VirtualBox

Ticket #16129: VBoxHardening.log

File VBoxHardening.log, 11.8 KB (added by KennethB, 8 years ago)

VBoxHardening.log

Line 
13700.22cc: Log file opened: 5.1.8r111374 g_hStartupLog=0000000000000060 g_uNtVerCombined=0xa03a6b00
23700.22cc: \SystemRoot\System32\ntdll.dll:
33700.22cc: CreationTime: 2016-10-21T07:57:39.324857200Z
43700.22cc: LastWriteTime: 2016-10-21T07:57:39.324857200Z
53700.22cc: ChangeTime: 2016-10-27T01:52:35.097173800Z
63700.22cc: FileAttributes: 0x20
73700.22cc: Size: 0x1cce58
83700.22cc: NT Headers: 0xe0
93700.22cc: Timestamp: 0x58098590
103700.22cc: Machine: 0x8664 - amd64
113700.22cc: Timestamp: 0x58098590
123700.22cc: Image Version: 10.0
133700.22cc: SizeOfImage: 0x1d1000 (1904640)
143700.22cc: Resource Dir: 0x168000 LB 0x67da8
153700.22cc: ProductName: Microsoft® Windows® Operating System
163700.22cc: ProductVersion: 10.0.14955.1000
173700.22cc: FileVersion: 10.0.14955.1000 (rs_prerelease.161020-1700)
183700.22cc: FileDescription: NT Layer DLL
193700.22cc: \SystemRoot\System32\kernel32.dll:
203700.22cc: CreationTime: 2016-10-21T07:57:05.509692700Z
213700.22cc: LastWriteTime: 2016-10-21T07:57:05.509692700Z
223700.22cc: ChangeTime: 2016-10-27T01:52:34.425298000Z
233700.22cc: FileAttributes: 0x20
243700.22cc: Size: 0xa9d90
253700.22cc: NT Headers: 0xf0
263700.22cc: Timestamp: 0x580989a0
273700.22cc: Machine: 0x8664 - amd64
283700.22cc: Timestamp: 0x580989a0
293700.22cc: Image Version: 10.0
303700.22cc: SizeOfImage: 0xac000 (704512)
313700.22cc: Resource Dir: 0xaa000 LB 0x528
323700.22cc: ProductName: Microsoft® Windows® Operating System
333700.22cc: ProductVersion: 10.0.14955.1000
343700.22cc: FileVersion: 10.0.14955.1000 (rs_prerelease.161020-1700)
353700.22cc: FileDescription: Windows NT BASE API Client DLL
363700.22cc: \SystemRoot\System32\KernelBase.dll:
373700.22cc: CreationTime: 2016-10-21T07:57:38.809191200Z
383700.22cc: LastWriteTime: 2016-10-21T07:57:38.809191200Z
393700.22cc: ChangeTime: 2016-10-27T01:52:34.440923000Z
403700.22cc: FileAttributes: 0x20
413700.22cc: Size: 0x230200
423700.22cc: NT Headers: 0x100
433700.22cc: Timestamp: 0x580985bd
443700.22cc: Machine: 0x8664 - amd64
453700.22cc: Timestamp: 0x580985bd
463700.22cc: Image Version: 10.0
473700.22cc: SizeOfImage: 0x231000 (2297856)
483700.22cc: Resource Dir: 0x213000 LB 0x550
493700.22cc: ProductName: Microsoft® Windows® Operating System
503700.22cc: ProductVersion: 10.0.14955.1000
513700.22cc: FileVersion: 10.0.14955.1000 (rs_prerelease.161020-1700)
523700.22cc: FileDescription: Windows NT BASE API Client DLL
533700.22cc: \SystemRoot\System32\apisetschema.dll:
543700.22cc: CreationTime: 2016-10-21T07:57:38.496665800Z
553700.22cc: LastWriteTime: 2016-10-21T07:57:38.496665800Z
563700.22cc: ChangeTime: 2016-10-27T01:52:33.237795400Z
573700.22cc: FileAttributes: 0x20
583700.22cc: Size: 0x19310
593700.22cc: NT Headers: 0xc8
603700.22cc: Timestamp: 0x58098c18
613700.22cc: Machine: 0x8664 - amd64
623700.22cc: Timestamp: 0x58098c18
633700.22cc: Image Version: 10.0
643700.22cc: SizeOfImage: 0x1b000 (110592)
653700.22cc: Resource Dir: 0x1a000 LB 0x418
663700.22cc: ProductName: Microsoft® Windows® Operating System
673700.22cc: ProductVersion: 10.0.14955.1000
683700.22cc: FileVersion: 10.0.14955.1000 (rs_prerelease.161020-1700)
693700.22cc: FileDescription: ApiSet Schema DLL
703700.22cc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
713700.22cc: supR3HardenedWinFindAdversaries: 0x0
723700.22cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
733700.22cc: Calling main()
743700.22cc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
753700.22cc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
763700.22cc: SUPR3HardenedMain: Respawn #1
773700.22cc: System32: \Device\HarddiskVolume2\Windows\System32
783700.22cc: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
793700.22cc: KnownDllPath: C:\WINDOWS\System32
803700.22cc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
813700.22cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
823700.22cc: supR3HardNtEnableThreadCreation:
833700.22cc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa9eb6ae70 pvNtTerminateThread=00007ffa9eb930b0
843700.22cc: supR3HardenedWinDoReSpawn(1): New child 38b8.3810 [kernel32].
853700.22cc: supR3HardNtChildGatherData: PebBaseAddress=00000000011cf000 cbPeb=0x388
863700.22cc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa9eaf0000 uNtDllChildAddr=00007ffa9eaf0000
873700.22cc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa9eb6ae70
883700.22cc: supR3HardenedWinSetupChildInit: Start child.
893700.22cc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
903700.22cc: supR3HardNtChildPurify: Startup delay kludge #1/0: 258 ms, 30 sleeps
913700.22cc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
923700.22cc: *0000000000000000-ffffffffff13ffff 0x0001/0x0000 0x0000000
933700.22cc: *0000000000ec0000-0000000000e9ffff 0x0004/0x0004 0x0020000
943700.22cc: *0000000000ee0000-0000000000ec7fff 0x0002/0x0002 0x0040000
953700.22cc: 0000000000ef8000-0000000000eeffff 0x0001/0x0000 0x0000000
963700.22cc: *0000000000f00000-0000000000e04fff 0x0000/0x0004 0x0020000
973700.22cc: 0000000000ffb000-0000000000ff7fff 0x0104/0x0004 0x0020000
983700.22cc: 0000000000ffe000-0000000000ffbfff 0x0004/0x0004 0x0020000
993700.22cc: *0000000001000000-0000000000e30fff 0x0000/0x0004 0x0020000
1003700.22cc: 00000000011cf000-00000000011cbfff 0x0004/0x0004 0x0020000
1013700.22cc: 00000000011d2000-00000000011a3fff 0x0000/0x0004 0x0020000
1023700.22cc: *0000000001200000-00000000011fbfff 0x0002/0x0002 0x0040000
1033700.22cc: 0000000001204000-00000000011f7fff 0x0001/0x0000 0x0000000
1043700.22cc: *0000000001210000-000000000120dfff 0x0004/0x0004 0x0020000
1053700.22cc: 0000000001212000-ffffffff82443fff 0x0001/0x0000 0x0000000
1063700.22cc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1073700.22cc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1083700.22cc: 000000007fff0000-ffff8009cc1fffff 0x0001/0x0000 0x0000000
1093700.22cc: *00007ff733de0000-00007ff733dbcfff 0x0002/0x0002 0x0040000
1103700.22cc: 00007ff733e03000-00007ff733415fff 0x0001/0x0000 0x0000000
1113700.22cc: *00007ff7347f0000-00007ff7347f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1123700.22cc: 00007ff7347f1000-00007ff73485ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1133700.22cc: 00007ff734860000-00007ff734860fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1143700.22cc: 00007ff734861000-00007ff7348a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1153700.22cc: 00007ff7348a6000-00007ff7348a6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1163700.22cc: 00007ff7348a7000-00007ff7348a7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1173700.22cc: 00007ff7348a8000-00007ff7348acfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1183700.22cc: 00007ff7348ad000-00007ff7348adfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1193700.22cc: 00007ff7348ae000-00007ff7348aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1203700.22cc: 00007ff7348af000-00007ff7348b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1213700.22cc: 00007ff7348b3000-00007ff7348fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1223700.22cc: 00007ff7348fb000-00007ff3ca705fff 0x0001/0x0000 0x0000000
1233700.22cc: *00007ffa9eaf0000-00007ffa9eaf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1243700.22cc: 00007ffa9eaf1000-00007ffa9ebf8fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1253700.22cc: 00007ffa9ebf9000-00007ffa9ec3cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1263700.22cc: 00007ffa9ec3d000-00007ffa9ec44fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1273700.22cc: 00007ffa9ec45000-00007ffa9ec52fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1283700.22cc: 00007ffa9ec53000-00007ffa9ec53fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1293700.22cc: 00007ffa9ec54000-00007ffa9ec56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1303700.22cc: 00007ffa9ec57000-00007ffa9ecc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1313700.22cc: 00007ffa9ecc1000-00007ff53d9a1fff 0x0001/0x0000 0x0000000
1323700.22cc: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
1333700.22cc: VirtualBox.exe: timestamp 0x58062715 (rc=VINF_SUCCESS)
1343700.22cc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1353700.22cc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1363700.22cc: supR3HardNtChildPurify: Done after 291 ms and 0 fixes (loop #0).
13738b8.3810: Log file opened: 5.1.8r111374 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03a6b00
13838b8.3810: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa9eaf0000 g_uNtVerCombined=0xa03a6b00
13938b8.3810: ntdll.dll: timestamp 0x58098590 (rc=VINF_SUCCESS)
14038b8.3810: New simple heap: #1 0000000001320000 LB 0x400000 (for 1904640 allocation)
1413700.22cc: supR3HardNtEnableThreadCreation:
14238b8.3810: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
14338b8.3810: System32: \Device\HarddiskVolume2\Windows\System32
14438b8.3810: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
14538b8.3810: KnownDllPath: C:\WINDOWS\System32
14638b8.3810: supR3HardenedVmProcessInit: Opening vboxdrv stub...
14738b8.3810: supR3HardenedWinReadErrorInfoDevice: 'Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 5e 0a 80 01 00 00 00 08 70 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume2\Windows\System32\ntdll.dll').'
14838b8.3810: Error -626 in supR3HardenedWinReSpawn! (enmWhat=3)
14938b8.3810: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e)
150VBoxDrvStub error: Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 5e 0a 80 01 00 00 00 08 70 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume2\Windows\System32\ntdll.dll').
1513700.22cc: supR3HardenedWinCheckChild: enmRequest=2 rc=-626 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e)
152VBoxDrvStub error: Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 5e 0a 80 01 00 00 00 08 70 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume2\Windows\System32\ntdll.dll').
1533700.22cc: Error -626 in supR3HardenedWinReSpawn! (enmWhat=3)
1543700.22cc: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -626 (0xfffffd8e) (rcNt=0xe986fd8e)
155VBoxDrvStub error: Grown load config (192 to 232 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 5e 0a 80 01 00 00 00 08 70 16 80 01 00 00 00 00 00 00 00 00 00 00 00RTLdrOpenWithReader failed: -626 (Image='\Device\HarddiskVolume2\Windows\System32\ntdll.dll').

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy