trying your VM in VirtualBox, getting this error #1
Assignees
Comments
|
A few things to check:
If not, could you post the contents of the |
|
1. Yes, downloaded the latest.
2. Yes, on this laptop I have 32GB, allocated 16GB for the VM.
Log attached.
Many thanks!
…--eugen
Amat victoria curam
On Wed, Jun 14, 2017 at 5:12 AM, Charles S. Givre ***@***.***> wrote:
A few things to check:
1. Are you running the latest version of VirtualBox?
2. Do you have enough memory? I think the VM is configured for 8GB. It
will work with 4GB, but 8 is better when you start using Drill with other
tools.
If not, could you post the contents of the VBoxHardening.log file?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADwGAGRiqKAftk2ohWi_PFORsRfYAAhjks5sD8AHgaJpZM4N5VuR>
.
|
|
Hi @oighen, |
|
Un-installed/re-installed VirtualBox, same error.
Failed to open a session for the virtual machine *Merlin 1.01 Drill
Workshop*.
The virtual machine *'Merlin 1.01 Drill Workshop'* has terminated
unexpectedly during startup with exit code -1073741819 (0xc0000005). More
details may be available in *'C:\Users\Eugen\VirtualBox VMs\Merlin 1.01
Drill Workshop\Logs\VBoxHardening.log'*.
Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
Now, the log is dumped below:
fbc.77d4: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000e4
g_uNtVerCombined=0xa0383900
fbc.77d4: \SystemRoot\System32\ntdll.dll:
fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z
fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z
fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z
fbc.77d4: FileAttributes: 0x20
fbc.77d4: Size: 0x1cc888
fbc.77d4: NT Headers: 0xd8
fbc.77d4: Timestamp: 0x5825887f
fbc.77d4: Machine: 0x8664 - amd64
fbc.77d4: Timestamp: 0x5825887f
fbc.77d4: Image Version: 10.0
fbc.77d4: SizeOfImage: 0x1d1000 (1904640)
fbc.77d4: Resource Dir: 0x168000 LB 0x67988
fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1;
SubID/SubName: 0x409)]
fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0
(reserved 0x0)]
fbc.77d4: ProductName: Microsoft® Windows® Operating System
fbc.77d4: ProductVersion: 10.0.14393.479
fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
fbc.77d4: FileDescription: NT Layer DLL
fbc.77d4: \SystemRoot\System32\kernel32.dll:
fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z
fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z
fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z
fbc.77d4: FileAttributes: 0x20
fbc.77d4: Size: 0xab208
fbc.77d4: NT Headers: 0xf0
fbc.77d4: Timestamp: 0x59028368
fbc.77d4: Machine: 0x8664 - amd64
fbc.77d4: Timestamp: 0x59028368
fbc.77d4: Image Version: 10.0
fbc.77d4: SizeOfImage: 0xac000 (704512)
fbc.77d4: Resource Dir: 0xaa000 LB 0x530
fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
SubID/SubName: 0x409)]
fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0
(reserved 0x0)]
fbc.77d4: ProductName: Microsoft® Windows® Operating System
fbc.77d4: ProductVersion: 10.0.14393.1198
fbc.77d4: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353)
fbc.77d4: FileDescription: Windows NT BASE API Client DLL
fbc.77d4: \SystemRoot\System32\KernelBase.dll:
fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z
fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z
fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z
fbc.77d4: FileAttributes: 0x20
fbc.77d4: Size: 0x21c780
fbc.77d4: NT Headers: 0xf8
fbc.77d4: Timestamp: 0x59327897
fbc.77d4: Machine: 0x8664 - amd64
fbc.77d4: Timestamp: 0x59327897
fbc.77d4: Image Version: 10.0
fbc.77d4: SizeOfImage: 0x21d000 (2215936)
fbc.77d4: Resource Dir: 0x201000 LB 0x550
fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
SubID/SubName: 0x409)]
fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0
(reserved 0x0)]
fbc.77d4: ProductName: Microsoft® Windows® Operating System
fbc.77d4: ProductVersion: 10.0.14393.1358
fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252)
fbc.77d4: FileDescription: Windows NT BASE API Client DLL
fbc.77d4: \SystemRoot\System32\apisetschema.dll:
fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z
fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z
fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z
fbc.77d4: FileAttributes: 0x20
fbc.77d4: Size: 0x18960
fbc.77d4: NT Headers: 0xc8
fbc.77d4: Timestamp: 0x57899bd2
fbc.77d4: Machine: 0x8664 - amd64
fbc.77d4: Timestamp: 0x57899bd2
fbc.77d4: Image Version: 10.0
fbc.77d4: SizeOfImage: 0x19000 (102400)
fbc.77d4: Resource Dir: 0x18000 LB 0x400
fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1;
SubID/SubName: 0x409)]
fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0
(reserved 0x0)]
fbc.77d4: ProductName: Microsoft® Windows® Operating System
fbc.77d4: ProductVersion: 10.0.14393.0
fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
fbc.77d4: FileDescription: ApiSet Schema DLL
fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
fbc.77d4: supR3HardenedWinFindAdversaries: 0x0
fbc.77d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program
Files\Oracle\VirtualBox'
fbc.77d4: Calling main()
fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
fbc.77d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program
Files\Oracle\VirtualBox'
fbc.77d4: SUPR3HardenedMain: Respawn #1
fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32
fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
fbc.77d4: KnownDllPath: C:\Windows\System32
fbc.77d4: '\Device\HarddiskVolume5\Program
Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0
(\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
fbc.77d4: supR3HardNtEnableThreadCreation:
fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff94af9fa0
pvNtTerminateThread=00007fff94b26b20
fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564 [kernel32].
fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress=0000000000a93000
cbPeb=0x388
fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff94a80000
uNtDllChildAddr=00007fff94a80000
fbc.77d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff94af9fa0
fbc.77d4: supR3HardenedWinSetupChildInit: Start child.
fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0
(PurifyChildAndCloseHandles) after 0 ms.
fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 15
sleeps
fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000
fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000
fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000
fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000
fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000
fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000
fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000
fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000
fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000
fbc.77d4: *0000000000c00000-0000000000c00fff 0x0040/0x0040 0x0020000 !!
fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at
0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000)
fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1
succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000]
fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0:
[0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0
rp=0x00000000000001
fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000
fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000
fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
fbc.77d4: '\Device\HarddiskVolume5\Program
Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no
imports
fbc.77d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526 ms, 33
sleeps
fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000
fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000
fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000
fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000
fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000
fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000
fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000
fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000
fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000
fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000
fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes (loop #1).
73a0.8564: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004
g_uNtVerCombined=0xa0383900
73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000
g_uNtVerCombined=0xa0383900
73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1904640
allocation)
fbc.77d4: supR3HardNtEnableThreadCreation:
73a0.8564: supR3HardenedWinInitAppBin(0x0):
'\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32
73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
73a0.8564: KnownDllPath: C:\Windows\System32
73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub...
73a0.8564: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
73a0.8564: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
73a0.8564: Registered Dll notification callback with NTDLL.
73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
(\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
73a0.8564: supR3HardenedWinVerifyCacheInsert:
\Device\HarddiskVolume5\Windows\System32\kernel32.dll
73a0.8564: supR3HardenedMonitor_LdrLoadDll:
pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL,
rcNtResolve=0xc0150008) *pfFlags=0xffffffff
pwszSearchPath=0000000000004001:<flags> [calling]
73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff913e0000 LB
0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
(\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
73a0.8564: supR3HardenedWinVerifyCacheInsert:
\Device\HarddiskVolume5\Windows\System32\KernelBase.dll
73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff92360000 LB
0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on
\Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0
hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL'
73a0.8564: supR3HardenedDllNotificationCallback: load 00007ff63e250000 LB
0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
73a0.8564: '\Device\HarddiskVolume5\Program
Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
(\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
73a0.8564: supR3HardenedWinVerifyCacheInsert:
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005
(rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms, CloseEvents);
Many thanks!
…--eugen
Amat victoria curam
On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre ***@***.***> wrote:
Hi @oighen <https://github.com/oighen>,
I didn't get the log file in your email. I've been looking online and a
lot of the advice about this type of error seems to suggest
uninstalling/reinstalling VirtualBox. If you can attach the log in github,
or paste the contents I'll do some more digging. What OS and version are
you using?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR>
.
|
|
OS: Windows 10.
…--eugen
Amat victoria curam
On Sat, Jun 24, 2017 at 12:36 PM, Eugen Chirila ***@***.***> wrote:
Un-installed/re-installed VirtualBox, same error.
Failed to open a session for the virtual machine *Merlin 1.01 Drill
Workshop*.
The virtual machine *'Merlin 1.01 Drill Workshop'* has terminated
unexpectedly during startup with exit code -1073741819 (0xc0000005). More
details may be available in *'C:\Users\Eugen\VirtualBox VMs\Merlin 1.01
Drill Workshop\Logs\VBoxHardening.log'*.
Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
Now, the log is dumped below:
fbc.77d4: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000e4
g_uNtVerCombined=0xa0383900
fbc.77d4: \SystemRoot\System32\ntdll.dll:
fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z
fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z
fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z
fbc.77d4: FileAttributes: 0x20
fbc.77d4: Size: 0x1cc888
fbc.77d4: NT Headers: 0xd8
fbc.77d4: Timestamp: 0x5825887f
fbc.77d4: Machine: 0x8664 - amd64
fbc.77d4: Timestamp: 0x5825887f
fbc.77d4: Image Version: 10.0
fbc.77d4: SizeOfImage: 0x1d1000 (1904640)
fbc.77d4: Resource Dir: 0x168000 LB 0x67988
fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1;
SubID/SubName: 0x409)]
fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0
(reserved 0x0)]
fbc.77d4: ProductName: Microsoft® Windows® Operating System
fbc.77d4: ProductVersion: 10.0.14393.479
fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
fbc.77d4: FileDescription: NT Layer DLL
fbc.77d4: \SystemRoot\System32\kernel32.dll:
fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z
fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z
fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z
fbc.77d4: FileAttributes: 0x20
fbc.77d4: Size: 0xab208
fbc.77d4: NT Headers: 0xf0
fbc.77d4: Timestamp: 0x59028368
fbc.77d4: Machine: 0x8664 - amd64
fbc.77d4: Timestamp: 0x59028368
fbc.77d4: Image Version: 10.0
fbc.77d4: SizeOfImage: 0xac000 (704512)
fbc.77d4: Resource Dir: 0xaa000 LB 0x530
fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
SubID/SubName: 0x409)]
fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0
(reserved 0x0)]
fbc.77d4: ProductName: Microsoft® Windows® Operating System
fbc.77d4: ProductVersion: 10.0.14393.1198
fbc.77d4: FileVersion: 10.0.14393.1198
(rs1_release_sec.170427-1353)
fbc.77d4: FileDescription: Windows NT BASE API Client DLL
fbc.77d4: \SystemRoot\System32\KernelBase.dll:
fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z
fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z
fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z
fbc.77d4: FileAttributes: 0x20
fbc.77d4: Size: 0x21c780
fbc.77d4: NT Headers: 0xf8
fbc.77d4: Timestamp: 0x59327897
fbc.77d4: Machine: 0x8664 - amd64
fbc.77d4: Timestamp: 0x59327897
fbc.77d4: Image Version: 10.0
fbc.77d4: SizeOfImage: 0x21d000 (2215936)
fbc.77d4: Resource Dir: 0x201000 LB 0x550
fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
SubID/SubName: 0x409)]
fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0
(reserved 0x0)]
fbc.77d4: ProductName: Microsoft® Windows® Operating System
fbc.77d4: ProductVersion: 10.0.14393.1358
fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252)
fbc.77d4: FileDescription: Windows NT BASE API Client DLL
fbc.77d4: \SystemRoot\System32\apisetschema.dll:
fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z
fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z
fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z
fbc.77d4: FileAttributes: 0x20
fbc.77d4: Size: 0x18960
fbc.77d4: NT Headers: 0xc8
fbc.77d4: Timestamp: 0x57899bd2
fbc.77d4: Machine: 0x8664 - amd64
fbc.77d4: Timestamp: 0x57899bd2
fbc.77d4: Image Version: 10.0
fbc.77d4: SizeOfImage: 0x19000 (102400)
fbc.77d4: Resource Dir: 0x18000 LB 0x400
fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1;
SubID/SubName: 0x409)]
fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0
(reserved 0x0)]
fbc.77d4: ProductName: Microsoft® Windows® Operating System
fbc.77d4: ProductVersion: 10.0.14393.0
fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
fbc.77d4: FileDescription: ApiSet Schema DLL
fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
fbc.77d4: supR3HardenedWinFindAdversaries: 0x0
fbc.77d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program
Files\Oracle\VirtualBox'
fbc.77d4: Calling main()
fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
fbc.77d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program
Files\Oracle\VirtualBox'
fbc.77d4: SUPR3HardenedMain: Respawn #1
fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32
fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
fbc.77d4: KnownDllPath: C:\Windows\System32
fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe'
has no imports
fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0
(\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
fbc.77d4: supR3HardNtEnableThreadCreation:
fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff94af9fa0
pvNtTerminateThread=00007fff94b26b20
fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564 [kernel32].
fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress=0000000000a93000
cbPeb=0x388
fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff94a80000
uNtDllChildAddr=00007fff94a80000
fbc.77d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff94af9fa0
fbc.77d4: supR3HardenedWinSetupChildInit: Start child.
fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0
(PurifyChildAndCloseHandles) after 0 ms.
fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 15
sleeps
fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000
fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000
fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000
fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000
fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000
fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000
fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000
fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000
fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000
fbc.77d4: *0000000000c00000-0000000000c00fff 0x0040/0x0040 0x0020000 !!
fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at
0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000)
fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1
succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000]
fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0:
[0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0
rp=0x00000000000001
fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000
fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000
fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe'
has no imports
fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no
imports
fbc.77d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526 ms, 33
sleeps
fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000
fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000
fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000
fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000
fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000
fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000
fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000
fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000
fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000
fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000
fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000
\Device\HarddiskVolume5\Windows\System32\ntdll.dll
fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000
fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes (loop #1).
73a0.8564: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004
g_uNtVerCombined=0xa0383900
73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000
g_uNtVerCombined=0xa0383900
73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1904640
allocation)
fbc.77d4: supR3HardNtEnableThreadCreation:
73a0.8564: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program
Files\Oracle\VirtualBox'
73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32
73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
73a0.8564: KnownDllPath: C:\Windows\System32
73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub...
73a0.8564: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
73a0.8564: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
73a0.8564: Registered Dll notification callback with NTDLL.
73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
(\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\
Windows\System32\kernel32.dll
73a0.8564: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL
(Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff
pwszSearchPath=0000000000004001:<flags> [calling]
73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff913e0000
LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
(\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\
Windows\System32\KernelBase.dll
73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff92360000
LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS)
on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks
WinVerifyTrust]
73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0
hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL'
73a0.8564: supR3HardenedDllNotificationCallback: load 00007ff63e250000
LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
[fFlags=0x0]
73a0.8564: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe'
has no imports
73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
(\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program
Files\Oracle\VirtualBox\VirtualBox.exe
fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005
(rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms, CloseEvents);
Many thanks!
--eugen
Amat victoria curam
On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre <
***@***.***> wrote:
> Hi @oighen <https://github.com/oighen>,
> I didn't get the log file in your email. I've been looking online and a
> lot of the advice about this type of error seems to suggest
> uninstalling/reinstalling VirtualBox. If you can attach the log in github,
> or paste the contents I'll do some more digging. What OS and version are
> you using?
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#1 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR>
> .
>
|
|
Hi Eugen,
It looks to me from reading some articles on stackoverflow that one of the VirtualMachine disk files might be corrupted. The last article in the list recommends a procedure where you discard the saved state of the VM. Were you ever able to get it started?
https://askubuntu.com/questions/846492/failed-to-open-a-session-for-the-virtual-machine-win-7 <https://askubuntu.com/questions/846492/failed-to-open-a-session-for-the-virtual-machine-win-7>
https://stackoverflow.com/questions/20608310/virtualbox-error-failed-to-open-a-session-for-the-virtual-machine <https://stackoverflow.com/questions/20608310/virtualbox-error-failed-to-open-a-session-for-the-virtual-machine>
https://www.simplehelp.net/2015/10/25/how-to-fix-the-failed-to-open-a-session-error-in-virtualbox/ <https://www.simplehelp.net/2015/10/25/how-to-fix-the-failed-to-open-a-session-error-in-virtualbox/>
Regardless, I’d recommend downloading the latest version of the VM which is available here and has a lot more useful tools on it.
https://github.com/gtkcyber/griffon-vm <https://github.com/gtkcyber/griffon-vm>.
Thanks,
— C
… On Jun 24, 2017, at 15:03, oighen ***@***.***> wrote:
OS: Windows 10.
--eugen
Amat victoria curam
On Sat, Jun 24, 2017 at 12:36 PM, Eugen Chirila ***@***.***> wrote:
> Un-installed/re-installed VirtualBox, same error.
>
> Failed to open a session for the virtual machine *Merlin 1.01 Drill
> Workshop*.
>
> The virtual machine *'Merlin 1.01 Drill Workshop'* has terminated
> unexpectedly during startup with exit code -1073741819 (0xc0000005). More
> details may be available in *'C:\Users\Eugen\VirtualBox VMs\Merlin 1.01
> Drill Workshop\Logs\VBoxHardening.log'*.
> Result Code: E_FAIL (0x80004005)
> Component: MachineWrap
> Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
> Now, the log is dumped below:
>
> fbc.77d4: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000e4
> g_uNtVerCombined=0xa0383900
> fbc.77d4: \SystemRoot\System32\ntdll.dll:
> fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z
> fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z
> fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z
> fbc.77d4: FileAttributes: 0x20
> fbc.77d4: Size: 0x1cc888
> fbc.77d4: NT Headers: 0xd8
> fbc.77d4: Timestamp: 0x5825887f
> fbc.77d4: Machine: 0x8664 - amd64
> fbc.77d4: Timestamp: 0x5825887f
> fbc.77d4: Image Version: 10.0
> fbc.77d4: SizeOfImage: 0x1d1000 (1904640)
> fbc.77d4: Resource Dir: 0x168000 LB 0x67988
> fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1;
> SubID/SubName: 0x409)]
> fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0
> (reserved 0x0)]
> fbc.77d4: ProductName: Microsoft® Windows® Operating System
> fbc.77d4: ProductVersion: 10.0.14393.479
> fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
> fbc.77d4: FileDescription: NT Layer DLL
> fbc.77d4: \SystemRoot\System32\kernel32.dll:
> fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z
> fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z
> fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z
> fbc.77d4: FileAttributes: 0x20
> fbc.77d4: Size: 0xab208
> fbc.77d4: NT Headers: 0xf0
> fbc.77d4: Timestamp: 0x59028368
> fbc.77d4: Machine: 0x8664 - amd64
> fbc.77d4: Timestamp: 0x59028368
> fbc.77d4: Image Version: 10.0
> fbc.77d4: SizeOfImage: 0xac000 (704512)
> fbc.77d4: Resource Dir: 0xaa000 LB 0x530
> fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
> SubID/SubName: 0x409)]
> fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0
> (reserved 0x0)]
> fbc.77d4: ProductName: Microsoft® Windows® Operating System
> fbc.77d4: ProductVersion: 10.0.14393.1198
> fbc.77d4: FileVersion: 10.0.14393.1198
> (rs1_release_sec.170427-1353)
> fbc.77d4: FileDescription: Windows NT BASE API Client DLL
> fbc.77d4: \SystemRoot\System32\KernelBase.dll:
> fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z
> fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z
> fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z
> fbc.77d4: FileAttributes: 0x20
> fbc.77d4: Size: 0x21c780
> fbc.77d4: NT Headers: 0xf8
> fbc.77d4: Timestamp: 0x59327897
> fbc.77d4: Machine: 0x8664 - amd64
> fbc.77d4: Timestamp: 0x59327897
> fbc.77d4: Image Version: 10.0
> fbc.77d4: SizeOfImage: 0x21d000 (2215936)
> fbc.77d4: Resource Dir: 0x201000 LB 0x550
> fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
> SubID/SubName: 0x409)]
> fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0
> (reserved 0x0)]
> fbc.77d4: ProductName: Microsoft® Windows® Operating System
> fbc.77d4: ProductVersion: 10.0.14393.1358
> fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252)
> fbc.77d4: FileDescription: Windows NT BASE API Client DLL
> fbc.77d4: \SystemRoot\System32\apisetschema.dll:
> fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z
> fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z
> fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z
> fbc.77d4: FileAttributes: 0x20
> fbc.77d4: Size: 0x18960
> fbc.77d4: NT Headers: 0xc8
> fbc.77d4: Timestamp: 0x57899bd2
> fbc.77d4: Machine: 0x8664 - amd64
> fbc.77d4: Timestamp: 0x57899bd2
> fbc.77d4: Image Version: 10.0
> fbc.77d4: SizeOfImage: 0x19000 (102400)
> fbc.77d4: Resource Dir: 0x18000 LB 0x400
> fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1;
> SubID/SubName: 0x409)]
> fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0
> (reserved 0x0)]
> fbc.77d4: ProductName: Microsoft® Windows® Operating System
> fbc.77d4: ProductVersion: 10.0.14393.0
> fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
> fbc.77d4: FileDescription: ApiSet Schema DLL
> fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
> fbc.77d4: supR3HardenedWinFindAdversaries: 0x0
> fbc.77d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program
> Files\Oracle\VirtualBox'
> fbc.77d4: Calling main()
> fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
> fbc.77d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program
> Files\Oracle\VirtualBox'
> fbc.77d4: SUPR3HardenedMain: Respawn #1
> fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32
> fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
> fbc.77d4: KnownDllPath: C:\Windows\System32
> fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe'
> has no imports
> fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0
> (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
> fbc.77d4: supR3HardNtEnableThreadCreation:
> fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff94af9fa0
> pvNtTerminateThread=00007fff94b26b20
> fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564 [kernel32].
> fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress=0000000000a93000
> cbPeb=0x388
> fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff94a80000
> uNtDllChildAddr=00007fff94a80000
> fbc.77d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff94af9fa0
> fbc.77d4: supR3HardenedWinSetupChildInit: Start child.
> fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0
> (PurifyChildAndCloseHandles) after 0 ms.
> fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 15
> sleeps
> fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
> fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000
> fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000
> fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000
> fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000
> fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000
> fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000
> fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000
> fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
> fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
> fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
> fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
> fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000
> fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000
> fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000
> fbc.77d4: *0000000000c00000-0000000000c00fff 0x0040/0x0040 0x0020000 !!
> fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at
> 0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000)
> fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1
> succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000]
> fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0:
> [0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0
> rp=0x00000000000001
> fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000
> fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
> fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
> fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000
> fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000
> fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000
> fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000
> fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000
> fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
> fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
> fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe'
> has no imports
> fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no
> imports
> fbc.77d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
> fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526 ms, 33
> sleeps
> fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
> fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000
> fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000
> fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000
> fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000
> fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000
> fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000
> fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000
> fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
> fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
> fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
> fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
> fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000
> fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000
> fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000
> fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
> fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
> fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
> fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000
> fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000
> fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000
> fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000
> fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000
> \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000
> fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
> fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes (loop #1).
> 73a0.8564: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004
> g_uNtVerCombined=0xa0383900
> 73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000
> g_uNtVerCombined=0xa0383900
> 73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
> 73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1904640
> allocation)
> fbc.77d4: supR3HardNtEnableThreadCreation:
> 73a0.8564: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program
> Files\Oracle\VirtualBox'
> 73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32
> 73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
> 73a0.8564: KnownDllPath: C:\Windows\System32
> 73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub...
> 73a0.8564: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
> 73a0.8564: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
> 73a0.8564: Registered Dll notification callback with NTDLL.
> 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
> 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\
> Windows\System32\kernel32.dll
> 73a0.8564: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL
> (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff
> pwszSearchPath=0000000000004001:<flags> [calling]
> 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff913e0000
> LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
> 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
> 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\
> Windows\System32\KernelBase.dll
> 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff92360000
> LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
> 73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS)
> on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks
> WinVerifyTrust]
> 73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0
> hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL'
> 73a0.8564: supR3HardenedDllNotificationCallback: load 00007ff63e250000
> LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
> [fFlags=0x0]
> 73a0.8564: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe'
> has no imports
> 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
> 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program
> Files\Oracle\VirtualBox\VirtualBox.exe
> fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005
> (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms, CloseEvents);
>
> Many thanks!
>
>
>
> --eugen
> Amat victoria curam
>
> On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre <
> ***@***.***> wrote:
>
>> Hi @oighen <https://github.com/oighen>,
>> I didn't get the log file in your email. I've been looking online and a
>> lot of the advice about this type of error seems to suggest
>> uninstalling/reinstalling VirtualBox. If you can attach the log in github,
>> or paste the contents I'll do some more digging. What OS and version are
>> you using?
>>
>> —
>> You are receiving this because you were mentioned.
>> Reply to this email directly, view it on GitHub
>> <#1 (comment)>,
>> or mute the thread
>> <https://github.com/notifications/unsubscribe-auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR>
>> .
>>
>
>
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFQfvrTDkYr5SdSHQ0MsMDIT-nmX0S-Iks5sHV2DgaJpZM4N5VuR>.
|
|
Charles, Griffon it's working very well in Ubuntu + VirtualBox --> that
means is something wrong with my Windows10 machine (cannot run Merlin or
Griffon). So I will focus on cleaning my Windoze.
Thanks for all the effort and replies. See you at the course, on July 22.
Regards,
…--eugen
Amat victoria curam
On Sun, Jun 25, 2017 at 8:26 AM, Charles S. Givre <[email protected]>
wrote:
Hi Eugen,
It looks to me from reading some articles on stackoverflow that one of the
VirtualMachine disk files might be corrupted. The last article in the list
recommends a procedure where you discard the saved state of the VM. Were
you ever able to get it started?
https://askubuntu.com/questions/846492/failed-to-open-a-session-for-the-
virtual-machine-win-7 <https://askubuntu.com/questions/846492/failed-to-
open-a-session-for-the-virtual-machine-win-7>
https://stackoverflow.com/questions/20608310/virtualbox-
error-failed-to-open-a-session-for-the-virtual-machine <
https://stackoverflow.com/questions/20608310/virtualbox-
error-failed-to-open-a-session-for-the-virtual-machine>
https://www.simplehelp.net/2015/10/25/how-to-fix-the-
failed-to-open-a-session-error-in-virtualbox/ <https://www.simplehelp.net/
2015/10/25/how-to-fix-the-failed-to-open-a-session-error-in-virtualbox/>
Regardless, I’d recommend downloading the latest version of the VM which
is available here and has a lot more useful tools on it.
https://github.com/gtkcyber/griffon-vm <https://github.com/gtkcyber/
griffon-vm>.
Thanks,
— C
> On Jun 24, 2017, at 15:03, oighen ***@***.***> wrote:
>
> OS: Windows 10.
>
>
> --eugen
> Amat victoria curam
>
> On Sat, Jun 24, 2017 at 12:36 PM, Eugen Chirila ***@***.***>
wrote:
>
> > Un-installed/re-installed VirtualBox, same error.
> >
> > Failed to open a session for the virtual machine *Merlin 1.01 Drill
> > Workshop*.
> >
> > The virtual machine *'Merlin 1.01 Drill Workshop'* has terminated
> > unexpectedly during startup with exit code -1073741819 (0xc0000005).
More
> > details may be available in *'C:\Users\Eugen\VirtualBox VMs\Merlin 1.01
> > Drill Workshop\Logs\VBoxHardening.log'*.
> > Result Code: E_FAIL (0x80004005)
> > Component: MachineWrap
> > Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
> > Now, the log is dumped below:
> >
> > fbc.77d4: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000e4
> > g_uNtVerCombined=0xa0383900
> > fbc.77d4: \SystemRoot\System32\ntdll.dll:
> > fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z
> > fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z
> > fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z
> > fbc.77d4: FileAttributes: 0x20
> > fbc.77d4: Size: 0x1cc888
> > fbc.77d4: NT Headers: 0xd8
> > fbc.77d4: Timestamp: 0x5825887f
> > fbc.77d4: Machine: 0x8664 - amd64
> > fbc.77d4: Timestamp: 0x5825887f
> > fbc.77d4: Image Version: 10.0
> > fbc.77d4: SizeOfImage: 0x1d1000 (1904640)
> > fbc.77d4: Resource Dir: 0x168000 LB 0x67988
> > fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1;
> > SubID/SubName: 0x409)]
> > fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0
> > (reserved 0x0)]
> > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > fbc.77d4: ProductVersion: 10.0.14393.479
> > fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
> > fbc.77d4: FileDescription: NT Layer DLL
> > fbc.77d4: \SystemRoot\System32\kernel32.dll:
> > fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z
> > fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z
> > fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z
> > fbc.77d4: FileAttributes: 0x20
> > fbc.77d4: Size: 0xab208
> > fbc.77d4: NT Headers: 0xf0
> > fbc.77d4: Timestamp: 0x59028368
> > fbc.77d4: Machine: 0x8664 - amd64
> > fbc.77d4: Timestamp: 0x59028368
> > fbc.77d4: Image Version: 10.0
> > fbc.77d4: SizeOfImage: 0xac000 (704512)
> > fbc.77d4: Resource Dir: 0xaa000 LB 0x530
> > fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
> > SubID/SubName: 0x409)]
> > fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0
> > (reserved 0x0)]
> > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > fbc.77d4: ProductVersion: 10.0.14393.1198
> > fbc.77d4: FileVersion: 10.0.14393.1198
> > (rs1_release_sec.170427-1353)
> > fbc.77d4: FileDescription: Windows NT BASE API Client DLL
> > fbc.77d4: \SystemRoot\System32\KernelBase.dll:
> > fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z
> > fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z
> > fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z
> > fbc.77d4: FileAttributes: 0x20
> > fbc.77d4: Size: 0x21c780
> > fbc.77d4: NT Headers: 0xf8
> > fbc.77d4: Timestamp: 0x59327897
> > fbc.77d4: Machine: 0x8664 - amd64
> > fbc.77d4: Timestamp: 0x59327897
> > fbc.77d4: Image Version: 10.0
> > fbc.77d4: SizeOfImage: 0x21d000 (2215936)
> > fbc.77d4: Resource Dir: 0x201000 LB 0x550
> > fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
> > SubID/SubName: 0x409)]
> > fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0
> > (reserved 0x0)]
> > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > fbc.77d4: ProductVersion: 10.0.14393.1358
> > fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252)
> > fbc.77d4: FileDescription: Windows NT BASE API Client DLL
> > fbc.77d4: \SystemRoot\System32\apisetschema.dll:
> > fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z
> > fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z
> > fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z
> > fbc.77d4: FileAttributes: 0x20
> > fbc.77d4: Size: 0x18960
> > fbc.77d4: NT Headers: 0xc8
> > fbc.77d4: Timestamp: 0x57899bd2
> > fbc.77d4: Machine: 0x8664 - amd64
> > fbc.77d4: Timestamp: 0x57899bd2
> > fbc.77d4: Image Version: 10.0
> > fbc.77d4: SizeOfImage: 0x19000 (102400)
> > fbc.77d4: Resource Dir: 0x18000 LB 0x400
> > fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1;
> > SubID/SubName: 0x409)]
> > fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0
> > (reserved 0x0)]
> > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > fbc.77d4: ProductVersion: 10.0.14393.0
> > fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
> > fbc.77d4: FileDescription: ApiSet Schema DLL
> > fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
> > fbc.77d4: supR3HardenedWinFindAdversaries: 0x0
> > fbc.77d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\
Program
> > Files\Oracle\VirtualBox'
> > fbc.77d4: Calling main()
> > fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
> > fbc.77d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\
Program
> > Files\Oracle\VirtualBox'
> > fbc.77d4: SUPR3HardenedMain: Respawn #1
> > fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32
> > fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
> > fbc.77d4: KnownDllPath: C:\Windows\System32
> > fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe'
> > has no imports
> > fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0
> > (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe)
> > fbc.77d4: supR3HardNtEnableThreadCreation:
> > fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=
00007fff94af9fa0
> > pvNtTerminateThread=00007fff94b26b20
> > fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564 [kernel32].
> > fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress=0000000000a93000
> > cbPeb=0x388
> > fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff94a80000
> > uNtDllChildAddr=00007fff94a80000
> > fbc.77d4: supR3HardenedWinSetupChildInit:
uLdrInitThunk=00007fff94af9fa0
> > fbc.77d4: supR3HardenedWinSetupChildInit: Start child.
> > fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0
> > (PurifyChildAndCloseHandles) after 0 ms.
> > fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 15
> > sleeps
> > fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
> > fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000
> > fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000
> > fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000
> > fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000
> > fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000
> > fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
> > fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
> > fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000
> > fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000
> > fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000
> > fbc.77d4: *0000000000c00000-0000000000c00fff 0x0040/0x0040 0x0020000
!!
> > fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem
at
> > 0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000)
> > fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1
> > succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000]
> > fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0:
> > [0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0
> > rp=0x00000000000001
> > fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
> > fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
> > fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000
> > fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
> > fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
> > fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe'
> > has no imports
> > fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no
> > imports
> > fbc.77d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
> > fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526 ms, 33
> > sleeps
> > fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
> > fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000
> > fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000
> > fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000
> > fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000
> > fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000
> > fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
> > fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
> > fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000
> > fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000
> > fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000
> > fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
> > fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
> > fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000
> > fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000
> > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000
> > fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
> > fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes (loop
#1).
> > 73a0.8564: Log file opened: 5.1.22r115126
g_hStartupLog=0000000000000004
> > g_uNtVerCombined=0xa0383900
> > 73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000
> > g_uNtVerCombined=0xa0383900
> > 73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
> > 73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for
1904640
> > allocation)
> > fbc.77d4: supR3HardNtEnableThreadCreation:
> > 73a0.8564: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\
Program
> > Files\Oracle\VirtualBox'
> > 73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32
> > 73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
> > 73a0.8564: KnownDllPath: C:\Windows\System32
> > 73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub...
> > 73a0.8564: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
> > 73a0.8564: supR3HardenedVmProcessInit: Returning to
LdrInitializeThunk...
> > 73a0.8564: Registered Dll notification callback with NTDLL.
> > 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> > (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
> > 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\
> > Windows\System32\kernel32.dll
> > 73a0.8564: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\
KERNEL32.DLL
> > (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff
> > pwszSearchPath=0000000000004001:<flags> [calling]
> > 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff913e0000
> > LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
> > 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> > (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
> > 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\
> > Windows\System32\KernelBase.dll
> > 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff92360000
> > LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
> > 73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit
(VINF_SUCCESS)
> > on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks
> > WinVerifyTrust]
> > 73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0
> > hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL'
> > 73a0.8564: supR3HardenedDllNotificationCallback: load 00007ff63e250000
> > LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > [fFlags=0x0]
> > 73a0.8564: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe'
> > has no imports
> > 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> > (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe)
> > 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\
Program
> > Files\Oracle\VirtualBox\VirtualBox.exe
> > fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005
> > (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms,
CloseEvents);
> >
> > Many thanks!
> >
> >
> >
> > --eugen
> > Amat victoria curam
> >
> > On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre <
> > ***@***.***> wrote:
> >
> >> Hi @oighen <https://github.com/oighen>,
> >> I didn't get the log file in your email. I've been looking online and
a
> >> lot of the advice about this type of error seems to suggest
> >> uninstalling/reinstalling VirtualBox. If you can attach the log in
github,
> >> or paste the contents I'll do some more digging. What OS and version
are
> >> you using?
> >>
> >> —
> >> You are receiving this because you were mentioned.
> >> Reply to this email directly, view it on GitHub
> >> <https://github.com/cgivre/data-exploration-with-apache-
drill/issues/1#issuecomment-310794840>,
> >> or mute the thread
> >> <https://github.com/notifications/unsubscribe-
auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR>
> >> .
> >>
> >
> >
> —
> You are receiving this because you were assigned.
> Reply to this email directly, view it on GitHub <
https://github.com/cgivre/data-exploration-with-apache-
drill/issues/1#issuecomment-310859661>, or mute the thread <
https://github.com/notifications/unsubscribe-
auth/AFQfvrTDkYr5SdSHQ0MsMDIT-nmX0S-Iks5sHV2DgaJpZM4N5VuR>.
>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADwGAPQK655OFFmzu0_hsGggZ9uWrUrrks5sHm4ogaJpZM4N5VuR>
.
|
|
Glad to hear you got it working. We've had some issues with windows 10 but I've not been able to replicate them consistently. Which class of mine are you taking?
…Sent from my iPhone
On Jun 26, 2017, at 15:25, oighen ***@***.***> wrote:
Charles, Griffon it's working very well in Ubuntu + VirtualBox --> that
means is something wrong with my Windows10 machine (cannot run Merlin or
Griffon). So I will focus on cleaning my Windoze.
Thanks for all the effort and replies. See you at the course, on July 22.
Regards,
--eugen
Amat victoria curam
On Sun, Jun 25, 2017 at 8:26 AM, Charles S. Givre ***@***.***>
wrote:
> Hi Eugen,
> It looks to me from reading some articles on stackoverflow that one of the
> VirtualMachine disk files might be corrupted. The last article in the list
> recommends a procedure where you discard the saved state of the VM. Were
> you ever able to get it started?
>
>
> https://askubuntu.com/questions/846492/failed-to-open-a-session-for-the-
> virtual-machine-win-7 <https://askubuntu.com/questions/846492/failed-to-
> open-a-session-for-the-virtual-machine-win-7>
> https://stackoverflow.com/questions/20608310/virtualbox-
> error-failed-to-open-a-session-for-the-virtual-machine <
> https://stackoverflow.com/questions/20608310/virtualbox-
> error-failed-to-open-a-session-for-the-virtual-machine>
> https://www.simplehelp.net/2015/10/25/how-to-fix-the-
> failed-to-open-a-session-error-in-virtualbox/ <https://www.simplehelp.net/
> 2015/10/25/how-to-fix-the-failed-to-open-a-session-error-in-virtualbox/>
>
>
> Regardless, I’d recommend downloading the latest version of the VM which
> is available here and has a lot more useful tools on it.
> https://github.com/gtkcyber/griffon-vm <https://github.com/gtkcyber/
> griffon-vm>.
>
> Thanks,
> — C
>
> > On Jun 24, 2017, at 15:03, oighen ***@***.***> wrote:
> >
> > OS: Windows 10.
> >
> >
> > --eugen
> > Amat victoria curam
> >
> > On Sat, Jun 24, 2017 at 12:36 PM, Eugen Chirila ***@***.***>
> wrote:
> >
> > > Un-installed/re-installed VirtualBox, same error.
> > >
> > > Failed to open a session for the virtual machine *Merlin 1.01 Drill
> > > Workshop*.
> > >
> > > The virtual machine *'Merlin 1.01 Drill Workshop'* has terminated
> > > unexpectedly during startup with exit code -1073741819 (0xc0000005).
> More
> > > details may be available in *'C:\Users\Eugen\VirtualBox VMs\Merlin 1.01
> > > Drill Workshop\Logs\VBoxHardening.log'*.
>
> > > Result Code: E_FAIL (0x80004005)
> > > Component: MachineWrap
> > > Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
> > > Now, the log is dumped below:
> > >
> > > fbc.77d4: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000e4
> > > g_uNtVerCombined=0xa0383900
> > > fbc.77d4: \SystemRoot\System32\ntdll.dll:
> > > fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z
> > > fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z
> > > fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z
> > > fbc.77d4: FileAttributes: 0x20
> > > fbc.77d4: Size: 0x1cc888
> > > fbc.77d4: NT Headers: 0xd8
> > > fbc.77d4: Timestamp: 0x5825887f
> > > fbc.77d4: Machine: 0x8664 - amd64
> > > fbc.77d4: Timestamp: 0x5825887f
> > > fbc.77d4: Image Version: 10.0
> > > fbc.77d4: SizeOfImage: 0x1d1000 (1904640)
> > > fbc.77d4: Resource Dir: 0x168000 LB 0x67988
> > > fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1;
> > > SubID/SubName: 0x409)]
> > > fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0
> > > (reserved 0x0)]
> > > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > > fbc.77d4: ProductVersion: 10.0.14393.479
> > > fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
> > > fbc.77d4: FileDescription: NT Layer DLL
> > > fbc.77d4: \SystemRoot\System32\kernel32.dll:
> > > fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z
> > > fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z
> > > fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z
> > > fbc.77d4: FileAttributes: 0x20
> > > fbc.77d4: Size: 0xab208
> > > fbc.77d4: NT Headers: 0xf0
> > > fbc.77d4: Timestamp: 0x59028368
> > > fbc.77d4: Machine: 0x8664 - amd64
> > > fbc.77d4: Timestamp: 0x59028368
> > > fbc.77d4: Image Version: 10.0
> > > fbc.77d4: SizeOfImage: 0xac000 (704512)
> > > fbc.77d4: Resource Dir: 0xaa000 LB 0x530
> > > fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
> > > SubID/SubName: 0x409)]
> > > fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0
> > > (reserved 0x0)]
> > > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > > fbc.77d4: ProductVersion: 10.0.14393.1198
> > > fbc.77d4: FileVersion: 10.0.14393.1198
> > > (rs1_release_sec.170427-1353)
> > > fbc.77d4: FileDescription: Windows NT BASE API Client DLL
> > > fbc.77d4: \SystemRoot\System32\KernelBase.dll:
> > > fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z
> > > fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z
> > > fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z
> > > fbc.77d4: FileAttributes: 0x20
> > > fbc.77d4: Size: 0x21c780
> > > fbc.77d4: NT Headers: 0xf8
> > > fbc.77d4: Timestamp: 0x59327897
> > > fbc.77d4: Machine: 0x8664 - amd64
> > > fbc.77d4: Timestamp: 0x59327897
> > > fbc.77d4: Image Version: 10.0
> > > fbc.77d4: SizeOfImage: 0x21d000 (2215936)
> > > fbc.77d4: Resource Dir: 0x201000 LB 0x550
> > > fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
> > > SubID/SubName: 0x409)]
> > > fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0
> > > (reserved 0x0)]
> > > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > > fbc.77d4: ProductVersion: 10.0.14393.1358
> > > fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252)
> > > fbc.77d4: FileDescription: Windows NT BASE API Client DLL
> > > fbc.77d4: \SystemRoot\System32\apisetschema.dll:
> > > fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z
> > > fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z
> > > fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z
> > > fbc.77d4: FileAttributes: 0x20
> > > fbc.77d4: Size: 0x18960
> > > fbc.77d4: NT Headers: 0xc8
> > > fbc.77d4: Timestamp: 0x57899bd2
> > > fbc.77d4: Machine: 0x8664 - amd64
> > > fbc.77d4: Timestamp: 0x57899bd2
> > > fbc.77d4: Image Version: 10.0
> > > fbc.77d4: SizeOfImage: 0x19000 (102400)
> > > fbc.77d4: Resource Dir: 0x18000 LB 0x400
> > > fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1;
> > > SubID/SubName: 0x409)]
> > > fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0
> > > (reserved 0x0)]
> > > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > > fbc.77d4: ProductVersion: 10.0.14393.0
> > > fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
> > > fbc.77d4: FileDescription: ApiSet Schema DLL
> > > fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
> > > fbc.77d4: supR3HardenedWinFindAdversaries: 0x0
> > > fbc.77d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\
> Program
> > > Files\Oracle\VirtualBox'
> > > fbc.77d4: Calling main()
> > > fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
> > > fbc.77d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\
> Program
> > > Files\Oracle\VirtualBox'
> > > fbc.77d4: SUPR3HardenedMain: Respawn #1
> > > fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32
> > > fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
> > > fbc.77d4: KnownDllPath: C:\Windows\System32
> > > fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe'
> > > has no imports
> > > fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0
> > > (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe)
> > > fbc.77d4: supR3HardNtEnableThreadCreation:
> > > fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=
> 00007fff94af9fa0
> > > pvNtTerminateThread=00007fff94b26b20
> > > fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564 [kernel32].
> > > fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress=0000000000a93000
> > > cbPeb=0x388
> > > fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff94a80000
> > > uNtDllChildAddr=00007fff94a80000
> > > fbc.77d4: supR3HardenedWinSetupChildInit:
> uLdrInitThunk=00007fff94af9fa0
> > > fbc.77d4: supR3HardenedWinSetupChildInit: Start child.
> > > fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0
> > > (PurifyChildAndCloseHandles) after 0 ms.
> > > fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 15
> > > sleeps
> > > fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
> > > fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000
> > > fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000
> > > fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000
> > > fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000
> > > fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000
> > > fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
> > > fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
> > > fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000
> > > fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000
> > > fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000
> > > fbc.77d4: *0000000000c00000-0000000000c00fff 0x0040/0x0040 0x0020000
> !!
> > > fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem
> at
> > > 0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000)
> > > fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1
> > > succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000]
> > > fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0:
> > > [0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0
> > > rp=0x00000000000001
> > > fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
> > > fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
> > > fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000
> > > fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
> > > fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
> > > fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe'
> > > has no imports
> > > fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no
> > > imports
> > > fbc.77d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
> > > fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526 ms, 33
> > > sleeps
> > > fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
> > > fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000
> > > fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000
> > > fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000
> > > fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000
> > > fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000
> > > fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
> > > fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
> > > fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000
> > > fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000
> > > fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000
> > > fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
> > > fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
> > > fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000
> > > fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000
> > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000
> > > fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
> > > fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes (loop
> #1).
> > > 73a0.8564: Log file opened: 5.1.22r115126
> g_hStartupLog=0000000000000004
> > > g_uNtVerCombined=0xa0383900
> > > 73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000
> > > g_uNtVerCombined=0xa0383900
> > > 73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
> > > 73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for
> 1904640
> > > allocation)
> > > fbc.77d4: supR3HardNtEnableThreadCreation:
> > > 73a0.8564: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\
> Program
> > > Files\Oracle\VirtualBox'
> > > 73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32
> > > 73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
> > > 73a0.8564: KnownDllPath: C:\Windows\System32
> > > 73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub...
> > > 73a0.8564: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
> > > 73a0.8564: supR3HardenedVmProcessInit: Returning to
> LdrInitializeThunk...
> > > 73a0.8564: Registered Dll notification callback with NTDLL.
> > > 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> > > (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
> > > 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\
> > > Windows\System32\kernel32.dll
> > > 73a0.8564: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\
> KERNEL32.DLL
> > > (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff
> > > pwszSearchPath=0000000000004001:<flags> [calling]
> > > 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff913e0000
> > > LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
> > > 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> > > (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
> > > 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\
> > > Windows\System32\KernelBase.dll
> > > 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff92360000
> > > LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
> > > 73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit
> (VINF_SUCCESS)
> > > on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks
> > > WinVerifyTrust]
> > > 73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0
> > > hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL'
> > > 73a0.8564: supR3HardenedDllNotificationCallback: load 00007ff63e250000
> > > LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > [fFlags=0x0]
> > > 73a0.8564: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe'
> > > has no imports
> > > 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> > > (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe)
> > > 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\
> Program
> > > Files\Oracle\VirtualBox\VirtualBox.exe
> > > fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005
> > > (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms,
> CloseEvents);
> > >
> > > Many thanks!
> > >
> > >
> > >
> > > --eugen
> > > Amat victoria curam
> > >
> > > On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre <
> > > ***@***.***> wrote:
> > >
> > >> Hi @oighen <https://github.com/oighen>,
> > >> I didn't get the log file in your email. I've been looking online and
> a
> > >> lot of the advice about this type of error seems to suggest
> > >> uninstalling/reinstalling VirtualBox. If you can attach the log in
> github,
> > >> or paste the contents I'll do some more digging. What OS and version
> are
> > >> you using?
> > >>
> > >> —
> > >> You are receiving this because you were mentioned.
> > >> Reply to this email directly, view it on GitHub
> > >> <https://github.com/cgivre/data-exploration-with-apache-
> drill/issues/1#issuecomment-310794840>,
> > >> or mute the thread
> > >> <https://github.com/notifications/unsubscribe-
> auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR>
> > >> .
> > >>
> > >
> > >
> > —
> > You are receiving this because you were assigned.
> > Reply to this email directly, view it on GitHub <
> https://github.com/cgivre/data-exploration-with-apache-
> drill/issues/1#issuecomment-310859661>, or mute the thread <
> https://github.com/notifications/unsubscribe-
> auth/AFQfvrTDkYr5SdSHQ0MsMDIT-nmX0S-Iks5sHV2DgaJpZM4N5VuR>.
>
> >
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#1 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/ADwGAPQK655OFFmzu0_hsGggZ9uWrUrrks5sHm4ogaJpZM4N5VuR>
> .
>
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
The Data Science for Security Professionals. July 22-23.
…--eugen
Amat victoria curam
On Mon, Jun 26, 2017 at 1:36 PM, Charles S. Givre <[email protected]>
wrote:
Glad to hear you got it working. We've had some issues with windows 10 but
I've not been able to replicate them consistently. Which class of mine are
you taking?
Sent from my iPhone
> On Jun 26, 2017, at 15:25, oighen ***@***.***> wrote:
>
> Charles, Griffon it's working very well in Ubuntu + VirtualBox --> that
> means is something wrong with my Windows10 machine (cannot run Merlin or
> Griffon). So I will focus on cleaning my Windoze.
>
> Thanks for all the effort and replies. See you at the course, on July 22.
>
> Regards,
>
>
>
>
> --eugen
> Amat victoria curam
>
> On Sun, Jun 25, 2017 at 8:26 AM, Charles S. Givre <
***@***.***>
> wrote:
>
> > Hi Eugen,
> > It looks to me from reading some articles on stackoverflow that one of
the
> > VirtualMachine disk files might be corrupted. The last article in the
list
> > recommends a procedure where you discard the saved state of the VM.
Were
> > you ever able to get it started?
> >
> >
> > https://askubuntu.com/questions/846492/failed-to-
open-a-session-for-the-
> > virtual-machine-win-7 <https://askubuntu.com/
questions/846492/failed-to-
> > open-a-session-for-the-virtual-machine-win-7>
> > https://stackoverflow.com/questions/20608310/virtualbox-
> > error-failed-to-open-a-session-for-the-virtual-machine <
> > https://stackoverflow.com/questions/20608310/virtualbox-
> > error-failed-to-open-a-session-for-the-virtual-machine>
> > https://www.simplehelp.net/2015/10/25/how-to-fix-the-
> > failed-to-open-a-session-error-in-virtualbox/ <
https://www.simplehelp.net/
> > 2015/10/25/how-to-fix-the-failed-to-open-a-session-
error-in-virtualbox/>
> >
> >
> > Regardless, I’d recommend downloading the latest version of the VM
which
> > is available here and has a lot more useful tools on it.
> > https://github.com/gtkcyber/griffon-vm <https://github.com/gtkcyber/
> > griffon-vm>.
> >
> > Thanks,
> > — C
> >
> > > On Jun 24, 2017, at 15:03, oighen ***@***.***> wrote:
> > >
> > > OS: Windows 10.
> > >
> > >
> > > --eugen
> > > Amat victoria curam
> > >
> > > On Sat, Jun 24, 2017 at 12:36 PM, Eugen Chirila ***@***.***>
> > wrote:
> > >
> > > > Un-installed/re-installed VirtualBox, same error.
> > > >
> > > > Failed to open a session for the virtual machine *Merlin 1.01 Drill
> > > > Workshop*.
> > > >
> > > > The virtual machine *'Merlin 1.01 Drill Workshop'* has terminated
> > > > unexpectedly during startup with exit code -1073741819
(0xc0000005).
> > More
> > > > details may be available in *'C:\Users\Eugen\VirtualBox VMs\Merlin
1.01
> > > > Drill Workshop\Logs\VBoxHardening.log'*.
> >
> > > > Result Code: E_FAIL (0x80004005)
> > > > Component: MachineWrap
> > > > Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
> > > > Now, the log is dumped below:
> > > >
> > > > fbc.77d4: Log file opened: 5.1.22r115126
g_hStartupLog=00000000000000e4
> > > > g_uNtVerCombined=0xa0383900
> > > > fbc.77d4: \SystemRoot\System32\ntdll.dll:
> > > > fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z
> > > > fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z
> > > > fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z
> > > > fbc.77d4: FileAttributes: 0x20
> > > > fbc.77d4: Size: 0x1cc888
> > > > fbc.77d4: NT Headers: 0xd8
> > > > fbc.77d4: Timestamp: 0x5825887f
> > > > fbc.77d4: Machine: 0x8664 - amd64
> > > > fbc.77d4: Timestamp: 0x5825887f
> > > > fbc.77d4: Image Version: 10.0
> > > > fbc.77d4: SizeOfImage: 0x1d1000 (1904640)
> > > > fbc.77d4: Resource Dir: 0x168000 LB 0x67988
> > > > fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1;
> > > > SubID/SubName: 0x409)]
> > > > fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage
0x0
> > > > (reserved 0x0)]
> > > > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > > > fbc.77d4: ProductVersion: 10.0.14393.479
> > > > fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
> > > > fbc.77d4: FileDescription: NT Layer DLL
> > > > fbc.77d4: \SystemRoot\System32\kernel32.dll:
> > > > fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z
> > > > fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z
> > > > fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z
> > > > fbc.77d4: FileAttributes: 0x20
> > > > fbc.77d4: Size: 0xab208
> > > > fbc.77d4: NT Headers: 0xf0
> > > > fbc.77d4: Timestamp: 0x59028368
> > > > fbc.77d4: Machine: 0x8664 - amd64
> > > > fbc.77d4: Timestamp: 0x59028368
> > > > fbc.77d4: Image Version: 10.0
> > > > fbc.77d4: SizeOfImage: 0xac000 (704512)
> > > > fbc.77d4: Resource Dir: 0xaa000 LB 0x530
> > > > fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
> > > > SubID/SubName: 0x409)]
> > > > fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage
0x0
> > > > (reserved 0x0)]
> > > > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > > > fbc.77d4: ProductVersion: 10.0.14393.1198
> > > > fbc.77d4: FileVersion: 10.0.14393.1198
> > > > (rs1_release_sec.170427-1353)
> > > > fbc.77d4: FileDescription: Windows NT BASE API Client DLL
> > > > fbc.77d4: \SystemRoot\System32\KernelBase.dll:
> > > > fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z
> > > > fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z
> > > > fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z
> > > > fbc.77d4: FileAttributes: 0x20
> > > > fbc.77d4: Size: 0x21c780
> > > > fbc.77d4: NT Headers: 0xf8
> > > > fbc.77d4: Timestamp: 0x59327897
> > > > fbc.77d4: Machine: 0x8664 - amd64
> > > > fbc.77d4: Timestamp: 0x59327897
> > > > fbc.77d4: Image Version: 10.0
> > > > fbc.77d4: SizeOfImage: 0x21d000 (2215936)
> > > > fbc.77d4: Resource Dir: 0x201000 LB 0x550
> > > > fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
> > > > SubID/SubName: 0x409)]
> > > > fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage
0x0
> > > > (reserved 0x0)]
> > > > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > > > fbc.77d4: ProductVersion: 10.0.14393.1358
> > > > fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252)
> > > > fbc.77d4: FileDescription: Windows NT BASE API Client DLL
> > > > fbc.77d4: \SystemRoot\System32\apisetschema.dll:
> > > > fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z
> > > > fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z
> > > > fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z
> > > > fbc.77d4: FileAttributes: 0x20
> > > > fbc.77d4: Size: 0x18960
> > > > fbc.77d4: NT Headers: 0xc8
> > > > fbc.77d4: Timestamp: 0x57899bd2
> > > > fbc.77d4: Machine: 0x8664 - amd64
> > > > fbc.77d4: Timestamp: 0x57899bd2
> > > > fbc.77d4: Image Version: 10.0
> > > > fbc.77d4: SizeOfImage: 0x19000 (102400)
> > > > fbc.77d4: Resource Dir: 0x18000 LB 0x400
> > > > fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1;
> > > > SubID/SubName: 0x409)]
> > > > fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage
0x0
> > > > (reserved 0x0)]
> > > > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > > > fbc.77d4: ProductVersion: 10.0.14393.0
> > > > fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
> > > > fbc.77d4: FileDescription: ApiSet Schema DLL
> > > > fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
> > > > fbc.77d4: supR3HardenedWinFindAdversaries: 0x0
> > > > fbc.77d4: supR3HardenedWinInitAppBin(0x0):
'\Device\HarddiskVolume5\
> > Program
> > > > Files\Oracle\VirtualBox'
> > > > fbc.77d4: Calling main()
> > > > fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
> > > > fbc.77d4: supR3HardenedWinInitAppBin(0x2):
'\Device\HarddiskVolume5\
> > Program
> > > > Files\Oracle\VirtualBox'
> > > > fbc.77d4: SUPR3HardenedMain: Respawn #1
> > > > fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32
> > > > fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
> > > > fbc.77d4: KnownDllPath: C:\Windows\System32
> > > > fbc.77d4: '\Device\HarddiskVolume5\Program
Files\Oracle\VirtualBox\
> > VirtualBox.exe'
> > > > has no imports
> > > > fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0
> > > > (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> > VirtualBox.exe)
> > > > fbc.77d4: supR3HardNtEnableThreadCreation:
> > > > fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=
> > 00007fff94af9fa0
> > > > pvNtTerminateThread=00007fff94b26b20
> > > > fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564
[kernel32].
> > > > fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress=
0000000000a93000
> > > > cbPeb=0x388
> > > > fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=
00007fff94a80000
> > > > uNtDllChildAddr=00007fff94a80000
> > > > fbc.77d4: supR3HardenedWinSetupChildInit:
> > uLdrInitThunk=00007fff94af9fa0
> > > > fbc.77d4: supR3HardenedWinSetupChildInit: Start child.
> > > > fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0
> > > > (PurifyChildAndCloseHandles) after 0 ms.
> > > > fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259
ms, 15
> > > > sleeps
> > > > fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
> > > > fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004
0x0020000
> > > > fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002
0x0040000
> > > > fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004
0x0020000
> > > > fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004
0x0020000
> > > > fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004
0x0020000
> > > > fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002
0x0040000
> > > > fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004
0x0020000
> > > > fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004
0x0020000
> > > > fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004
0x0020000
> > > > fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004
0x0020000
> > > > fbc.77d4: *0000000000c00000-0000000000c00fff 0x0040/0x0040
0x0020000
> > !!
> > > > fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec
mem
> > at
> > > > 0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000)
> > > > fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt
#1
> > > > succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000]
> > > > fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after
free 0:
> > > > [0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0
> > > > rp=0x00000000000001
> > > > fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002
0x0020000
> > > > fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002
0x0020000
> > > > fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002
0x0040000
> > > > fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002
0x0020000
> > > > fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
> > > > fbc.77d4: '\Device\HarddiskVolume5\Program
Files\Oracle\VirtualBox\
> > VirtualBox.exe'
> > > > has no imports
> > > > fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll'
has no
> > > > imports
> > > > fbc.77d4: supR3HardNtChildPurify: cFixes=1
g_fSupAdversaries=0x80000000
> > > > fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526
ms, 33
> > > > sleeps
> > > > fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
> > > > fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004
0x0020000
> > > > fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002
0x0040000
> > > > fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004
0x0020000
> > > > fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004
0x0020000
> > > > fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004
0x0020000
> > > > fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002
0x0040000
> > > > fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004
0x0020000
> > > > fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004
0x0020000
> > > > fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004
0x0020000
> > > > fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004
0x0020000
> > > > fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002
0x0020000
> > > > fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002
0x0020000
> > > > fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002
0x0040000
> > > > fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
VirtualBox.exe
> > > > fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080
0x1000000
> > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000
0x0000000
> > > > fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002
0x0020000
> > > > fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes
(loop
> > #1).
> > > > 73a0.8564: Log file opened: 5.1.22r115126
> > g_hStartupLog=0000000000000004
> > > > g_uNtVerCombined=0xa0383900
> > > > 73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000
> > > > g_uNtVerCombined=0xa0383900
> > > > 73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
> > > > 73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for
> > 1904640
> > > > allocation)
> > > > fbc.77d4: supR3HardNtEnableThreadCreation:
> > > > 73a0.8564: supR3HardenedWinInitAppBin(0x0):
'\Device\HarddiskVolume5\
> > Program
> > > > Files\Oracle\VirtualBox'
> > > > 73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32
> > > > 73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
> > > > 73a0.8564: KnownDllPath: C:\Windows\System32
> > > > 73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub...
> > > > 73a0.8564: supR3HardenedVmProcessInit: Restoring
LdrInitializeThunk...
> > > > 73a0.8564: supR3HardenedVmProcessInit: Returning to
> > LdrInitializeThunk...
> > > > 73a0.8564: Registered Dll notification callback with NTDLL.
> > > > 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> > > > (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
> > > > 73a0.8564: supR3HardenedWinVerifyCacheInsert:
\Device\HarddiskVolume5\
> > > > Windows\System32\kernel32.dll
> > > > 73a0.8564: supR3HardenedMonitor_LdrLoadDll:
pName=C:\Windows\System32\
> > KERNEL32.DLL
> > > > (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff
> > > > pwszSearchPath=0000000000004001:<flags> [calling]
> > > > 73a0.8564: supR3HardenedDllNotificationCallback: load
00007fff913e0000
> > > > LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
> > > > 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> > > > (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
> > > > 73a0.8564: supR3HardenedWinVerifyCacheInsert:
\Device\HarddiskVolume5\
> > > > Windows\System32\KernelBase.dll
> > > > 73a0.8564: supR3HardenedDllNotificationCallback: load
00007fff92360000
> > > > LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
> > > > 73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit
> > (VINF_SUCCESS)
> > > > on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks
> > > > WinVerifyTrust]
> > > > 73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0
> > > > hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL'
> > > > 73a0.8564: supR3HardenedDllNotificationCallback: load
00007ff63e250000
> > > > LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > > [fFlags=0x0]
> > > > 73a0.8564: '\Device\HarddiskVolume5\Program
Files\Oracle\VirtualBox\
> > VirtualBox.exe'
> > > > has no imports
> > > > 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> > > > (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> > VirtualBox.exe)
> > > > 73a0.8564: supR3HardenedWinVerifyCacheInsert:
\Device\HarddiskVolume5\
> > Program
> > > > Files\Oracle\VirtualBox\VirtualBox.exe
> > > > fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005
> > > > (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms,
> > CloseEvents);
> > > >
> > > > Many thanks!
> > > >
> > > >
> > > >
> > > > --eugen
> > > > Amat victoria curam
> > > >
> > > > On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre <
> > > > ***@***.***> wrote:
> > > >
> > > >> Hi @oighen <https://github.com/oighen>,
> > > >> I didn't get the log file in your email. I've been looking online
and
> > a
> > > >> lot of the advice about this type of error seems to suggest
> > > >> uninstalling/reinstalling VirtualBox. If you can attach the log in
> > github,
> > > >> or paste the contents I'll do some more digging. What OS and
version
> > are
> > > >> you using?
> > > >>
> > > >> —
> > > >> You are receiving this because you were mentioned.
> > > >> Reply to this email directly, view it on GitHub
> > > >> <https://github.com/cgivre/data-exploration-with-apache-
> > drill/issues/1#issuecomment-310794840>,
> > > >> or mute the thread
> > > >> <https://github.com/notifications/unsubscribe-
> > auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR>
> > > >> .
> > > >>
> > > >
> > > >
> > > —
> > > You are receiving this because you were assigned.
> > > Reply to this email directly, view it on GitHub <
> > https://github.com/cgivre/data-exploration-with-apache-
> > drill/issues/1#issuecomment-310859661>, or mute the thread <
> > https://github.com/notifications/unsubscribe-
> > auth/AFQfvrTDkYr5SdSHQ0MsMDIT-nmX0S-Iks5sHV2DgaJpZM4N5VuR>.
> >
> > >
> >
> > —
> > You are receiving this because you were mentioned.
> > Reply to this email directly, view it on GitHub
> > <https://github.com/cgivre/data-exploration-with-apache-
drill/issues/1#issuecomment-310905699>,
> > or mute the thread
> > <https://github.com/notifications/unsubscribe-auth/ADwGAPQK655OFFmzu0_
hsGggZ9uWrUrrks5sHm4ogaJpZM4N5VuR>
> > .
> >
> —
> You are receiving this because you were assigned.
> Reply to this email directly, view it on GitHub, or mute the thread.
>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADwGANU0ELC9U5Gl9wQfI4WjxivQ-2s8ks5sIAgkgaJpZM4N5VuR>
.
|
|
Cool! I’m looking forward to meeting you. BTW, I’ll be uploading the final version of Griffon probably by the end of the week. It isn’t a drastic change, but just FYSA.
— C
… On Jun 26, 2017, at 15:48, oighen ***@***.***> wrote:
The Data Science for Security Professionals. July 22-23.
--eugen
Amat victoria curam
On Mon, Jun 26, 2017 at 1:36 PM, Charles S. Givre ***@***.***>
wrote:
> Glad to hear you got it working. We've had some issues with windows 10 but
> I've not been able to replicate them consistently. Which class of mine are
> you taking?
>
> Sent from my iPhone
>
>
> > On Jun 26, 2017, at 15:25, oighen ***@***.***> wrote:
> >
> > Charles, Griffon it's working very well in Ubuntu + VirtualBox --> that
> > means is something wrong with my Windows10 machine (cannot run Merlin or
> > Griffon). So I will focus on cleaning my Windoze.
> >
> > Thanks for all the effort and replies. See you at the course, on July 22.
> >
> > Regards,
> >
> >
> >
> >
> > --eugen
> > Amat victoria curam
> >
> > On Sun, Jun 25, 2017 at 8:26 AM, Charles S. Givre <
> ***@***.***>
> > wrote:
> >
> > > Hi Eugen,
> > > It looks to me from reading some articles on stackoverflow that one of
> the
> > > VirtualMachine disk files might be corrupted. The last article in the
> list
> > > recommends a procedure where you discard the saved state of the VM.
> Were
> > > you ever able to get it started?
> > >
> > >
> > > https://askubuntu.com/questions/846492/failed-to-
> open-a-session-for-the-
> > > virtual-machine-win-7 <https://askubuntu.com/
> questions/846492/failed-to-
> > > open-a-session-for-the-virtual-machine-win-7>
> > > https://stackoverflow.com/questions/20608310/virtualbox-
> > > error-failed-to-open-a-session-for-the-virtual-machine <
> > > https://stackoverflow.com/questions/20608310/virtualbox-
> > > error-failed-to-open-a-session-for-the-virtual-machine>
> > > https://www.simplehelp.net/2015/10/25/how-to-fix-the-
> > > failed-to-open-a-session-error-in-virtualbox/ <
> https://www.simplehelp.net/
> > > 2015/10/25/how-to-fix-the-failed-to-open-a-session-
> error-in-virtualbox/>
> > >
> > >
> > > Regardless, I’d recommend downloading the latest version of the VM
> which
> > > is available here and has a lot more useful tools on it.
> > > https://github.com/gtkcyber/griffon-vm <https://github.com/gtkcyber/
> > > griffon-vm>.
> > >
> > > Thanks,
> > > — C
> > >
> > > > On Jun 24, 2017, at 15:03, oighen ***@***.***> wrote:
> > > >
> > > > OS: Windows 10.
> > > >
> > > >
> > > > --eugen
> > > > Amat victoria curam
> > > >
> > > > On Sat, Jun 24, 2017 at 12:36 PM, Eugen Chirila ***@***.***>
> > > wrote:
> > > >
> > > > > Un-installed/re-installed VirtualBox, same error.
> > > > >
> > > > > Failed to open a session for the virtual machine *Merlin 1.01 Drill
> > > > > Workshop*.
> > > > >
> > > > > The virtual machine *'Merlin 1.01 Drill Workshop'* has terminated
> > > > > unexpectedly during startup with exit code -1073741819
> (0xc0000005).
> > > More
> > > > > details may be available in *'C:\Users\Eugen\VirtualBox VMs\Merlin
> 1.01
> > > > > Drill Workshop\Logs\VBoxHardening.log'*.
> > >
> > > > > Result Code: E_FAIL (0x80004005)
> > > > > Component: MachineWrap
> > > > > Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
> > > > > Now, the log is dumped below:
> > > > >
> > > > > fbc.77d4: Log file opened: 5.1.22r115126
> g_hStartupLog=00000000000000e4
> > > > > g_uNtVerCombined=0xa0383900
> > > > > fbc.77d4: \SystemRoot\System32\ntdll.dll:
> > > > > fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z
> > > > > fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z
> > > > > fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z
> > > > > fbc.77d4: FileAttributes: 0x20
> > > > > fbc.77d4: Size: 0x1cc888
> > > > > fbc.77d4: NT Headers: 0xd8
> > > > > fbc.77d4: Timestamp: 0x5825887f
> > > > > fbc.77d4: Machine: 0x8664 - amd64
> > > > > fbc.77d4: Timestamp: 0x5825887f
> > > > > fbc.77d4: Image Version: 10.0
> > > > > fbc.77d4: SizeOfImage: 0x1d1000 (1904640)
> > > > > fbc.77d4: Resource Dir: 0x168000 LB 0x67988
> > > > > fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1;
> > > > > SubID/SubName: 0x409)]
> > > > > fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage
> 0x0
> > > > > (reserved 0x0)]
> > > > > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > > > > fbc.77d4: ProductVersion: 10.0.14393.479
> > > > > fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
> > > > > fbc.77d4: FileDescription: NT Layer DLL
> > > > > fbc.77d4: \SystemRoot\System32\kernel32.dll:
> > > > > fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z
> > > > > fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z
> > > > > fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z
> > > > > fbc.77d4: FileAttributes: 0x20
> > > > > fbc.77d4: Size: 0xab208
> > > > > fbc.77d4: NT Headers: 0xf0
> > > > > fbc.77d4: Timestamp: 0x59028368
> > > > > fbc.77d4: Machine: 0x8664 - amd64
> > > > > fbc.77d4: Timestamp: 0x59028368
> > > > > fbc.77d4: Image Version: 10.0
> > > > > fbc.77d4: SizeOfImage: 0xac000 (704512)
> > > > > fbc.77d4: Resource Dir: 0xaa000 LB 0x530
> > > > > fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
> > > > > SubID/SubName: 0x409)]
> > > > > fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage
> 0x0
> > > > > (reserved 0x0)]
> > > > > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > > > > fbc.77d4: ProductVersion: 10.0.14393.1198
> > > > > fbc.77d4: FileVersion: 10.0.14393.1198
> > > > > (rs1_release_sec.170427-1353)
> > > > > fbc.77d4: FileDescription: Windows NT BASE API Client DLL
> > > > > fbc.77d4: \SystemRoot\System32\KernelBase.dll:
> > > > > fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z
> > > > > fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z
> > > > > fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z
> > > > > fbc.77d4: FileAttributes: 0x20
> > > > > fbc.77d4: Size: 0x21c780
> > > > > fbc.77d4: NT Headers: 0xf8
> > > > > fbc.77d4: Timestamp: 0x59327897
> > > > > fbc.77d4: Machine: 0x8664 - amd64
> > > > > fbc.77d4: Timestamp: 0x59327897
> > > > > fbc.77d4: Image Version: 10.0
> > > > > fbc.77d4: SizeOfImage: 0x21d000 (2215936)
> > > > > fbc.77d4: Resource Dir: 0x201000 LB 0x550
> > > > > fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1;
> > > > > SubID/SubName: 0x409)]
> > > > > fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage
> 0x0
> > > > > (reserved 0x0)]
> > > > > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > > > > fbc.77d4: ProductVersion: 10.0.14393.1358
> > > > > fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252)
> > > > > fbc.77d4: FileDescription: Windows NT BASE API Client DLL
> > > > > fbc.77d4: \SystemRoot\System32\apisetschema.dll:
> > > > > fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z
> > > > > fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z
> > > > > fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z
> > > > > fbc.77d4: FileAttributes: 0x20
> > > > > fbc.77d4: Size: 0x18960
> > > > > fbc.77d4: NT Headers: 0xc8
> > > > > fbc.77d4: Timestamp: 0x57899bd2
> > > > > fbc.77d4: Machine: 0x8664 - amd64
> > > > > fbc.77d4: Timestamp: 0x57899bd2
> > > > > fbc.77d4: Image Version: 10.0
> > > > > fbc.77d4: SizeOfImage: 0x19000 (102400)
> > > > > fbc.77d4: Resource Dir: 0x18000 LB 0x400
> > > > > fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1;
> > > > > SubID/SubName: 0x409)]
> > > > > fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage
> 0x0
> > > > > (reserved 0x0)]
> > > > > fbc.77d4: ProductName: Microsoft® Windows® Operating System
> > > > > fbc.77d4: ProductVersion: 10.0.14393.0
> > > > > fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
> > > > > fbc.77d4: FileDescription: ApiSet Schema DLL
> > > > > fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
> > > > > fbc.77d4: supR3HardenedWinFindAdversaries: 0x0
> > > > > fbc.77d4: supR3HardenedWinInitAppBin(0x0):
> '\Device\HarddiskVolume5\
> > > Program
> > > > > Files\Oracle\VirtualBox'
> > > > > fbc.77d4: Calling main()
> > > > > fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
> > > > > fbc.77d4: supR3HardenedWinInitAppBin(0x2):
> '\Device\HarddiskVolume5\
> > > Program
> > > > > Files\Oracle\VirtualBox'
> > > > > fbc.77d4: SUPR3HardenedMain: Respawn #1
> > > > > fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32
> > > > > fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
> > > > > fbc.77d4: KnownDllPath: C:\Windows\System32
> > > > > fbc.77d4: '\Device\HarddiskVolume5\Program
> Files\Oracle\VirtualBox\
> > > VirtualBox.exe'
> > > > > has no imports
> > > > > fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0
> > > > > (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> > > VirtualBox.exe)
> > > > > fbc.77d4: supR3HardNtEnableThreadCreation:
> > > > > fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=
> > > 00007fff94af9fa0
> > > > > pvNtTerminateThread=00007fff94b26b20
> > > > > fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564
> [kernel32].
> > > > > fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress=
> 0000000000a93000
> > > > > cbPeb=0x388
> > > > > fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=
> 00007fff94a80000
> > > > > uNtDllChildAddr=00007fff94a80000
> > > > > fbc.77d4: supR3HardenedWinSetupChildInit:
> > > uLdrInitThunk=00007fff94af9fa0
> > > > > fbc.77d4: supR3HardenedWinSetupChildInit: Start child.
> > > > > fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0
> > > > > (PurifyChildAndCloseHandles) after 0 ms.
> > > > > fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259
> ms, 15
> > > > > sleeps
> > > > > fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
> > > > > fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004
> 0x0020000
> > > > > fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002
> 0x0040000
> > > > > fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004
> 0x0020000
> > > > > fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004
> 0x0020000
> > > > > fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004
> 0x0020000
> > > > > fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002
> 0x0040000
> > > > > fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004
> 0x0020000
> > > > > fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004
> 0x0020000
> > > > > fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004
> 0x0020000
> > > > > fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004
> 0x0020000
> > > > > fbc.77d4: *0000000000c00000-0000000000c00fff 0x0040/0x0040
> 0x0020000
> > > !!
> > > > > fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec
> mem
> > > at
> > > > > 0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000)
> > > > > fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt
> #1
> > > > > succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000]
> > > > > fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after
> free 0:
> > > > > [0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0
> > > > > rp=0x00000000000001
> > > > > fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002
> 0x0020000
> > > > > fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002
> 0x0020000
> > > > > fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002
> 0x0040000
> > > > > fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002
> 0x0020000
> > > > > fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
> > > > > fbc.77d4: '\Device\HarddiskVolume5\Program
> Files\Oracle\VirtualBox\
> > > VirtualBox.exe'
> > > > > has no imports
> > > > > fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll'
> has no
> > > > > imports
> > > > > fbc.77d4: supR3HardNtChildPurify: cFixes=1
> g_fSupAdversaries=0x80000000
> > > > > fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526
> ms, 33
> > > > > sleeps
> > > > > fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
> > > > > fbc.77d4: *0000000000000000-000000000089ffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00000000008a0000-00000000008bffff 0x0004/0x0004
> 0x0020000
> > > > > fbc.77d4: *00000000008c0000-00000000008d5fff 0x0002/0x0002
> 0x0040000
> > > > > fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00000000008e0000-00000000009dafff 0x0000/0x0004
> 0x0020000
> > > > > fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004
> 0x0020000
> > > > > fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004
> 0x0020000
> > > > > fbc.77d4: *00000000009e0000-00000000009e3fff 0x0002/0x0002
> 0x0040000
> > > > > fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00000000009f0000-00000000009f1fff 0x0004/0x0004
> 0x0020000
> > > > > fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *0000000000a00000-0000000000a92fff 0x0000/0x0004
> 0x0020000
> > > > > fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004
> 0x0020000
> > > > > fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004
> 0x0020000
> > > > > fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002
> 0x0020000
> > > > > fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002
> 0x0020000
> > > > > fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00007ff63e030000-00007ff63e052fff 0x0002/0x0002
> 0x0040000
> > > > > fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00007ff63e250000-00007ff63e250fff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> VirtualBox.exe
> > > > > fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00007fff94a80000-00007fff94a80fff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080
> 0x1000000
> > > > > \Device\HarddiskVolume5\Windows\System32\ntdll.dll
> > > > > fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000
> 0x0000000
> > > > > fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002
> 0x0020000
> > > > > fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes
> (loop
> > > #1).
> > > > > 73a0.8564: Log file opened: 5.1.22r115126
> > > g_hStartupLog=0000000000000004
> > > > > g_uNtVerCombined=0xa0383900
> > > > > 73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000
> > > > > g_uNtVerCombined=0xa0383900
> > > > > 73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
> > > > > 73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for
> > > 1904640
> > > > > allocation)
> > > > > fbc.77d4: supR3HardNtEnableThreadCreation:
> > > > > 73a0.8564: supR3HardenedWinInitAppBin(0x0):
> '\Device\HarddiskVolume5\
> > > Program
> > > > > Files\Oracle\VirtualBox'
> > > > > 73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32
> > > > > 73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
> > > > > 73a0.8564: KnownDllPath: C:\Windows\System32
> > > > > 73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub...
> > > > > 73a0.8564: supR3HardenedVmProcessInit: Restoring
> LdrInitializeThunk...
> > > > > 73a0.8564: supR3HardenedVmProcessInit: Returning to
> > > LdrInitializeThunk...
> > > > > 73a0.8564: Registered Dll notification callback with NTDLL.
> > > > > 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> > > > > (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
> > > > > 73a0.8564: supR3HardenedWinVerifyCacheInsert:
> \Device\HarddiskVolume5\
> > > > > Windows\System32\kernel32.dll
> > > > > 73a0.8564: supR3HardenedMonitor_LdrLoadDll:
> pName=C:\Windows\System32\
> > > KERNEL32.DLL
> > > > > (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff
> > > > > pwszSearchPath=0000000000004001:<flags> [calling]
> > > > > 73a0.8564: supR3HardenedDllNotificationCallback: load
> 00007fff913e0000
> > > > > LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
> > > > > 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> > > > > (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
> > > > > 73a0.8564: supR3HardenedWinVerifyCacheInsert:
> \Device\HarddiskVolume5\
> > > > > Windows\System32\KernelBase.dll
> > > > > 73a0.8564: supR3HardenedDllNotificationCallback: load
> 00007fff92360000
> > > > > LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
> > > > > 73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit
> > > (VINF_SUCCESS)
> > > > > on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks
> > > > > WinVerifyTrust]
> > > > > 73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0
> > > > > hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL'
> > > > > 73a0.8564: supR3HardenedDllNotificationCallback: load
> 00007ff63e250000
> > > > > LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
> > > > > [fFlags=0x0]
> > > > > 73a0.8564: '\Device\HarddiskVolume5\Program
> Files\Oracle\VirtualBox\
> > > VirtualBox.exe'
> > > > > has no imports
> > > > > 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0
> > > > > (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\
> > > VirtualBox.exe)
> > > > > 73a0.8564: supR3HardenedWinVerifyCacheInsert:
> \Device\HarddiskVolume5\
> > > Program
> > > > > Files\Oracle\VirtualBox\VirtualBox.exe
> > > > > fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005
> > > > > (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms,
> > > CloseEvents);
> > > > >
> > > > > Many thanks!
> > > > >
> > > > >
> > > > >
> > > > > --eugen
> > > > > Amat victoria curam
> > > > >
> > > > > On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre <
> > > > > ***@***.***> wrote:
> > > > >
> > > > >> Hi @oighen <https://github.com/oighen>,
> > > > >> I didn't get the log file in your email. I've been looking online
> and
> > > a
> > > > >> lot of the advice about this type of error seems to suggest
> > > > >> uninstalling/reinstalling VirtualBox. If you can attach the log in
> > > github,
> > > > >> or paste the contents I'll do some more digging. What OS and
> version
> > > are
> > > > >> you using?
> > > > >>
> > > > >> —
> > > > >> You are receiving this because you were mentioned.
> > > > >> Reply to this email directly, view it on GitHub
> > > > >> <https://github.com/cgivre/data-exploration-with-apache-
> > > drill/issues/1#issuecomment-310794840>,
> > > > >> or mute the thread
> > > > >> <https://github.com/notifications/unsubscribe-
> > > auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR>
> > > > >> .
> > > > >>
> > > > >
> > > > >
> > > > —
> > > > You are receiving this because you were assigned.
> > > > Reply to this email directly, view it on GitHub <
> > > https://github.com/cgivre/data-exploration-with-apache-
> > > drill/issues/1#issuecomment-310859661>, or mute the thread <
> > > https://github.com/notifications/unsubscribe-
> > > auth/AFQfvrTDkYr5SdSHQ0MsMDIT-nmX0S-Iks5sHV2DgaJpZM4N5VuR>.
> > >
> > > >
> > >
> > > —
> > > You are receiving this because you were mentioned.
> > > Reply to this email directly, view it on GitHub
> > > <https://github.com/cgivre/data-exploration-with-apache-
> drill/issues/1#issuecomment-310905699>,
> > > or mute the thread
> > > <https://github.com/notifications/unsubscribe-auth/ADwGAPQK655OFFmzu0_
> hsGggZ9uWrUrrks5sHm4ogaJpZM4N5VuR>
> > > .
> > >
> > —
> > You are receiving this because you were assigned.
> > Reply to this email directly, view it on GitHub, or mute the thread.
> >
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#1 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/ADwGANU0ELC9U5Gl9wQfI4WjxivQ-2s8ks5sIAgkgaJpZM4N5VuR>
> .
>
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFQfvhcYsXIVKgtfoHU3pbMi9FQ-NM8Zks5sIAr_gaJpZM4N5VuR>.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Failed to open a session for the virtual machine Merlin 1.01 Drill Workshop.
The virtual machine 'Merlin 1.01 Drill Workshop' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\xxx\VirtualBox VMs\Merlin 1.01 Drill Workshop\Logs\VBoxHardening.log'.
Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}
anything very simple that I am missing?
The text was updated successfully, but these errors were encountered: