www.sandboxie.com :: View topic

Posted: Thu Sep 01, 2011 8:00 am

Versions:
Sandboxie Version 3.56 (64Bit)
Windows 7 Enterprise 64 Bit
Visual Studio 2010 Ultimate (SP1 installed)

Hi, since I installed Sandboxie 64 Bit I randomly get BSODs

Here is a Buganalysis from windbg:

Quote:

*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff80002e081c4, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 000007ffffff0000, Parameter 1 of the exception

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

FAULTING_IP:
nt! ?? ::FNODOBFM::`string'+c1f1
fffff800`02e081c4 8a01 mov al,byte ptr [rcx]

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 000007ffffff0000

READ_ADDRESS: 000007ffffff0000

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

BUGCHECK_STR: 0x1E_c0000005

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: devenv.exe

CURRENT_IRQL: 1

TRAP_FRAME: fffff88007c9cec0 -- (.trap 0xfffff88007c9cec0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000007ffffff0000 rbx=0000000000000000 rcx=000007ffffff0000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80002e081c4 rsp=fffff88007c9d050 rbp=0000000074a7ae60
r8=0000000000000000 r9=0000000074ab3528 r10=fffff88007c9dba8
r11=0000000074a60000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
nt! ?? ::FNODOBFM::`string'+0xc1f1:
fffff800`02e081c4 8a01 mov al,byte ptr [rcx] ds:000007ff`ffff0000=??
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff80002ec9588 to fffff80002e7dc40

STACK_TEXT:
fffff880`07c9c638 fffff800`02ec9588 : 00000000`0000001e ffffffff`c0000005 fffff800`02e081c4 00000000`00000000 : nt!KeBugCheckEx
fffff880`07c9c640 fffff800`02e7d2c2 : fffff880`07c9ce18 fffff880`07c9d170 fffff880`07c9cec0 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x4977d
fffff880`07c9cce0 fffff800`02e7be3a : 00000000`00000000 000007ff`ffff0000 fffff880`07c9cf00 fffff880`07c9d170 : nt!KiExceptionDispatch+0xc2
fffff880`07c9cec0 fffff800`02e081c4 : 00000000`00004204 00000000`00010216 fffff880`07c9d070 00000000`00000018 : nt!KiPageFault+0x23a
fffff880`07c9d050 fffff800`0316f1dd : fffff880`00000000 00000000`74a60000 fffff880`00000000 fffff880`00000000 : nt! ?? ::FNODOBFM::`string'+0xc1f1
fffff880`07c9d0e0 fffff800`02e6fe21 : fffffa80`00000000 fffff880`07b3ce70 00000000`00000003 fffff880`07c9e000 : nt!PspGetSetContextInternal+0x265
fffff880`07c9d680 fffff800`02e712f7 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PspGetSetContextSpecialApc+0xa1
fffff880`07c9d790 fffff800`02e8313d : fffffa80`149c6b60 00000000`00000000 00000000`00000000 fffffa80`149c6b60 : nt!KiDeliverApc+0x1c7
fffff880`07c9d810 fffff800`02e8574f : fffff880`07c9da70 00000000`0000c2d9 fffff880`00000000 fffff800`02e877f3 : nt!KiCommitThreadWait+0x3dd
fffff880`07c9d8a0 fffff800`02e706b4 : fffff880`07c9db00 00000000`00000005 00000000`00000000 fffff800`031a1400 : nt!KeWaitForSingleObject+0x19f
fffff880`07c9d940 fffff800`02e71331 : fffffa80`149c6b60 fffffa80`149c6bb0 00000000`00000001 00000000`00000000 : nt!KiSuspendThread+0x54
fffff880`07c9d980 fffff800`02e715a7 : fffffa80`149c6b60 00000000`00000000 fffff800`02e70660 00000000`00000000 : nt!KiDeliverApc+0x201
fffff880`07c9da00 fffff880`020a6d96 : fffffa80`149c6b60 fffff880`02097053 00000000`74a7ae60 00000000`fff12000 : nt!KiApcInterrupt+0xd7
fffff880`07c9db90 fffff880`02097053 : 00000000`74a7ae60 00000000`fff12000 fffff880`07c9dca0 fffff800`02e8785a : SbieDrv+0x10d96
fffff880`07c9dba0 00000000`74a7ae60 : 00000000`fff12000 fffff880`07c9dca0 fffff800`02e8785a 00000000`00000003 : SbieDrv+0x1053
fffff880`07c9dba8 00000000`fff12000 : fffff880`07c9dca0 fffff800`02e8785a 00000000`00000003 00000000`00010c5a : 0x74a7ae60
fffff880`07c9dbb0 fffff880`07c9dca0 : fffff800`02e8785a 00000000`00000003 00000000`00010c5a 00000000`0000c2d9 : 0xfff12000
fffff880`07c9dbb8 fffff800`02e8785a : 00000000`00000003 00000000`00010c5a 00000000`0000c2d9 00000000`00000000 : 0xfffff880`07c9dca0
fffff880`07c9dbc0 fffff880`02c9d132 : fffffa80`149c6b60 fffffd72`00169501 00000000`112cebb0 00000000`112cfd20 : nt!ExReleaseResourceAndLeavePriorityRegion+0x12
fffff880`07c9dbf0 fffffa80`149c6b60 : fffffd72`00169501 00000000`112cebb0 00000000`112cfd20 fffff800`02e88845 : 0xfffff880`02c9d132
fffff880`07c9dbf8 fffffd72`00169501 : 00000000`112cebb0 00000000`112cfd20 fffff800`02e88845 fffff800`02e7ced3 : 0xfffffa80`149c6b60
fffff880`07c9dc00 00000000`112cebb0 : 00000000`112cfd20 fffff800`02e88845 fffff800`02e7ced3 00000000`03d90188 : 0xfffffd72`00169501
fffff880`07c9dc08 00000000`112cfd20 : fffff800`02e88845 fffff800`02e7ced3 00000000`03d90188 fffff880`07c9dca0 : 0x112cebb0
fffff880`07c9dc10 fffff800`02e88845 : fffff800`02e7ced3 00000000`03d90188 fffff880`07c9dca0 00000000`00000001 : 0x112cfd20
fffff880`07c9dc18 00000000`74a9feca : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIpiInterrupt+0x135
00000000`112ce1b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x74a9feca

STACK_COMMAND: kb

FOLLOWUP_IP:
SbieDrv+10d96
fffff880`020a6d96 55 push rbp

SYMBOL_STACK_INDEX: d

SYMBOL_NAME: SbieDrv+10d96

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: SbieDrv

IMAGE_NAME: SbieDrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4dfb56e2

FAILURE_BUCKET_ID: X64_0x1E_c0000005_SbieDrv+10d96

BUCKET_ID: X64_0x1E_c0000005_SbieDrv+10d96

Followup: MachineOwner
---------

This BSOD happens without any active sandbox, when I use VS

Posted: Thu Sep 01, 2011 10:21 am

I'm afraid I don't understand the cause of the problem just from the report. Do you have any dump files that you can make available for download?

Posted: Thu Sep 01, 2011 7:36 pm

Link: http://www.fileserve.com/file/rmZz2BW/MEMORY.zip

Posted: Fri Sep 02, 2011 9:14 am

Thanks for the dump. I think I might have better understanding of the problem now, but I'm not sure yet. I will post another update when I know more.

Posted: Fri Sep 02, 2011 12:45 pm

I followed up on my suspicition and developed a test case, and it looks like I can reproduce the problem reliably now. So that reassures my suspicition about what is actually causing this problem. I hope I can have a fix for this tomorrow, or on Sunday at the latest.

Posted: Sun Sep 04, 2011 6:08 pm

Please try version 3.59.01, I hope it fixes the problem.

Posted: Tue Sep 06, 2011 8:24 am

It seems to work, there is no crash in the last 24h.
Before I got a crash every ~2h.
I will report again if it crashes again.

Posted: Tue Sep 06, 2011 8:57 am

Thanks for the quick update. I'm glad that I was finally able to figure out this elusive bug and fix it.