VirtualBox

Ticket #16259: VBoxHardening_V5.1.12.log

File VBoxHardening_V5.1.12.log, 13.2 KB (added by Stacy Petruzzi, 8 years ago)

Retested with 5.1.12, attached.

Line 
1131c.16ec: Log file opened: 5.1.12r112440 g_hStartupLog=0000000000000024 g_uNtVerCombined=0x611db110
2131c.16ec: \SystemRoot\System32\ntdll.dll:
3131c.16ec: CreationTime: 2016-11-15T03:52:07.871093700Z
4131c.16ec: LastWriteTime: 2016-10-07T15:35:29.838228900Z
5131c.16ec: ChangeTime: 2016-11-15T17:14:06.626953100Z
6131c.16ec: FileAttributes: 0x20
7131c.16ec: Size: 0x1a7100
8131c.16ec: NT Headers: 0xe0
9131c.16ec: Timestamp: 0x57f7c06e
10131c.16ec: Machine: 0x8664 - amd64
11131c.16ec: Timestamp: 0x57f7c06e
12131c.16ec: Image Version: 6.1
13131c.16ec: SizeOfImage: 0x1aa000 (1744896)
14131c.16ec: Resource Dir: 0x14e000 LB 0x5a028
15131c.16ec: ProductName: Microsoft® Windows® Operating System
16131c.16ec: ProductVersion: 6.1.7601.23569
17131c.16ec: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
18131c.16ec: FileDescription: NT Layer DLL
19131c.16ec: \SystemRoot\System32\kernel32.dll:
20131c.16ec: CreationTime: 2016-11-15T03:52:07.011718700Z
21131c.16ec: LastWriteTime: 2016-10-07T15:32:25.787000000Z
22131c.16ec: ChangeTime: 2016-11-15T17:14:08.330078100Z
23131c.16ec: FileAttributes: 0x20
24131c.16ec: Size: 0x11c000
25131c.16ec: NT Headers: 0xe0
26131c.16ec: Timestamp: 0x57f7c0b3
27131c.16ec: Machine: 0x8664 - amd64
28131c.16ec: Timestamp: 0x57f7c0b3
29131c.16ec: Image Version: 6.1
30131c.16ec: SizeOfImage: 0x11f000 (1175552)
31131c.16ec: Resource Dir: 0x116000 LB 0x528
32131c.16ec: ProductName: Microsoft® Windows® Operating System
33131c.16ec: ProductVersion: 6.1.7601.23569
34131c.16ec: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
35131c.16ec: FileDescription: Windows NT BASE API Client DLL
36131c.16ec: \SystemRoot\System32\KernelBase.dll:
37131c.16ec: CreationTime: 2016-11-15T03:52:39.089843700Z
38131c.16ec: LastWriteTime: 2016-10-07T15:32:25.802000000Z
39131c.16ec: ChangeTime: 2016-11-15T17:14:08.298828100Z
40131c.16ec: FileAttributes: 0x20
41131c.16ec: Size: 0x66800
42131c.16ec: NT Headers: 0xe8
43131c.16ec: Timestamp: 0x57f7c0b4
44131c.16ec: Machine: 0x8664 - amd64
45131c.16ec: Timestamp: 0x57f7c0b4
46131c.16ec: Image Version: 6.1
47131c.16ec: SizeOfImage: 0x6a000 (434176)
48131c.16ec: Resource Dir: 0x68000 LB 0x530
49131c.16ec: ProductName: Microsoft® Windows® Operating System
50131c.16ec: ProductVersion: 6.1.7601.23569
51131c.16ec: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
52131c.16ec: FileDescription: Windows NT BASE API Client DLL
53131c.16ec: \SystemRoot\System32\apisetschema.dll:
54131c.16ec: CreationTime: 2016-11-15T03:52:35.730468700Z
55131c.16ec: LastWriteTime: 2016-10-07T15:32:20.717000000Z
56131c.16ec: ChangeTime: 2016-11-15T17:14:06.533203100Z
57131c.16ec: FileAttributes: 0x20
58131c.16ec: Size: 0x1a00
59131c.16ec: NT Headers: 0xc0
60131c.16ec: Timestamp: 0x57f7c04d
61131c.16ec: Machine: 0x8664 - amd64
62131c.16ec: Timestamp: 0x57f7c04d
63131c.16ec: Image Version: 6.1
64131c.16ec: SizeOfImage: 0x50000 (327680)
65131c.16ec: Resource Dir: 0x30000 LB 0x3f8
66131c.16ec: ProductName: Microsoft® Windows® Operating System
67131c.16ec: ProductVersion: 6.1.7601.23569
68131c.16ec: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
69131c.16ec: FileDescription: ApiSet Schema DLL
70131c.16ec: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71131c.16ec: supR3HardenedWinFindAdversaries: 0x2003
72131c.16ec: \SystemRoot\System32\drivers\SysPlant.sys:
73131c.16ec: CreationTime: 2016-10-28T16:37:40.989750100Z
74131c.16ec: LastWriteTime: 2016-10-28T16:37:40.993750100Z
75131c.16ec: ChangeTime: 2016-10-28T16:37:40.993750100Z
76131c.16ec: FileAttributes: 0x20
77131c.16ec: Size: 0x2b9a8
78131c.16ec: NT Headers: 0x100
79131c.16ec: Timestamp: 0x576a282d
80131c.16ec: Machine: 0x8664 - amd64
81131c.16ec: Timestamp: 0x576a282d
82131c.16ec: Image Version: 5.0
83131c.16ec: SizeOfImage: 0x30000 (196608)
84131c.16ec: Resource Dir: 0x2e000 LB 0x498
85131c.16ec: ProductName: Symantec CMC Firewall
86131c.16ec: ProductVersion: 12.1.7004.6500
87131c.16ec: FileVersion: 12.1.7004.6500
88131c.16ec: FileDescription: Symantec CMC Firewall SysPlant
89131c.16ec: \SystemRoot\System32\sysfer.dll:
90131c.16ec: CreationTime: 2016-10-28T16:37:40.982750100Z
91131c.16ec: LastWriteTime: 2016-10-28T16:37:40.985750100Z
92131c.16ec: ChangeTime: 2016-10-28T16:37:40.985750100Z
93131c.16ec: FileAttributes: 0x20
94131c.16ec: Size: 0x73728
95131c.16ec: NT Headers: 0xf0
96131c.16ec: Timestamp: 0x576a2837
97131c.16ec: Machine: 0x8664 - amd64
98131c.16ec: Timestamp: 0x576a2837
99131c.16ec: Image Version: 0.0
100131c.16ec: SizeOfImage: 0x89000 (561152)
101131c.16ec: Resource Dir: 0x87000 LB 0x630
102131c.16ec: ProductName: Symantec CMC Firewall
103131c.16ec: ProductVersion: 12.1.7004.6500
104131c.16ec: FileVersion: 12.1.7004.6500
105131c.16ec: FileDescription: Symantec CMC Firewall sysfer
106131c.16ec: \SystemRoot\System32\drivers\symevent64x86.sys:
107131c.16ec: CreationTime: 2016-10-22T00:25:28.223745900Z
108131c.16ec: LastWriteTime: 2016-10-28T16:38:07.563750100Z
109131c.16ec: ChangeTime: 2016-10-28T16:38:07.563750100Z
110131c.16ec: FileAttributes: 0x20
111131c.16ec: Size: 0x2b8d8
112131c.16ec: NT Headers: 0xe8
113131c.16ec: Timestamp: 0x54b87d44
114131c.16ec: Machine: 0x8664 - amd64
115131c.16ec: Timestamp: 0x54b87d44
116131c.16ec: Image Version: 6.0
117131c.16ec: SizeOfImage: 0x38000 (229376)
118131c.16ec: Resource Dir: 0x36000 LB 0x3c8
119131c.16ec: ProductName: SYMEVENT
120131c.16ec: ProductVersion: 12.9.6.12
121131c.16ec: FileVersion: 12.9.6.12
122131c.16ec: FileDescription: Symantec Event Library
123131c.16ec: \SystemRoot\System32\drivers\dgmaster.sys:
124131c.16ec: CreationTime: 2016-11-29T22:54:35.426757800Z
125131c.16ec: LastWriteTime: 2016-11-30T14:52:55.174211700Z
126131c.16ec: ChangeTime: 2016-11-30T17:08:19.015625000Z
127131c.16ec: FileAttributes: 0x20
128131c.16ec: Size: 0x381c68
129131c.16ec: NT Headers: 0x108
130131c.16ec: Timestamp: 0x583ee79f
131131c.16ec: Machine: 0x8664 - amd64
132131c.16ec: Timestamp: 0x583ee79f
133131c.16ec: Image Version: 6.3
134131c.16ec: SizeOfImage: 0x443000 (4468736)
135131c.16ec: Resource Dir: 0x403000 LB 0x35f48
136131c.16ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
137131c.16ec: Calling main()
138131c.16ec: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
139131c.16ec: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
140131c.16ec: SUPR3HardenedMain: Respawn #1
141131c.16ec: System32: \Device\HarddiskVolume2\Windows\System32
142131c.16ec: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
143131c.16ec: KnownDllPath: C:\Windows\system32
144131c.16ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
145131c.16ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
146131c.16ec: supR3HardNtEnableThreadCreation:
147131c.16ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007766a360 pvNtTerminateThread=000000007768c260
148131c.16ec: supR3HardenedWinDoReSpawn(1): New child c28.1528 [kernel32].
149131c.16ec: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
150131c.16ec: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077640000 uNtDllChildAddr=0000000077640000
151131c.16ec: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007766a360
152131c.16ec: supR3HardenedWinSetupChildInit: Start child.
153131c.16ec: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 250 ms.
154131c.16ec: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
155131c.16ec: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
156131c.16ec: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
157131c.16ec: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
158131c.16ec: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
159131c.16ec: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
160131c.16ec: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
161131c.16ec: 0000000000041000-fffffffffff41fff 0x0001/0x0000 0x0000000
162131c.16ec: *0000000000140000-0000000000043fff 0x0000/0x0004 0x0020000
163131c.16ec: 000000000023c000-0000000000239fff 0x0104/0x0004 0x0020000
164131c.16ec: 000000000023e000-000000000023bfff 0x0004/0x0004 0x0020000
165131c.16ec: 0000000000240000-ffffffff88e3ffff 0x0001/0x0000 0x0000000
166131c.16ec: *0000000077640000-0000000077640fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
167131c.16ec: 0000000077641000-000000007773dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
168131c.16ec: 000000007773e000-000000007776cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
169131c.16ec: 000000007776d000-0000000077776fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
170131c.16ec: 0000000077777000-0000000077777fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
171131c.16ec: 0000000077778000-000000007777afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
172131c.16ec: 000000007777b000-00000000777e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
173131c.16ec: 00000000777ea000-000000006fff3fff 0x0001/0x0000 0x0000000
174131c.16ec: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
175131c.16ec: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
176131c.16ec: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
177131c.16ec: 000000007fff0000-ffffffffc070ffff 0x0001/0x0000 0x0000000
178131c.16ec: *000000013f8d0000-000000013f8d0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
179131c.16ec: 000000013f8d1000-000000013f93ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
180131c.16ec: 000000013f940000-000000013f940fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
181131c.16ec: 000000013f941000-000000013f985fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
182131c.16ec: 000000013f986000-000000013f986fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
183131c.16ec: 000000013f987000-000000013f987fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
184131c.16ec: 000000013f988000-000000013f98cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
185131c.16ec: 000000013f98d000-000000013f98dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
186131c.16ec: 000000013f98e000-000000013f98efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
187131c.16ec: 000000013f98f000-000000013f992fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
188131c.16ec: 000000013f993000-000000013f9dafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
189131c.16ec: 000000013f9db000-000000013f9d5fff 0x0001/0x0000 0x0000000
190131c.16ec: *000000013f9e0000-000000013f9defff 0x0040/0x0040 0x0020000 !!
191131c.16ec: supHardNtVpFreeOrReplacePrivateExecMemory: Replacing exec mem at 000000013f9e0000 (LB 0x1000, 000000013f9e0000 LB 0x1000)
192131c.16ec: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000013f9e0000/000000013f9e0000 LB 0/0x1000]
193131c.16ec: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000013f9e0000 LB 0x7fdbff80000 s=0x10000 ap=0x0 rp=0x00000000000001
194131c.16ec: Error (rc=-5673):
195131c.16ec: NtAllocateVirtualMemory (000000013f9e0000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
196131c.16ec: Error (rc=-5645):
197131c.16ec: Too many virtual memory regions.
198
199131c.16ec: Error (rc=-5673):
200131c.16ec: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (000000013f9e0000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
201[rc=-5645] Too many virtual memory regions.
202131c.16ec: Error -5673 in supR3HardNtChildPurify! (enmWhat=5)
203131c.16ec: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (000000013f9e0000 LB 0x1000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
204[rc=-5645] Too many virtual memory regions.
205131c.16ec: supR3HardNtEnableThreadCreation:

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy