EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Getting error 0xc0000005 on Win 7 with updates KB2882822..

Also by EldoS: SecureBlackbox
200+ components and classes for digital security, signing, encryption and secure networking.
#31647
Posted: 12/15/2014 01:43:48
by Andrew Solonovich (Standard support level)
Joined: 04/05/2013
Posts: 12

Hello!
We have some troubles with CBFS5 (5.1.154).

Sorry for russian text in error messages in advance, I'll translate if needed.
When our program (.net c#) works on Windows 7 with updates KB2882822 KB2872339 KB2859537, it sometimes falls with message:

Quote
"Managed Debugging Assistant 'FatalExecutionEngineError' has detected a problem in <our_exe> Additional information: В среде выполнения обнаружена критическая ошибка. Ошибка произошла по адресу 0x738feb66 в потоке 0x2ea0. Код ошибки 0xc0000005. Она может быть вызвана ошибкой в CLR или в небезопасных либо не поддающихся проверке фрагментах пользовательского кода. Обычно источниками таких ошибок бывают ошибки упаковки, допускаемые пользователями при COM-взаимодействии, либо PInvoke, повредивший стек."

We made some tests and sure that it does not appears on Win 8.1 and if remove aforecited updates on Win7.
Looks like that unmanaged code corrupts managed heap..

Also in windows event log appears messages like that:

Code
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
  <Provider Name="cbfs5" />
  <EventID Qualifiers="0">1</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2014-12-15T07:16:25.000000000Z" />
  <EventRecordID>5582</EventRecordID>
  <Channel>Application</Channel>
  <Computer><my_other_comp>.local</Computer>
  <Security />
  </System>
<EventData>
  <Data>-1073741684</Data>
  <Binary>0403...6300</Binary>
  </EventData>
  </Event>


Also in this event present messages with only one error number - 22 like this:

Code
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
  <Provider Name="cbfs5" />
  <EventID Qualifiers="0">1</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2014-12-12T08:12:49.000000000Z" />
  <EventRecordID>122747</EventRecordID>
  <Channel>Application</Channel>
  <Computer><other_comp>.local</Computer>
  <Security />
  </System>
<EventData>
  <Data>22</Data>
  <Binary>A404...6300</Binary>
  </EventData>
  </Event>


On Windows 8.1 in event log (system) I saw this message:

Code
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
  <Provider Name="cbfs5" />
  <EventID Qualifiers="0">1</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2014-12-12T12:34:01.552931000Z" />
  <EventRecordID>21262</EventRecordID>
  <Channel>System</Channel>
  <Computer><my_comp>.local</Computer>
  <Security />
  </System>
<EventData>
  <Data />
  <Binary>0000...6300</Binary>
  </EventData>
  </Event>


but our program works good and without any error messages..

Any help appreciated.
#31648
Posted: 12/15/2014 02:11:23
by Eugene Mayevski (EldoS Corp.)

Thank you for the report.

Quick search has revealed the following interesting article: http://www.outsidethebox.ms/15229/ . Did you already come across it?

For English-speaking readers: two most reasons of the error are (a) rootkit and (b) illegal activation of windows. The remedy is to uninstall the updates or repair the system so that the proper files are installed. Obviously rootkits must be checked for and illegal activation is, well, illegal.


Sincerely yours
Eugene Mayevski
#31649
Posted: 12/15/2014 02:42:39
by Andrew Solonovich (Standard support level)
Joined: 04/05/2013
Posts: 12

Hello, Eugene!
Thanks for the quick answer.

Quote
Eugene Mayevski wrote:
Did you already come across it?


Yes, of course, I saw this article - we tried to remove updates after reading this and similar articles.
We have genuine Windows, activated with KMS. Also we have antivirus System centre endpoint protection with all updates, so I don't think that rootkit could be reason of error.
#31650
Posted: 12/15/2014 02:52:17
by Eugene Mayevski (EldoS Corp.)

Ok, but what can we do in the situation of the buggy KB update?


Sincerely yours
Eugene Mayevski
#31652
Posted: 12/15/2014 09:25:59
by Andrew Solonovich (Standard support level)
Joined: 04/05/2013
Posts: 12

In the situation of the buggy KB update you can do nothing of course, but updates KB2882822 KB2872339 KB2859537 released in 2013. I mention them to provide you more information which can help to find a bug.
Crashes in our application began about month ago and in debug we cannot define even line of code on which it happens - it is always different.
Сode was not changed for about half year, except CBFS driver updates.

We made additional test and looks like that with CBFS ver 5.1.152 all works without crashes.
So it turns that something happened in version 5.1.153 and 5.1.154.

Hope for your help.
#31653
Posted: 12/15/2014 09:45:08
by Eugene Mayevski (EldoS Corp.)

Now the problem is getting more clear.

Volodymyr, the driver developer, will provide instructions for additional diagnostics now.


Sincerely yours
Eugene Mayevski
#31654
Posted: 12/15/2014 09:49:01
by Volodymyr Zinin (EldoS Corp.)

Moved to HelpDesk for further investigation.
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 4976 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!