VirtualBox

Ticket #16448: VBoxHardening.log

File VBoxHardening.log, 19.6 KB (added by gingleby, 8 years ago)
Line 
1456c.42b8: Log file opened: 5.1.51r113155 g_hStartupLog=0000000000000028 g_uNtVerCombined=0x611db110
2456c.42b8: \SystemRoot\System32\ntdll.dll:
3456c.42b8: CreationTime: 2017-01-25T14:06:06.548625300Z
4456c.42b8: LastWriteTime: 2016-10-11T15:34:46.170628400Z
5456c.42b8: ChangeTime: 2017-01-25T14:10:25.769157200Z
6456c.42b8: FileAttributes: 0x20
7456c.42b8: Size: 0x1a7100
8456c.42b8: NT Headers: 0xe0
9456c.42b8: Timestamp: 0x57fd0651
10456c.42b8: Machine: 0x8664 - amd64
11456c.42b8: Timestamp: 0x57fd0651
12456c.42b8: Image Version: 6.1
13456c.42b8: SizeOfImage: 0x1aa000 (1744896)
14456c.42b8: Resource Dir: 0x14e000 LB 0x5a028
15456c.42b8: ProductName: Microsoft® Windows® Operating System
16456c.42b8: ProductVersion: 6.1.7601.23572
17456c.42b8: FileVersion: 6.1.7601.23572 (win7sp1_ldr.161011-0600)
18456c.42b8: FileDescription: NT Layer DLL
19456c.42b8: \SystemRoot\System32\kernel32.dll:
20456c.42b8: CreationTime: 2017-01-25T14:06:11.901160500Z
21456c.42b8: LastWriteTime: 2016-10-11T15:31:56.010000000Z
22456c.42b8: ChangeTime: 2017-01-25T14:10:26.237166200Z
23456c.42b8: FileAttributes: 0x20
24456c.42b8: Size: 0x11c000
25456c.42b8: NT Headers: 0xe0
26456c.42b8: Timestamp: 0x57fd0695
27456c.42b8: Machine: 0x8664 - amd64
28456c.42b8: Timestamp: 0x57fd0695
29456c.42b8: Image Version: 6.1
30456c.42b8: SizeOfImage: 0x11f000 (1175552)
31456c.42b8: Resource Dir: 0x116000 LB 0x528
32456c.42b8: ProductName: Microsoft® Windows® Operating System
33456c.42b8: ProductVersion: 6.1.7601.23572
34456c.42b8: FileVersion: 6.1.7601.23572 (win7sp1_ldr.161011-0600)
35456c.42b8: FileDescription: Windows NT BASE API Client DLL
36456c.42b8: \SystemRoot\System32\KernelBase.dll:
37456c.42b8: CreationTime: 2017-01-25T14:06:23.243294600Z
38456c.42b8: LastWriteTime: 2016-10-11T15:31:56.010000000Z
39456c.42b8: ChangeTime: 2017-01-25T14:10:26.205965600Z
40456c.42b8: FileAttributes: 0x20
41456c.42b8: Size: 0x66800
42456c.42b8: NT Headers: 0xe8
43456c.42b8: Timestamp: 0x57fd0696
44456c.42b8: Machine: 0x8664 - amd64
45456c.42b8: Timestamp: 0x57fd0696
46456c.42b8: Image Version: 6.1
47456c.42b8: SizeOfImage: 0x6a000 (434176)
48456c.42b8: Resource Dir: 0x68000 LB 0x530
49456c.42b8: ProductName: Microsoft® Windows® Operating System
50456c.42b8: ProductVersion: 6.1.7601.23572
51456c.42b8: FileVersion: 6.1.7601.23572 (win7sp1_ldr.161011-0600)
52456c.42b8: FileDescription: Windows NT BASE API Client DLL
53456c.42b8: \SystemRoot\System32\apisetschema.dll:
54456c.42b8: CreationTime: 2017-01-25T14:06:32.766246800Z
55456c.42b8: LastWriteTime: 2016-10-11T15:31:50.862000000Z
56456c.42b8: ChangeTime: 2017-01-25T14:10:25.737956600Z
57456c.42b8: FileAttributes: 0x20
58456c.42b8: Size: 0x1a00
59456c.42b8: NT Headers: 0xc0
60456c.42b8: Timestamp: 0x57fd062f
61456c.42b8: Machine: 0x8664 - amd64
62456c.42b8: Timestamp: 0x57fd062f
63456c.42b8: Image Version: 6.1
64456c.42b8: SizeOfImage: 0x50000 (327680)
65456c.42b8: Resource Dir: 0x30000 LB 0x3f8
66456c.42b8: ProductName: Microsoft® Windows® Operating System
67456c.42b8: ProductVersion: 6.1.7601.23572
68456c.42b8: FileVersion: 6.1.7601.23572 (win7sp1_ldr.161011-0600)
69456c.42b8: FileDescription: ApiSet Schema DLL
70456c.42b8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71456c.42b8: supR3HardenedWinFindAdversaries: 0x4003
72456c.42b8: \SystemRoot\System32\drivers\SysPlant.sys:
73456c.42b8: CreationTime: 2016-06-03T10:32:35.703940500Z
74456c.42b8: LastWriteTime: 2016-06-03T10:32:35.703940500Z
75456c.42b8: ChangeTime: 2016-06-03T10:32:35.703940500Z
76456c.42b8: FileAttributes: 0x20
77456c.42b8: Size: 0x29170
78456c.42b8: NT Headers: 0xf0
79456c.42b8: Timestamp: 0x55ba08b1
80456c.42b8: Machine: 0x8664 - amd64
81456c.42b8: Timestamp: 0x55ba08b1
82456c.42b8: Image Version: 5.0
83456c.42b8: SizeOfImage: 0x2f000 (192512)
84456c.42b8: Resource Dir: 0x2d000 LB 0x498
85456c.42b8: ProductName: Symantec CMC Firewall
86456c.42b8: ProductVersion: 12.1.6318.6100
87456c.42b8: FileVersion: 12.1.6318.6100
88456c.42b8: FileDescription: Symantec CMC Firewall SysPlant
89456c.42b8: \SystemRoot\System32\sysfer.dll:
90456c.42b8: CreationTime: 2016-06-03T10:32:35.703940500Z
91456c.42b8: LastWriteTime: 2016-06-03T10:32:35.703940500Z
92456c.42b8: ChangeTime: 2016-06-03T10:32:35.703940500Z
93456c.42b8: FileAttributes: 0x20
94456c.42b8: Size: 0x72038
95456c.42b8: NT Headers: 0xe8
96456c.42b8: Timestamp: 0x55ba08bc
97456c.42b8: Machine: 0x8664 - amd64
98456c.42b8: Timestamp: 0x55ba08bc
99456c.42b8: Image Version: 0.0
100456c.42b8: SizeOfImage: 0x89000 (561152)
101456c.42b8: Resource Dir: 0x87000 LB 0x630
102456c.42b8: ProductName: Symantec CMC Firewall
103456c.42b8: ProductVersion: 12.1.6318.6100
104456c.42b8: FileVersion: 12.1.6318.6100
105456c.42b8: FileDescription: Symantec CMC Firewall sysfer
106456c.42b8: \SystemRoot\System32\drivers\symevent64x86.sys:
107456c.42b8: CreationTime: 2016-06-03T10:33:15.546410500Z
108456c.42b8: LastWriteTime: 2016-06-03T10:33:15.530810500Z
109456c.42b8: ChangeTime: 2016-06-03T10:33:15.530810500Z
110456c.42b8: FileAttributes: 0x20
111456c.42b8: Size: 0x2b8d8
112456c.42b8: NT Headers: 0xe8
113456c.42b8: Timestamp: 0x54b87d44
114456c.42b8: Machine: 0x8664 - amd64
115456c.42b8: Timestamp: 0x54b87d44
116456c.42b8: Image Version: 6.0
117456c.42b8: SizeOfImage: 0x38000 (229376)
118456c.42b8: Resource Dir: 0x36000 LB 0x3c8
119456c.42b8: ProductName: SYMEVENT
120456c.42b8: ProductVersion: 12.9.6.12
121456c.42b8: FileVersion: 12.9.6.12
122456c.42b8: FileDescription: Symantec Event Library
123456c.42b8: \SystemRoot\System32\drivers\cyprotectdrv64.sys:
124456c.42b8: CreationTime: 2016-10-28T12:00:10.351957700Z
125456c.42b8: LastWriteTime: 2016-08-31T21:08:24.000000000Z
126456c.42b8: ChangeTime: 2017-02-03T12:50:00.537012700Z
127456c.42b8: FileAttributes: 0x20
128456c.42b8: Size: 0x24630
129456c.42b8: NT Headers: 0xf8
130456c.42b8: Timestamp: 0x57c70efc
131456c.42b8: Machine: 0x8664 - amd64
132456c.42b8: Timestamp: 0x57c70efc
133456c.42b8: Image Version: 6.1
134456c.42b8: SizeOfImage: 0x126000 (1204224)
135456c.42b8: Resource Dir: 0x124000 LB 0x2f0
136456c.42b8: ProductName: CylancePROTECT
137456c.42b8: ProductVersion: 1.2.1390.74
138456c.42b8: FileVersion: 1.2.1390.74
139456c.42b8: FileDescription: Cylance Protect Driver
140456c.42b8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
141456c.42b8: Calling main()
142456c.42b8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
143456c.42b8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
144456c.42b8: SUPR3HardenedMain: Respawn #1
145456c.42b8: System32: \Device\HarddiskVolume1\Windows\System32
146456c.42b8: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
147456c.42b8: KnownDllPath: C:\Windows\system32
148456c.42b8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
149456c.42b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
150456c.42b8: supR3HardNtEnableThreadCreation:
151456c.42b8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007728a360 pvNtTerminateThread=00000000772ac260
152456c.42b8: supR3HardenedWinDoReSpawn(1): New child 3470.4670 [kernel32].
153456c.42b8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd4000 cbPeb=0x380
154456c.42b8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077260000 uNtDllChildAddr=0000000077260000
155456c.42b8: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007728a360
156456c.42b8: supR3HardenedWinSetupChildInit: Start child.
157456c.42b8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
158456c.42b8: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
159456c.42b8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
160456c.42b8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
161456c.42b8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
162456c.42b8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
163456c.42b8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
164456c.42b8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
165456c.42b8: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
166456c.42b8: *0000000000050000-000000000004efff 0x0020/0x0020 0x0020000 !!
167456c.42b8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000050000 (LB 0x1000, 0000000000050000 LB 0x1000)
168456c.42b8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000050000/0000000000050000 LB 0/0x1000]
169456c.42b8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000050000 LB 0x120000 s=0x10000 ap=0x0 rp=0x00000000000001
170456c.42b8: 0000000000051000-fffffffffff31fff 0x0001/0x0000 0x0000000
171456c.42b8: *0000000000170000-0000000000073fff 0x0000/0x0004 0x0020000
172456c.42b8: 000000000026c000-0000000000269fff 0x0104/0x0004 0x0020000
173456c.42b8: 000000000026e000-000000000026bfff 0x0004/0x0004 0x0020000
174456c.42b8: 0000000000270000-ffffffff8927ffff 0x0001/0x0000 0x0000000
175456c.42b8: *0000000077260000-0000000077260fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
176456c.42b8: 0000000077261000-000000007735dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
177456c.42b8: 000000007735e000-000000007738cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
178456c.42b8: 000000007738d000-0000000077396fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
179456c.42b8: 0000000077397000-0000000077397fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
180456c.42b8: 0000000077398000-000000007739afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
181456c.42b8: 000000007739b000-0000000077409fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
182456c.42b8: 000000007740a000-000000006f833fff 0x0001/0x0000 0x0000000
183456c.42b8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
184456c.42b8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
185456c.42b8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
186456c.42b8: 000000007fff0000-ffffffffc005ffff 0x0001/0x0000 0x0000000
187456c.42b8: *000000013ff80000-000000013ff80fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
188456c.42b8: 000000013ff81000-000000013fff0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
189456c.42b8: 000000013fff1000-000000013fff1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
190456c.42b8: 000000013fff2000-0000000140036fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
191456c.42b8: 0000000140037000-0000000140037fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
192456c.42b8: 0000000140038000-0000000140038fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
193456c.42b8: 0000000140039000-000000014003dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
194456c.42b8: 000000014003e000-000000014003efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
195456c.42b8: 000000014003f000-000000014003ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
196456c.42b8: 0000000140040000-0000000140043fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
197456c.42b8: 0000000140044000-000000014008bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
198456c.42b8: 000000014008c000-0000000140087fff 0x0001/0x0000 0x0000000
199456c.42b8: *0000000140090000-000000014008efff 0x0040/0x0040 0x0020000 !!
200456c.42b8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000140090000 (LB 0x1000, 0000000140090000 LB 0x1000)
201456c.42b8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000140090000/0000000140090000 LB 0/0x1000]
202456c.42b8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000140090000 LB 0x7fdbf4f0000 s=0x10000 ap=0x0 rp=0x00000000000001
203456c.42b8: 0000000140091000-fffff80380ba1fff 0x0001/0x0000 0x0000000
204456c.42b8: *000007feff580000-000007feff580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
205456c.42b8: 000007feff581000-000007fdfeb51fff 0x0001/0x0000 0x0000000
206456c.42b8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
207456c.42b8: 000007fffffd3000-000007fffffd1fff 0x0001/0x0000 0x0000000
208456c.42b8: *000007fffffd4000-000007fffffd2fff 0x0004/0x0004 0x0020000
209456c.42b8: 000007fffffd5000-000007fffffcbfff 0x0001/0x0000 0x0000000
210456c.42b8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
211456c.42b8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
212456c.42b8: apisetschema.dll: timestamp 0x57fd062f (rc=VINF_SUCCESS)
213456c.42b8: VirtualBox.exe: timestamp 0x588f3aff (rc=VINF_SUCCESS)
214456c.42b8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
215456c.42b8: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
216456c.42b8: 000000013ff80172 / 0x0000172: 00 != 11
217456c.42b8: 000000013ff80174 / 0x0000174: 00 != 14
218456c.42b8: Restored 0x400 bytes of original file content at 000000013ff80000
219456c.42b8: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
220456c.42b8: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
221456c.42b8: supR3HardNtChildPurify: cFixes=3 g_fSupAdversaries=0x4003 cPatchCount=0
222456c.42b8: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 65 sleeps
223456c.42b8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
224456c.42b8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
225456c.42b8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
226456c.42b8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
227456c.42b8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
228456c.42b8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
229456c.42b8: 0000000000041000-fffffffffff11fff 0x0001/0x0000 0x0000000
230456c.42b8: *0000000000170000-0000000000073fff 0x0000/0x0004 0x0020000
231456c.42b8: 000000000026c000-0000000000269fff 0x0104/0x0004 0x0020000
232456c.42b8: 000000000026e000-000000000026bfff 0x0004/0x0004 0x0020000
233456c.42b8: 0000000000270000-ffffffff8927ffff 0x0001/0x0000 0x0000000
234456c.42b8: *0000000077260000-0000000077260fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
235456c.42b8: 0000000077261000-000000007735dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
236456c.42b8: 000000007735e000-000000007738cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
237456c.42b8: 000000007738d000-0000000077396fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
238456c.42b8: 0000000077397000-0000000077397fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
239456c.42b8: 0000000077398000-0000000077398fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
240456c.42b8: 0000000077399000-000000007739afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
241456c.42b8: 000000007739b000-0000000077409fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
242456c.42b8: 000000007740a000-000000006f833fff 0x0001/0x0000 0x0000000
243456c.42b8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
244456c.42b8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
245456c.42b8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
246456c.42b8: 000000007fff0000-ffffffffc005ffff 0x0001/0x0000 0x0000000
247456c.42b8: *000000013ff80000-000000013ff80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
248456c.42b8: 000000013ff81000-000000013fff0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
249456c.42b8: 000000013fff1000-000000013fff1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
250456c.42b8: 000000013fff2000-0000000140036fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
251456c.42b8: 0000000140037000-0000000140043fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
252456c.42b8: 0000000140044000-000000014008bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
253456c.42b8: 000000014008c000-fffff80380b97fff 0x0001/0x0000 0x0000000
254456c.42b8: *000007feff580000-000007feff580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
255456c.42b8: 000007feff581000-000007fdfeb51fff 0x0001/0x0000 0x0000000
256456c.42b8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
257456c.42b8: 000007fffffd3000-000007fffffd1fff 0x0001/0x0000 0x0000000
258456c.42b8: *000007fffffd4000-000007fffffd2fff 0x0004/0x0004 0x0020000
259456c.42b8: 000007fffffd5000-000007fffffcbfff 0x0001/0x0000 0x0000000
260456c.42b8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
261456c.42b8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
262456c.42b8: supR3HardNtChildPurify: Done after 1070 ms and 3 fixes (loop #1).
263456c.42b8: supR3HardNtEnableThreadCreation:
2643470.4670: Log file opened: 5.1.51r113155 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
2653470.4670: supR3HardenedVmProcessInit: uNtDllAddr=0000000077260000 g_uNtVerCombined=0x611db100
2663470.4670: ntdll.dll: timestamp 0x57fd0651 (rc=VINF_SUCCESS)
2673470.4670: New simple heap: #1 0000000000270000 LB 0x400000 (for 1744896 allocation)
2683470.4670: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
2693470.4670: System32: \Device\HarddiskVolume1\Windows\System32
2703470.4670: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
2713470.4670: KnownDllPath: C:\Windows\system32
2723470.4670: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2733470.4670: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2743470.4670: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2753470.4670: Registered Dll notification callback with NTDLL.
2763470.4670: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
2773470.4670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
2783470.4670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2793470.4670: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
280456c.42b8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1481 ms, CloseEvents);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy