VirtualBox

Changes between Initial Version and Version 1 of Ticket #13659, comment 13


Ignore:
Timestamp:
Jul 4, 2017 9:00:22 AM (7 years ago)
Author:
Frank Mehnert

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #13659, comment 13

    initial v1  
    1 I get this with the latest 5.1.22 version
     1I get this with the latest 5.1.22 version.
    22
    3 Attached is the error log generated
    4 
    5 658.2624: Log file opened: 5.1.22r115126 g_hStartupLog=000000000000024c g_uNtVerCombined=0x611db110
    6 658.2624: \SystemRoot\System32\ntdll.dll:
    7 658.2624:     CreationTime:    2017-05-15T11:40:24.977655900Z
    8 658.2624:     LastWriteTime:   2017-04-28T01:11:49.878278200Z
    9 658.2624:     ChangeTime:      2017-05-15T11:48:18.514070200Z
    10 658.2624:     FileAttributes:  0x20
    11 658.2624:     Size:            0x1a7100
    12 658.2624:     NT Headers:      0xe0
    13 658.2624:     Timestamp:       0x590296ce
    14 658.2624:     Machine:         0x8664 - amd64
    15 658.2624:     Timestamp:       0x590296ce
    16 658.2624:     Image Version:   6.1
    17 658.2624:     SizeOfImage:     0x1aa000 (1744896)
    18 658.2624:     Resource Dir:    0x14e000 LB 0x5a028
    19 658.2624:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
    20 658.2624:     [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
    21 658.2624:     ProductName:     Microsoft® Windows® Operating System
    22 658.2624:     ProductVersion:  6.1.7601.23796
    23 658.2624:     FileVersion:     6.1.7601.23796 (win7sp1_ldr.170427-1518)
    24 658.2624:     FileDescription: NT Layer DLL
    25 658.2624: \SystemRoot\System32\kernel32.dll:
    26 658.2624:     CreationTime:    2017-05-15T11:40:25.367655900Z
    27 658.2624:     LastWriteTime:   2017-04-28T01:10:02.307000000Z
    28 658.2624:     ChangeTime:      2017-05-15T11:48:23.818079600Z
    29 658.2624:     FileAttributes:  0x20
    30 658.2624:     Size:            0x11c000
    31 658.2624:     NT Headers:      0xe0
    32 658.2624:     Timestamp:       0x59029713
    33 658.2624:     Machine:         0x8664 - amd64
    34 658.2624:     Timestamp:       0x59029713
    35 658.2624:     Image Version:   6.1
    36 658.2624:     SizeOfImage:     0x11f000 (1175552)
    37 658.2624:     Resource Dir:    0x116000 LB 0x528
    38 658.2624:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
    39 658.2624:     [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
    40 658.2624:     ProductName:     Microsoft® Windows® Operating System
    41 658.2624:     ProductVersion:  6.1.7601.23796
    42 658.2624:     FileVersion:     6.1.7601.23796 (win7sp1_ldr.170427-1518)
    43 658.2624:     FileDescription: Windows NT BASE API Client DLL
    44 658.2624: \SystemRoot\System32\KernelBase.dll:
    45 658.2624:     CreationTime:    2017-05-15T11:40:27.080155900Z
    46 658.2624:     LastWriteTime:   2017-04-28T01:10:02.307000000Z
    47 658.2624:     ChangeTime:      2017-05-15T11:48:23.849279600Z
    48 658.2624:     FileAttributes:  0x20
    49 658.2624:     Size:            0x66800
    50 658.2624:     NT Headers:      0xe8
    51 658.2624:     Timestamp:       0x59029714
    52 658.2624:     Machine:         0x8664 - amd64
    53 658.2624:     Timestamp:       0x59029714
    54 658.2624:     Image Version:   6.1
    55 658.2624:     SizeOfImage:     0x6a000 (434176)
    56 658.2624:     Resource Dir:    0x68000 LB 0x530
    57 658.2624:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
    58 658.2624:     [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
    59 658.2624:     ProductName:     Microsoft® Windows® Operating System
    60 658.2624:     ProductVersion:  6.1.7601.23796
    61 658.2624:     FileVersion:     6.1.7601.23796 (win7sp1_ldr.170427-1518)
    62 658.2624:     FileDescription: Windows NT BASE API Client DLL
    63 658.2624: \SystemRoot\System32\apisetschema.dll:
    64 658.2624:     CreationTime:    2017-05-15T11:40:28.850155900Z
    65 658.2624:     LastWriteTime:   2017-04-28T01:09:58.126000000Z
    66 658.2624:     ChangeTime:      2017-05-15T11:48:18.233269700Z
    67 658.2624:     FileAttributes:  0x20
    68 658.2624:     Size:            0x1a00
    69 658.2624:     NT Headers:      0xc0
    70 658.2624:     Timestamp:       0x590296af
    71 658.2624:     Machine:         0x8664 - amd64
    72 658.2624:     Timestamp:       0x590296af
    73 658.2624:     Image Version:   6.1
    74 658.2624:     SizeOfImage:     0x50000 (327680)
    75 658.2624:     Resource Dir:    0x30000 LB 0x3f8
    76 658.2624:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    77 658.2624:     [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
    78 658.2624:     ProductName:     Microsoft® Windows® Operating System
    79 658.2624:     ProductVersion:  6.1.7601.23796
    80 658.2624:     FileVersion:     6.1.7601.23796 (win7sp1_ldr.170427-1518)
    81 658.2624:     FileDescription: ApiSet Schema DLL
    82 658.2624: Found driver SysPlant (0x1)
    83 658.2624: Found driver SymNetS (0x2)
    84 658.2624: Found driver SRTSPX (0x2)
    85 658.2624: Found driver SymEvent (0x2)
    86 658.2624: Found driver SymIRON (0x2)
    87 658.2624: supR3HardenedWinFindAdversaries: 0x3
    88 658.2624: \SystemRoot\System32\drivers\SysPlant.sys:
    89 658.2624:     CreationTime:    2015-04-08T09:25:06.205658700Z
    90 658.2624:     LastWriteTime:   2015-04-08T09:25:06.205658700Z
    91 658.2624:     ChangeTime:      2015-04-08T09:25:06.205658700Z
    92 658.2624:     FileAttributes:  0x20
    93 658.2624:     Size:            0x26f40
    94 658.2624:     NT Headers:      0x100
    95 658.2624:     Timestamp:       0x5413cb4e
    96 658.2624:     Machine:         0x8664 - amd64
    97 658.2624:     Timestamp:       0x5413cb4e
    98 658.2624:     Image Version:   5.0
    99 658.2624:     SizeOfImage:     0x2d000 (184320)
    100 658.2624:     Resource Dir:    0x2b000 LB 0x498
    101 658.2624:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
    102 658.2624:     [Raw version resource data: 0x2b0b8 LB 0x3e0, codepage 0x4e4 (reserved 0x0)]
    103 658.2624:     ProductName:     Symantec CMC Firewall
    104 658.2624:     ProductVersion:  12.1.5337.5000
    105 658.2624:     FileVersion:     12.1.5337.5000
    106 658.2624:     FileDescription: Symantec CMC Firewall SysPlant
    107 658.2624: \SystemRoot\System32\sysfer.dll:
    108 658.2624:     CreationTime:    2015-04-08T09:25:06.200658700Z
    109 658.2624:     LastWriteTime:   2015-04-08T09:25:06.200658700Z
    110 658.2624:     ChangeTime:      2015-04-08T09:25:06.200658700Z
    111 658.2624:     FileAttributes:  0x20
    112 658.2624:     Size:            0x70f60
    113 658.2624:     NT Headers:      0xe8
    114 658.2624:     Timestamp:       0x5413cb55
    115 658.2624:     Machine:         0x8664 - amd64
    116 658.2624:     Timestamp:       0x5413cb55
    117 658.2624:     Image Version:   0.0
    118 658.2624:     SizeOfImage:     0x88000 (557056)
    119 658.2624:     Resource Dir:    0x86000 LB 0x630
    120 658.2624:     [Version info resource found at 0xc8! (ID/Name: 0x1; SubID/SubName: 0x409)]
    121 658.2624:     [Raw version resource data: 0x86100 LB 0x3d4, codepage 0x4e4 (reserved 0x0)]
    122 658.2624:     ProductName:     Symantec CMC Firewall
    123 658.2624:     ProductVersion:  12.1.5337.5000
    124 658.2624:     FileVersion:     12.1.5337.5000
    125 658.2624:     FileDescription: Symantec CMC Firewall sysfer
    126 658.2624: \SystemRoot\System32\drivers\symevent64x86.sys:
    127 658.2624:     CreationTime:    2015-04-08T09:25:49.025658700Z
    128 658.2624:     LastWriteTime:   2015-06-02T08:16:03.334057100Z
    129 658.2624:     ChangeTime:      2015-06-02T08:16:03.334057100Z
    130 658.2624:     FileAttributes:  0x20
    131 658.2624:     Size:            0x2b658
    132 658.2624:     NT Headers:      0xe8
    133 658.2624:     Timestamp:       0x51f32ff2
    134 658.2624:     Machine:         0x8664 - amd64
    135 658.2624:     Timestamp:       0x51f32ff2
    136 658.2624:     Image Version:   6.0
    137 658.2624:     SizeOfImage:     0x38000 (229376)
    138 658.2624:     Resource Dir:    0x36000 LB 0x3c8
    139 658.2624:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
    140 658.2624:     [Raw version resource data: 0x360b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
    141 658.2624:     ProductName:     SYMEVENT
    142 658.2624:     ProductVersion:  12.9.5.2
    143 658.2624:     FileVersion:     12.9.5.2
    144 658.2624:     FileDescription: Symantec Event Library
    145 658.2624: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
    146 658.2624: Calling main()
    147 658.2624: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
    148 658.2624: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
    149 658.2624: SUPR3HardenedMain: Respawn #1
    150 658.2624: System32:  \Device\HarddiskVolume2\Windows\System32
    151 658.2624: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
    152 658.2624: KnownDllPath: C:\Windows\system32
    153 658.2624: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
    154 658.2624: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
    155 658.2624: supR3HardNtEnableThreadCreation:
    156 658.2624: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f3a360 pvNtTerminateThread=0000000076f5c260
    157 658.2624: supR3HardenedWinDoReSpawn(1): New child 15a4.5e8 [kernel32].
    158 658.2624: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
    159 658.2624: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076f10000 uNtDllChildAddr=0000000076f10000
    160 658.2624: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076f3a360
    161 658.2624: supR3HardenedWinSetupChildInit: Start child.
    162 658.2624: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
    163 658.2624: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
    164 658.2624: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
    165 658.2624:  *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
    166 658.2624:  *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
    167 658.2624:  *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
    168 658.2624:   0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
    169 658.2624:  *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
    170 658.2624:   0000000000041000-000000000005ffff 0x0001/0x0000 0x0000000
    171 658.2624:  *0000000000060000-0000000000060fff 0x0040/0x0040 0x0020000 !!
    172 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000060000 (LB 0x1000, 0000000000060000 LB 0x1000)
    173 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000060000/0000000000060000 LB 0/0x1000]
    174 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000060000 LB 0x1c0000 s=0x10000 ap=0x0 rp=0x00000000000001
    175 658.2624:   0000000000061000-000000000021ffff 0x0001/0x0000 0x0000000
    176 658.2624:  *0000000000220000-000000000031bfff 0x0000/0x0004 0x0020000
    177 658.2624:   000000000031c000-000000000031dfff 0x0104/0x0004 0x0020000
    178 658.2624:   000000000031e000-000000000031ffff 0x0004/0x0004 0x0020000
    179 658.2624:   0000000000320000-0000000071a9ffff 0x0001/0x0000 0x0000000
    180 658.2624:  *0000000071aa0000-0000000071aa0fff 0x0040/0x0040 0x0020000 !!
    181 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000071aa0000 (LB 0x1000, 0000000071aa0000 LB 0x1000)
    182 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000071aa0000/0000000071aa0000 LB 0/0x1000]
    183 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000071aa0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
    184 658.2624:   0000000071aa1000-0000000071aaffff 0x0001/0x0000 0x0000000
    185 658.2624:  *0000000071ab0000-0000000071ab0fff 0x0040/0x0040 0x0020000 !!
    186 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000071ab0000 (LB 0x1000, 0000000071ab0000 LB 0x1000)
    187 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000071ab0000/0000000071ab0000 LB 0/0x1000]
    188 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000071ab0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
    189 658.2624:   0000000071ab1000-0000000071abffff 0x0001/0x0000 0x0000000
    190 658.2624:  *0000000071ac0000-0000000071ac0fff 0x0040/0x0040 0x0020000 !!
    191 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000071ac0000 (LB 0x1000, 0000000071ac0000 LB 0x1000)
    192 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000071ac0000/0000000071ac0000 LB 0/0x1000]
    193 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000071ac0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
    194 658.2624:   0000000071ac1000-0000000071acffff 0x0001/0x0000 0x0000000
    195 658.2624:  *0000000071ad0000-0000000071ad0fff 0x0040/0x0040 0x0020000 !!
    196 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000071ad0000 (LB 0x1000, 0000000071ad0000 LB 0x1000)
    197 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000071ad0000/0000000071ad0000 LB 0/0x1000]
    198 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000071ad0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
    199 658.2624:   0000000071ad1000-0000000071adffff 0x0001/0x0000 0x0000000
    200 658.2624:  *0000000071ae0000-0000000071ae0fff 0x0040/0x0040 0x0020000 !!
    201 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000071ae0000 (LB 0x1000, 0000000071ae0000 LB 0x1000)
    202 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000071ae0000/0000000071ae0000 LB 0/0x1000]
    203 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000071ae0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
    204 658.2624:   0000000071ae1000-0000000071aeffff 0x0001/0x0000 0x0000000
    205 658.2624:  *0000000071af0000-0000000071af0fff 0x0040/0x0040 0x0020000 !!
    206 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000071af0000 (LB 0x1000, 0000000071af0000 LB 0x1000)
    207 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000071af0000/0000000071af0000 LB 0/0x1000]
    208 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000071af0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
    209 658.2624:   0000000071af1000-0000000071afffff 0x0001/0x0000 0x0000000
    210 658.2624:  *0000000071b00000-0000000071b00fff 0x0040/0x0040 0x0020000 !!
    211 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000071b00000 (LB 0x1000, 0000000071b00000 LB 0x1000)
    212 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000071b00000/0000000071b00000 LB 0/0x1000]
    213 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000071b00000 LB 0x5410000 s=0x10000 ap=0x0 rp=0x00000000000001
    214 658.2624:   0000000071b01000-0000000076f0ffff 0x0001/0x0000 0x0000000
    215 658.2624:  *0000000076f10000-0000000076f10fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    216 658.2624:   0000000076f11000-000000007700dfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    217 658.2624:   000000007700e000-000000007703cfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    218 658.2624:   000000007703d000-0000000077046fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    219 658.2624:   0000000077047000-0000000077047fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    220 658.2624:   0000000077048000-000000007704afff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    221 658.2624:   000000007704b000-00000000770b9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    222 658.2624:   00000000770ba000-000000007efdffff 0x0001/0x0000 0x0000000
    223 658.2624:  *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
    224 658.2624:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
    225 658.2624:   000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
    226 658.2624:   000000007fff0000-000000013fddffff 0x0001/0x0000 0x0000000
    227 658.2624:  *000000013fde0000-000000013fde0fff 0x0040/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    228 658.2624:   000000013fde1000-000000013fe50fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    229 658.2624:   000000013fe51000-000000013fe51fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    230 658.2624:   000000013fe52000-000000013fe96fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    231 658.2624:   000000013fe97000-000000013fe97fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    232 658.2624:   000000013fe98000-000000013fe98fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    233 658.2624:   000000013fe99000-000000013fe9dfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    234 658.2624:   000000013fe9e000-000000013fe9efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    235 658.2624:   000000013fe9f000-000000013fe9ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    236 658.2624:   000000013fea0000-000000013fea3fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    237 658.2624:   000000013fea4000-000000013feebfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    238 658.2624:   000000013feec000-000000013feeffff 0x0001/0x0000 0x0000000
    239 658.2624:  *000000013fef0000-000000013fef0fff 0x0040/0x0040 0x0020000 !!
    240 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000000013fef0000 (LB 0x1000, 000000013fef0000 LB 0x1000)
    241 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000013fef0000/000000013fef0000 LB 0/0x1000]
    242 658.2624: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000013fef0000 LB 0x7fdbf340000 s=0x10000 ap=0x0 rp=0x00000000000001
    243 658.2624:   000000013fef1000-000007feff22ffff 0x0001/0x0000 0x0000000
    244 658.2624:  *000007feff230000-000007feff230fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
    245 658.2624:   000007feff231000-000007fffffaffff 0x0001/0x0000 0x0000000
    246 658.2624:  *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
    247 658.2624:   000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
    248 658.2624:  *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
    249 658.2624:  *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
    250 658.2624:  *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
    251 658.2624: apisetschema.dll: timestamp 0x590296af (rc=VINF_SUCCESS)
    252 658.2624: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
    253 658.2624: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
    254 658.2624: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
    255 658.2624:   000000013fde0162 / 0x0000162: 00 != 11
    256 658.2624:   000000013fde0164 / 0x0000164: 00 != b8
    257 658.2624:   000000013fde0165 / 0x0000165: 00 != 01
    258 658.2624:   000000013fde01b8 / 0x00001b8: 00 != b8
    259 658.2624:   000000013fde01b9 / 0x00001b9: 00 != 01
    260 658.2624:   000000013fde01ba / 0x00001ba: 00 != 11
    261 658.2624:   000000013fde01bc / 0x00001bc: 00 != 20
    262 658.2624:   Restored 0x400 bytes of original file content at 000000013fde0000
    263 658.2624: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
    264 658.2624: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
    265 658.2624: ntdll.dll: Differences in section #1 (.text) between file and memory:
    266 658.2624:   0000000076f5d540 / 0x004d540: 4c != e9
    267 658.2624:   0000000076f5d541 / 0x004d541: 8b != bb
    268 658.2624:   0000000076f5d542 / 0x004d542: d1 != 2a
    269 658.2624:   0000000076f5d543 / 0x004d543: b8 != b4
    270 658.2624:   0000000076f5d544 / 0x004d544: 7e != fa
    271 658.2624:   Restored 0x2000 bytes of original file content at 0000000076f5c36e
    272 658.2624: supR3HardNtChildPurify: cFixes=11 g_fSupAdversaries=0x3 cPatchCount=0
    273 658.2624: supR3HardNtChildPurify: Startup delay kludge #1/1: 515 ms, 33 sleeps
    274 658.2624: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
    275 658.2624:  *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
    276 658.2624:  *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
    277 658.2624:  *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
    278 658.2624:   0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
    279 658.2624:  *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
    280 658.2624:   0000000000041000-000000000021ffff 0x0001/0x0000 0x0000000
    281 658.2624:  *0000000000220000-000000000031bfff 0x0000/0x0004 0x0020000
    282 658.2624:   000000000031c000-000000000031dfff 0x0104/0x0004 0x0020000
    283 658.2624:   000000000031e000-000000000031ffff 0x0004/0x0004 0x0020000
    284 658.2624:   0000000000320000-0000000076f0ffff 0x0001/0x0000 0x0000000
    285 658.2624:  *0000000076f10000-0000000076f10fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    286 658.2624:   0000000076f11000-000000007700dfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    287 658.2624:   000000007700e000-000000007703cfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    288 658.2624:   000000007703d000-0000000077046fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    289 658.2624:   0000000077047000-0000000077047fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    290 658.2624:   0000000077048000-0000000077048fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    291 658.2624:   0000000077049000-000000007704afff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    292 658.2624:   000000007704b000-00000000770b9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
    293 658.2624:   00000000770ba000-000000007efdffff 0x0001/0x0000 0x0000000
    294 658.2624:  *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
    295 658.2624:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
    296 658.2624:   000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
    297 658.2624:   000000007fff0000-000000013fddffff 0x0001/0x0000 0x0000000
    298 658.2624:  *000000013fde0000-000000013fde0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    299 658.2624:   000000013fde1000-000000013fe50fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    300 658.2624:   000000013fe51000-000000013fe51fff 0x0040/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    301 658.2624:   000000013fe52000-000000013fe96fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    302 658.2624:   000000013fe97000-000000013fea3fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    303 658.2624:   000000013fea4000-000000013feebfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
    304 658.2624:   000000013feec000-000007feff22ffff 0x0001/0x0000 0x0000000
    305 658.2624:  *000007feff230000-000007feff230fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
    306 658.2624:   000007feff231000-000007fffffaffff 0x0001/0x0000 0x0000000
    307 658.2624:  *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
    308 658.2624:   000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
    309 658.2624:  *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
    310 658.2624:  *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
    311 658.2624:  *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
    312 658.2624: supR3HardNtChildPurify: Done after 4786 ms and 11 fixes (loop #1).
    313 658.2624: supR3HardNtEnableThreadCreation:
    314 15a4.5e8: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
    315 15a4.5e8: supR3HardenedVmProcessInit: uNtDllAddr=0000000076f10000 g_uNtVerCombined=0x611db100
    316 15a4.5e8: ntdll.dll: timestamp 0x590296ce (rc=VINF_SUCCESS)
    317 15a4.5e8: New simple heap: #1 0000000000320000 LB 0x400000 (for 1744896 allocation)
    318 15a4.5e8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
    319 15a4.5e8: System32:  \Device\HarddiskVolume2\Windows\System32
    320 15a4.5e8: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
    321 15a4.5e8: KnownDllPath: C:\Windows\system32
    322 15a4.5e8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
    323 15a4.5e8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
    324 15a4.5e8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
    325 15a4.5e8: Registered Dll notification callback with NTDLL.
    326 15a4.5e8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
    327 15a4.5e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
    328 15a4.5e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
    329 15a4.5e8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
    330 15a4.5e8: supR3HardenedDllNotificationCallback: load   0000000076df0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
    331 15a4.5e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
    332 15a4.5e8: supR3HardenedDllNotificationCallback: load   000007fefcc60000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
    333 15a4.5e8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
    334 15a4.5e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
    335 15a4.5e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076df0000 'C:\Windows\system32\kernel32.dll'
    336 658.2624: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 796 ms, CloseEvents);
    337 
    338 
    339 Robert
     3(removed pasted log)

© 2023 Oracle
ContactPrivacy policyTerms of Use