VirtualBox

Ticket #17640 (new defect)

Opened 4 years ago

Last modified 4 years ago

supR3HardenedWinReSpawn VERR_INVALID_NAME on specific driver paths

Reported by: latifrons Owned by:
Component: other Version: VirtualBox 5.2.8
Keywords: Hardening Cc:
Guest type: all Host type: Windows

Description

When Hardening rejecting DLL with name like "\Device\HarddiskVolume6\opt\adguolvds\glhp64.dll", an error will always show as below and none of the VM can be started.

VirtualBox - Error In supR3HardenedWinReSpawn Error relaunching VirtualBox VM process: 5 Command line: '60eaff78-4bdd-042d-2e72-669728efd737-suplib-3rdchild --comment Windows10 --startvm 1e2c22cb-276b-43b0-9049-1e50628f9490 --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\latifrons\VirtualBox VMs\Windows10\LogsWBoxHardening.log's (rc=-104) Please try reinstalling VirtualBox. where: supR3HardenedWinReSpawn what: 5 VERR_INVALID_NAME (-104) -Invalid (malformed) file/path name.

VBoxHardening.log:

4530.4674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume6\opt\adguolvds\glhp64.dll [lacks WinVerifyTrust]
4530.4674: Error (rc=0):
4530.4674: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1024 \Device\HarddiskVolume6\opt\adguolvds\glhp64.dll
4530.4674: Error (rc=0):
4530.4674: supR3HardenedMonitor_LdrLoadDll: rejecting 'D:\opt\adguolvds\glhp64.dll' (D:\opt\adguolvds\glhp64.dll): rcNt=0xc0000190
4530.4674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'D:\opt\adguolvds\glhp64.dll'
4530.4674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume6\opt\adguolvds\glhp64.dll [lacks WinVerifyTrust]
4530.4674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume6\opt\adguolvds\glhp64.dll [lacks WinVerifyTrust]WinVerifyTrust]\Device\HarddiskVolume6\opt\adguolvds\glhp64.dll [lacks WinVerifyTrust]
4530.4674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume6\opt\adguolvds\glhp64.dll [lacks WinVerifyTrust]
4788.4444: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 129076 ms, the end);

Seems that file path beginning with \Device is not supported?

How to get this dll: Goto  http://www.admon.cn and download the installer at the bottom of the page. This software is a low level ad removing tool which hooks many processes. D:\opt\adguolvds\glhp64.dll is its dll hook.

For those who comes here from Google: Just remove this software and your VirtualBox will be fine.

Change History

comment:1 in reply to: ↑ description Changed 4 years ago by socratis

Replying to latifrons:

This software is a low level ad removing tool which hooks many processes. D:\opt\adguolvds\glhp64.dll is its dll hook.

As you already figured out, that's exactly the problem; it hooks on processes without being properly signed. This is not allowed by VirtualBox.

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use