VirtualBox

Ticket #18481: VBoxHardening.log

File VBoxHardening.log, 10.7 KB (added by brentd36, 5 years ago)
Line 
1be0.a18: Log file opened: 5.0.20r106931 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa042ee00
2be0.a18: \SystemRoot\System32\ntdll.dll:
3be0.a18: CreationTime: 2018-04-11T23:34:22.383017500Z
4be0.a18: LastWriteTime: 2018-04-11T23:34:22.383017500Z
5be0.a18: ChangeTime: 2018-10-23T11:53:31.178823900Z
6be0.a18: FileAttributes: 0x20
7be0.a18: Size: 0x1db2c0
8be0.a18: NT Headers: 0xe8
9be0.a18: Timestamp: 0x207580e2
10be0.a18: Machine: 0x8664 - amd64
11be0.a18: Timestamp: 0x207580e2
12be0.a18: Image Version: 10.0
13be0.a18: SizeOfImage: 0x1e1000 (1970176)
14be0.a18: Resource Dir: 0x174000 LB 0x6b338
15be0.a18: ProductName: Microsoft® Windows® Operating System
16be0.a18: ProductVersion: 10.0.17134.1
17be0.a18: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
18be0.a18: FileDescription: NT Layer DLL
19be0.a18: \SystemRoot\System32\kernel32.dll:
20be0.a18: CreationTime: 2018-04-11T23:34:40.510607900Z
21be0.a18: LastWriteTime: 2018-04-11T23:34:40.510607900Z
22be0.a18: ChangeTime: 2018-05-20T22:37:44.975970400Z
23be0.a18: FileAttributes: 0x20
24be0.a18: Size: 0xafef8
25be0.a18: NT Headers: 0xe8
26be0.a18: Timestamp: 0x5f488a51
27be0.a18: Machine: 0x8664 - amd64
28be0.a18: Timestamp: 0x5f488a51
29be0.a18: Image Version: 10.0
30be0.a18: SizeOfImage: 0xb2000 (729088)
31be0.a18: Resource Dir: 0xb0000 LB 0x520
32be0.a18: ProductName: Microsoft® Windows® Operating System
33be0.a18: ProductVersion: 10.0.17134.1
34be0.a18: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
35be0.a18: FileDescription: Windows NT BASE API Client DLL
36be0.a18: \SystemRoot\System32\KernelBase.dll:
37be0.a18: CreationTime: 2018-04-11T23:34:20.976649600Z
38be0.a18: LastWriteTime: 2018-04-11T23:34:20.976649600Z
39be0.a18: ChangeTime: 2018-10-23T11:53:31.288191200Z
40be0.a18: FileAttributes: 0x20
41be0.a18: Size: 0x2731d0
42be0.a18: NT Headers: 0xf8
43be0.a18: Timestamp: 0x701ca188
44be0.a18: Machine: 0x8664 - amd64
45be0.a18: Timestamp: 0x701ca188
46be0.a18: Image Version: 10.0
47be0.a18: SizeOfImage: 0x273000 (2568192)
48be0.a18: Resource Dir: 0x251000 LB 0x548
49be0.a18: ProductName: Microsoft® Windows® Operating System
50be0.a18: ProductVersion: 10.0.17134.1
51be0.a18: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
52be0.a18: FileDescription: Windows NT BASE API Client DLL
53be0.a18: \SystemRoot\System32\apisetschema.dll:
54be0.a18: CreationTime: 2018-04-11T23:34:44.042150700Z
55be0.a18: LastWriteTime: 2018-04-11T23:34:44.042150700Z
56be0.a18: ChangeTime: 2018-05-21T02:27:07.907105200Z
57be0.a18: FileAttributes: 0x20
58be0.a18: Size: 0x1bd98
59be0.a18: NT Headers: 0xd0
60be0.a18: Timestamp: 0xd02ff418
61be0.a18: Machine: 0x8664 - amd64
62be0.a18: Timestamp: 0xd02ff418
63be0.a18: Image Version: 10.0
64be0.a18: SizeOfImage: 0x1c000 (114688)
65be0.a18: Resource Dir: 0x1b000 LB 0x408
66be0.a18: ProductName: Microsoft® Windows® Operating System
67be0.a18: ProductVersion: 10.0.17134.1
68be0.a18: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
69be0.a18: FileDescription: ApiSet Schema DLL
70be0.a18: supR3HardenedWinFindAdversaries: 0x0
71be0.a18: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
72be0.a18: Calling main()
73be0.a18: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
74be0.a18: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
75be0.a18: SUPR3HardenedMain: Respawn #1
76be0.a18: System32: \Device\HarddiskVolume2\Windows\System32
77be0.a18: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
78be0.a18: KnownDllPath: C:\WINDOWS\System32
79be0.a18: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
80be0.a18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
81be0.a18: supR3HardNtEnableThreadCreation:
82be0.a18: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffe536630e0 pvNtTerminateThread=00007ffe5368a9e0
83be0.a18: supR3HardenedWinDoReSpawn(1): New child bec.be4 [kernel32].
84be0.a18: supR3HardNtChildGatherData: PebBaseAddress=00000000006fa000 cbPeb=0x388
85be0.a18: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffe535f0000 uNtDllChildAddr=00007ffe535f0000
86be0.a18: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffe536630e0
87be0.a18: supR3HardenedWinSetupChildInit: Start child.
88be0.a18: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
89be0.a18: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 17 sleeps
90be0.a18: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
91be0.a18: *0000000000000000-ffffffffffb2ffff 0x0001/0x0000 0x0000000
92be0.a18: *00000000004d0000-00000000004affff 0x0004/0x0004 0x0020000
93be0.a18: *00000000004f0000-00000000004d6fff 0x0002/0x0002 0x0040000
94be0.a18: 0000000000509000-0000000000501fff 0x0001/0x0000 0x0000000
95be0.a18: *0000000000510000-000000000050bfff 0x0002/0x0002 0x0040000
96be0.a18: 0000000000514000-0000000000507fff 0x0001/0x0000 0x0000000
97be0.a18: *0000000000520000-000000000051efff 0x0004/0x0004 0x0020000
98be0.a18: 0000000000521000-0000000000441fff 0x0001/0x0000 0x0000000
99be0.a18: *0000000000600000-0000000000505fff 0x0000/0x0004 0x0020000
100be0.a18: 00000000006fa000-00000000006f6fff 0x0004/0x0004 0x0020000
101be0.a18: 00000000006fd000-00000000005f9fff 0x0000/0x0004 0x0020000
102be0.a18: *0000000000800000-0000000000704fff 0x0000/0x0004 0x0020000
103be0.a18: 00000000008fb000-00000000008f7fff 0x0104/0x0004 0x0020000
104be0.a18: 00000000008fe000-00000000008fbfff 0x0004/0x0004 0x0020000
105be0.a18: 0000000000900000-ffffffff8121ffff 0x0001/0x0000 0x0000000
106be0.a18: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
107be0.a18: 000000007ffe1000-ffff800b52621fff 0x0001/0x0000 0x0000000
108be0.a18: *00007ff5ad9a0000-00007ff5ad97cfff 0x0002/0x0002 0x0040000
109be0.a18: 00007ff5ad9c3000-00007ff372cb5fff 0x0001/0x0000 0x0000000
110be0.a18: *00007ff7e86d0000-00007ff7e86d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
111be0.a18: 00007ff7e86d1000-00007ff7e8740fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
112be0.a18: 00007ff7e8741000-00007ff7e8741fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
113be0.a18: 00007ff7e8742000-00007ff7e8786fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
114be0.a18: 00007ff7e8787000-00007ff7e8787fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
115be0.a18: 00007ff7e8788000-00007ff7e8788fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
116be0.a18: 00007ff7e8789000-00007ff7e878dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
117be0.a18: 00007ff7e878e000-00007ff7e878efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
118be0.a18: 00007ff7e878f000-00007ff7e878ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
119be0.a18: 00007ff7e8790000-00007ff7e8793fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
120be0.a18: 00007ff7e8794000-00007ff7e87dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
121be0.a18: 00007ff7e87dc000-00007ff17d9c7fff 0x0001/0x0000 0x0000000
122be0.a18: *00007ffe535f0000-00007ffe535f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
123be0.a18: 00007ffe535f1000-00007ffe536fffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
124be0.a18: 00007ffe53700000-00007ffe53745fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
125be0.a18: 00007ffe53746000-00007ffe53750fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
126be0.a18: 00007ffe53751000-00007ffe5375efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
127be0.a18: 00007ffe5375f000-00007ffe5375ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
128be0.a18: 00007ffe53760000-00007ffe53762fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
129be0.a18: 00007ffe53763000-00007ffe537d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
130be0.a18: 00007ffe537d1000-00007ffca6fb1fff 0x0001/0x0000 0x0000000
131be0.a18: VirtualBox.exe: timestamp 0x57220aaf (rc=VINF_SUCCESS)
132be0.a18: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
133be0.a18: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
134be0.a18: supR3HardNtChildPurify: Done after 297 ms and 0 fixes (loop #0).
135bec.be4: Log file opened: 5.0.20r106931 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
136bec.be4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffe535f0000 g_uNtVerCombined=0xa042ee00
137bec.be4: ntdll.dll: timestamp 0x207580e2 (rc=VINF_SUCCESS)
138bec.be4: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1970176 allocation)
139be0.a18: supR3HardNtEnableThreadCreation:
140bec.be4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
141bec.be4: System32: \Device\HarddiskVolume2\Windows\System32
142bec.be4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
143bec.be4: KnownDllPath: C:\WINDOWS\System32
144bec.be4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
145bec.be4: Error opening VBoxDrvStub: STATUS_OBJECT_NAME_NOT_FOUND
146bec.be4: supR3HardenedWinReadErrorInfoDevice: NtCreateFile -> 0xc0000034
147bec.be4: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
148bec.be4: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
149
150Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
151be0.a18: supR3HardenedWinCheckChild: enmRequest=2 rc=-101 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
152
153Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
154be0.a18: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
155be0.a18: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
156
157Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.

© 2023 Oracle
ContactPrivacy policyTerms of Use