VirtualBox

Ticket #15505: VBoxHardening.log

File VBoxHardening.log, 10.3 KB (added by ds203, 8 years ago)

VBoxHardening.log

Line 
1f4.1858: Log file opened: 5.0.20r106931 g_hStartupLog=0000000000000084 g_uNtVerCombined=0xa0295a00
2f4.1858: \SystemRoot\System32\ntdll.dll:
3f4.1858: CreationTime: 2016-05-24T11:23:17.033864600Z
4f4.1858: LastWriteTime: 2016-04-23T05:24:28.464629900Z
5f4.1858: ChangeTime: 2016-05-24T12:41:34.595936100Z
6f4.1858: FileAttributes: 0x20
7f4.1858: Size: 0x1bc248
8f4.1858: NT Headers: 0xe0
9f4.1858: Timestamp: 0x571af2eb
10f4.1858: Machine: 0x8664 - amd64
11f4.1858: Timestamp: 0x571af2eb
12f4.1858: Image Version: 10.0
13f4.1858: SizeOfImage: 0x1c1000 (1839104)
14f4.1858: Resource Dir: 0x159000 LB 0x66218
15f4.1858: ProductName: Microsoft® Windows® Operating System
16f4.1858: ProductVersion: 10.0.10586.306
17f4.1858: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
18f4.1858: FileDescription: NT Layer DLL
19f4.1858: \SystemRoot\System32\kernel32.dll:
20f4.1858: CreationTime: 2015-10-30T07:17:46.221743200Z
21f4.1858: LastWriteTime: 2015-10-30T07:17:46.221743200Z
22f4.1858: ChangeTime: 2016-05-24T13:37:16.549608400Z
23f4.1858: FileAttributes: 0x20
24f4.1858: Size: 0xac430
25f4.1858: NT Headers: 0xf0
26f4.1858: Timestamp: 0x5632d5aa
27f4.1858: Machine: 0x8664 - amd64
28f4.1858: Timestamp: 0x5632d5aa
29f4.1858: Image Version: 10.0
30f4.1858: SizeOfImage: 0xad000 (708608)
31f4.1858: Resource Dir: 0xab000 LB 0x528
32f4.1858: ProductName: Microsoft® Windows® Operating System
33f4.1858: ProductVersion: 10.0.10586.0
34f4.1858: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
35f4.1858: FileDescription: Windows NT BASE API Client DLL
36f4.1858: \SystemRoot\System32\KernelBase.dll:
37f4.1858: CreationTime: 2016-05-24T11:24:05.220372200Z
38f4.1858: LastWriteTime: 2016-04-23T05:24:41.063286800Z
39f4.1858: ChangeTime: 2016-05-24T12:41:33.611507200Z
40f4.1858: FileAttributes: 0x20
41f4.1858: Size: 0x1e7a10
42f4.1858: NT Headers: 0xf0
43f4.1858: Timestamp: 0x571af331
44f4.1858: Machine: 0x8664 - amd64
45f4.1858: Timestamp: 0x571af331
46f4.1858: Image Version: 10.0
47f4.1858: SizeOfImage: 0x1e8000 (1998848)
48f4.1858: Resource Dir: 0x1d1000 LB 0x548
49f4.1858: ProductName: Microsoft® Windows® Operating System
50f4.1858: ProductVersion: 10.0.10586.306
51f4.1858: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
52f4.1858: FileDescription: Windows NT BASE API Client DLL
53f4.1858: \SystemRoot\System32\apisetschema.dll:
54f4.1858: CreationTime: 2015-10-30T07:17:57.502957900Z
55f4.1858: LastWriteTime: 2015-10-30T07:17:57.502957900Z
56f4.1858: ChangeTime: 2016-05-24T13:37:15.315173200Z
57f4.1858: FileAttributes: 0x20
58f4.1858: Size: 0x16d60
59f4.1858: NT Headers: 0xc8
60f4.1858: Timestamp: 0x5632d94c
61f4.1858: Machine: 0x8664 - amd64
62f4.1858: Timestamp: 0x5632d94c
63f4.1858: Image Version: 10.0
64f4.1858: SizeOfImage: 0x18000 (98304)
65f4.1858: Resource Dir: 0x17000 LB 0x400
66f4.1858: ProductName: Microsoft® Windows® Operating System
67f4.1858: ProductVersion: 10.0.10586.0
68f4.1858: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
69f4.1858: FileDescription: ApiSet Schema DLL
70f4.1858: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71f4.1858: supR3HardenedWinFindAdversaries: 0x0
72f4.1858: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
73f4.1858: Calling main()
74f4.1858: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
75f4.1858: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
76f4.1858: SUPR3HardenedMain: Respawn #1
77f4.1858: System32: \Device\HarddiskVolume4\Windows\System32
78f4.1858: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
79f4.1858: KnownDllPath: C:\WINDOWS\system32
80f4.1858: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
81f4.1858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
82f4.1858: supR3HardNtEnableThreadCreation:
83f4.1858: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd6f9f6d50 pvNtTerminateThread=00007ffd6fa25b30
84f4.1858: supR3HardenedWinDoReSpawn(1): New child 173c.100 [kernel32].
85f4.1858: supR3HardNtChildGatherData: PebBaseAddress=00000000003e8000 cbPeb=0x388
86f4.1858: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd6f980000 uNtDllChildAddr=00007ffd6f980000
87f4.1858: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd6f9f6d50
88f4.1858: supR3HardenedWinSetupChildInit: Start child.
89f4.1858: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
90f4.1858: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 29 sleeps
91f4.1858: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
92f4.1858: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
93f4.1858: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
94f4.1858: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000
95f4.1858: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000
96f4.1858: *0000000000050000-fffffffffff54fff 0x0000/0x0004 0x0020000
97f4.1858: 000000000014b000-0000000000147fff 0x0104/0x0004 0x0020000
98f4.1858: 000000000014e000-000000000014bfff 0x0004/0x0004 0x0020000
99f4.1858: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000
100f4.1858: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000
101f4.1858: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000
102f4.1858: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000
103f4.1858: *0000000000200000-0000000000017fff 0x0000/0x0004 0x0020000
104f4.1858: 00000000003e8000-00000000003e4fff 0x0004/0x0004 0x0020000
105f4.1858: 00000000003eb000-00000000003d5fff 0x0000/0x0004 0x0020000
106f4.1858: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000
107f4.1858: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
108f4.1858: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
109f4.1858: 000000007fff0000-ffff800936d2ffff 0x0001/0x0000 0x0000000
110f4.1858: *00007ff7c92b0000-00007ff7c92aefff 0x0040/0x0040 0x0020000 !!
111f4.1858: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff7c92b0000 (LB 0x1000, 00007ff7c92b0000 LB 0x1000)
112f4.1858: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff7c92b0000/00007ff7c92b0000 LB 0/0x1000]
113f4.1858: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff7c92b0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00400100000001
114f4.1858: 00007ff7c92b1000-00007ff7c92a1fff 0x0001/0x0000 0x0000000
115f4.1858: *00007ff7c92c0000-00007ff7c929cfff 0x0002/0x0002 0x0040000
116f4.1858: 00007ff7c92e3000-00007ff7c9275fff 0x0001/0x0000 0x0000000
117f4.1858: *00007ff7c9350000-00007ff7c9350fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
118f4.1858: 00007ff7c9351000-00007ff7c93c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
119f4.1858: 00007ff7c93c1000-00007ff7c93c1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
120f4.1858: 00007ff7c93c2000-00007ff7c9406fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
121f4.1858: 00007ff7c9407000-00007ff7c9407fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
122f4.1858: 00007ff7c9408000-00007ff7c9408fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
123f4.1858: 00007ff7c9409000-00007ff7c940dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
124f4.1858: 00007ff7c940e000-00007ff7c940efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
125f4.1858: 00007ff7c940f000-00007ff7c940ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
126f4.1858: 00007ff7c9410000-00007ff7c9413fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
127f4.1858: 00007ff7c9414000-00007ff7c945bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE
128f4.1858: 00007ff7c945c000-00007ff222f37fff 0x0001/0x0000 0x0000000
129f4.1858: *00007ffd6f980000-00007ffd6f980fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
130f4.1858: 00007ffd6f981000-00007ffd6fa7dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
131f4.1858: 00007ffd6fa7e000-00007ffd6fabefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
132f4.1858: 00007ffd6fabf000-00007ffd6fac7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
133f4.1858: 00007ffd6fac8000-00007ffd6fad4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
134f4.1858: 00007ffd6fad5000-00007ffd6fad5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
135f4.1858: 00007ffd6fad6000-00007ffd6fad8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
136f4.1858: 00007ffd6fad9000-00007ffd6fb40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
137f4.1858: 00007ffd6fb41000-00007ffadf6a1fff 0x0001/0x0000 0x0000000
138f4.1858: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
139f4.1858: VirtualBox.exe: timestamp 0x57220aaf (rc=VINF_SUCCESS)
140f4.1858: Error (rc=-5618):
141f4.1858: Process image name does not match the exectuable we found: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe vs \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE.
142f4.1858: Error (rc=-5618):
143f4.1858: supHardenedWinVerifyProcess failed with Unknown Status -5618 (0xffffea0e): Process image name does not match the exectuable we found: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe vs \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE.
144f4.1858: Error -5618 in supR3HardNtChildPurify! (enmWhat=5)
145f4.1858: supHardenedWinVerifyProcess failed with Unknown Status -5618 (0xffffea0e): Process image name does not match the exectuable we found: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe vs \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE.
146f4.1858: supR3HardNtEnableThreadCreation:

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy