when posting. Read the other posts first.

Re: VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED

Posted: 22. Jul 2015, 15:38
by wingbase
Without an understanding of the error message itself and the log file, I didn't realize I'm simply masking the error.

1) Host OS and version
Windows 7 Enterprise 64 bit, SP 1

2) VBoxStartup.log (zipped)
Attached

3) Mention any host anti-virus, firewalls, protection software, and debugging programs etc which might be relevant.
Symantec Endpoint Protection
Avecto Privilege Guard

Re: VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED

Posted: 22. Jul 2015, 15:53
by mpack
VBoxStartup.log wrote: 8a4.24dc: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000030000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
8a4.24dc: Error (rc=-5673):
8a4.24dc: NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
8a4.24dc: Error (rc=-5645):
8a4.24dc: Too many virtual memory regions.
Well, VirtualBox seems to be saying that your AV software is buggy. Having two AV suites running often causes problems. I would suggest that you try disabling both, verify that this cures the problem, then add them back one at a time to see which is the culprit. Finally consider whether that tool is needed.

Re: VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED

Posted: 28. Jul 2015, 21:48
by jrasmussen0
Avecto Privilege Guard is not an Anti-Virus program but it is a privilege elevation tool that injects itself into every process to allow Avecto to swap out security tokens during application execution. It allows Windows permission model to more closely resemble sudo under Unix operating systems. The driver in question is called PGDriver.sys and is digitally signed by Avecto.

Maybe VirtualBox could have a flexible way to allow trusted digitally signed drivers to execute without throwing up a security exception.

Re: VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED

Posted: 28. Jul 2015, 22:08
by Perryg
jrasmussen0 wrote:Avecto Privilege Guard is not an Anti-Virus program but it is a privilege elevation tool that injects itself into every process to allow Avecto to swap out security tokens during application execution. It allows Windows permission model to more closely resemble sudo under Unix operating systems. The driver in question is called PGDriver.sys and is digitally signed by Avecto.

Maybe VirtualBox could have a flexible way to allow trusted digitally signed drivers to execute without throwing up a security exception.
That being the case you should raise a ticket at bugtracker and provide the necessary information so they might consider it.

Re: VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED

Posted: 29. Jul 2015, 09:51
by mpack
jrasmussen0 wrote:Maybe VirtualBox could have a flexible way to allow trusted digitally signed drivers to execute without throwing up a security exception.
This isn't a security exception, it's a memory allocation error.

Re: VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED

Posted: 2. Feb 2016, 23:14
by Eryk
I get the same error message. Virtualbox worked fine until last Friday.
I got several updates installed of WIN7 and after I did not succeed any more in starting my virtual machine.
Any clues ?
Thank you very much
Eryk

Re: VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED

Posted: 3. Feb 2016, 10:07
by michaln
jrasmussen0 wrote:Avecto Privilege Guard is not an Anti-Virus program but it is a privilege elevation tool that injects itself into every process to allow Avecto to swap out security tokens during application execution.
You're right, that doesn't sound like AV software. That sounds like a virus.

Re: VERR_SUP_VP_REPLACE_VIRTUAL_MEMORY_FAILED

Posted: 24. Feb 2016, 23:34
by Eryk
12f4.16b8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
12f4.16b8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
12f4.16b8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
12f4.16b8: *0000000000030000-000000000002efff 0x0040/0x0040 0x0020000 !!
12f4.16b8: supHardNtVpFreeOrReplacePrivateExecMemory: Replacing exec mem at 0000000000030000 (LB 0x1000, 0000000000030000 LB 0x1000)
12f4.16b8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000030000/0000000000030000 LB 0/0x1000]
12f4.16b8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000030000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
12f4.16b8: Error (rc=-5673):
12f4.16b8: NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
12f4.16b8: Error (rc=-5645):
12f4.16b8: Too many virtual memory regions.

12f4.16b8: Error (rc=-5673):
12f4.16b8: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
[rc=-5645] Too many virtual memory regions.
12f4.16b8: Error -5673 in supR3HardNtChildPurify! (enmWhat=5)
12f4.16b8: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (0000000000030000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
[rc=-5645] Too many virtual memory regions.
12f4.16b8: supR3HardNtEnableThreadCreation:


the section working around buggy protection software sounds strange ...
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited