virtualbox.org

End user forums for VirtualBox
https://forums.virtualbox.org/

VM startup terminates unexpectedly on Win10

https://forums.virtualbox.org/viewtopic.php?t=98344

Page 1 of 1

VM startup terminates unexpectedly on Win10

Posted: 25. May 2020, 19:52
by jappenze
Virtualbox 6.1.8 r137981
Windows 10 Build 18363

When starting a 64bit Ubuntu VM (named Ethereum) via the Virtualbox UI, I am getting hard to decipher hardening errors.
HyperV is disabled and all "guards" are disabled or uninstalled

Full log attached. Any help is appreciated. Thank you.

The virtual machine 'Ethereum' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\joapp\VirtualBox VMs\Ethereum\Logs\VBoxHardening.log'.
Result Code:
E_FAIL (0x80004005)
Component:
MachineWrap
Interface:
IMachine {85632c68-b5bb-4316-a900-5eb28d3413df}

The details are attached in the log. Extract:
9c8.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe13140000 'C:\WINDOWS\System32\msacm32.drv'
9c8.256c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv [lacks WinVerifyTrust]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe13140000 'C:\WINDOWS\System32\msacm32.drv'
9c8.256c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv [lacks WinVerifyTrust]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe13140000 'C:\WINDOWS\System32\msacm32.drv'
9c8.256c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv [lacks WinVerifyTrust]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe13140000 'C:\WINDOWS\System32\msacm32.drv'
9c8.256c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv [lacks WinVerifyTrust]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe13140000 'C:\WINDOWS\System32\msacm32.drv'
9c8.256c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv [lacks WinVerifyTrust]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe13140000 'C:\WINDOWS\System32\msacm32.drv'
9c8.256c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv [lacks WinVerifyTrust]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe13140000 'C:\WINDOWS\System32\msacm32.drv'
9c8.256c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv [lacks WinVerifyTrust]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe13140000 'C:\WINDOWS\System32\msacm32.drv'
9c8.256c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c8.256c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
9c8.256c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\midimap.dll)
9c8.256c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
9c8.256c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
9c8.256c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
9c8.256c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll [lacks WinVerifyTrust]
9c8.256c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c8.256c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c8.256c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
9c8.256c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\midimap.dll [lacks WinVerifyTrust]
9c8.256c: supR3HardenedDllNotificationCallback: load 00007ffe0f9f0000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
9c8.256c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\midimap.dll [lacks WinVerifyTrust]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f9f0000 'C:\WINDOWS\System32\midimap.dll'
9c8.256c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\midimap.dll [lacks WinVerifyTrust]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f9f0000 'C:\WINDOWS\System32\midimap.dll'
9c8.256c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\midimap.dll [lacks WinVerifyTrust]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f9f0000 'C:\WINDOWS\System32\midimap.dll'
9c8.256c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\midimap.dll [lacks WinVerifyTrust]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
9c8.256c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe0f9f0000 'C:\WINDOWS\System32\midimap.dll'
9c8.2e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll [lacks WinVerifyTrust]
9c8.2e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
9c8.2e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe1f6c0000 'C:\WINDOWS\System32\MMDevApi.dll'
4384.994: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 5719 ms, the end);

Re: VM startup terminates unexpectedly on Win10

Posted: 25. May 2020, 23:40
by scottgus1
To the best of my knowledge, Hyper-V does not cause hardening issues. It does cause some other problems...

See I have a 64bit host, but can't install 64bit guests.

There is a section on your error code 0x1. There isn't anything standing out in the log that I see, aside from all those [lacksWinVerifyTrust]s. One recent poster in a similar situation had extra 'protection' software from the PC's manufacturer running. This software didn't show up in the log but did cause the hardening issue, and removing it fixed the hardening problem. You'll need to use your imagination.

Re: VM startup terminates unexpectedly on Win10

Posted: 26. May 2020, 00:53
by fth0
scottgus1 wrote:There isn't anything standing out in the log that I see
Let me help you see it: ;)
VBoxHardening.log file wrote:
23bc.22b0: Error -104 in supR3HardenedWinReSpawn! (enmWhat=5)
23bc.22b0: Error relaunching VirtualBox VM process: 5
Command line: '60eaff78-4bdd-042d-2e72-669728efd737-suplib-3rdchild --comment Ethereum --startvm 8e7bdbdf-b4ef-4309-b73e-d0369affe551 --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\joapp\VirtualBox VMs\Ethereum\Logs\VBoxHardening.log"'
There are a lot of cases like this in the forums, without a general solution, and many were never solved.

For some reason unknown to me, the error message doesn't name the real executable, which could lead to the next step in analyzing the cause (the 3rdchild name is a constant name in VirtualBox for the Respawn #2). I once asked for an enhancement of the error message in an old Bugtracker entry, but got no response.
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited