VirtualBox

Changeset 54139 in vbox for trunk


Ignore:
Timestamp:
Feb 11, 2015 1:54:44 PM (10 years ago)
Author:
vboxsync
Message:

SUPR3HardenedMain-win.cpp: Workaround for a process deadlock caused by our favourite Symantec driver (SysPlant.sys) that would lead to the system getting stuck during reboot and shutdown.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp

    r53821 r54139  
    41084108     * Apply anti debugger notification trick to the thread.  (Also done in
    41094109     * supR3HardenedWinInit.)  This may fail with STATUS_ACCESS_DENIED and
    4110      * maybe other errors.
    4111      */
    4112     rcNt = NtSetInformationThread(This.hThread, ThreadHideFromDebugger, NULL, 0);
    4113     if (!NT_SUCCESS(rcNt))
    4114         SUP_DPRINTF(("supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: %#x (harmless)\n", rcNt));
     4110     * maybe other errors.  (Unfortunately, recent (SEP 12.1) of symantec's
     4111     * sysplant.sys driver will cause process deadlocks and a shutdown/reboot
     4112     * denial of service problem if we hide the initial thread, so we postpone
     4113     * this action if we've detected SEP.)
     4114     */
     4115    if (!(g_fSupAdversaries & (SUPHARDNT_ADVERSARY_SYMANTEC_SYSPLANT | SUPHARDNT_ADVERSARY_SYMANTEC_N360)))
     4116    {
     4117        rcNt = NtSetInformationThread(This.hThread, ThreadHideFromDebugger, NULL, 0);
     4118        if (!NT_SUCCESS(rcNt))
     4119            SUP_DPRINTF(("supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: %#x (harmless)\n", rcNt));
     4120    }
    41154121#endif
    41164122
     
    51015107    } s_aDrivers[] =
    51025108    {
     5109        { SUPHARDNT_ADVERSARY_SYMANTEC_SYSPLANT,    "SysPlant" },
     5110
    51035111        { SUPHARDNT_ADVERSARY_SYMANTEC_N360,        "SRTSPX" },
    51045112        { SUPHARDNT_ADVERSARY_SYMANTEC_N360,        "SymDS" },
     
    51875195    } s_aFiles[] =
    51885196    {
    5189         { SUPHARDNT_ADVERSARY_SYMANTEC_N360, L"\\SystemRoot\\System32\\drivers\\SysPlant.sys" },
    5190         { SUPHARDNT_ADVERSARY_SYMANTEC_N360, L"\\SystemRoot\\System32\\sysfer.dll" },
    5191         { SUPHARDNT_ADVERSARY_SYMANTEC_N360, L"\\SystemRoot\\System32\\sysferThunk.dll" },
     5197        { SUPHARDNT_ADVERSARY_SYMANTEC_SYSPLANT, L"\\SystemRoot\\System32\\drivers\\SysPlant.sys" },
     5198        { SUPHARDNT_ADVERSARY_SYMANTEC_SYSPLANT, L"\\SystemRoot\\System32\\sysfer.dll" },
     5199        { SUPHARDNT_ADVERSARY_SYMANTEC_SYSPLANT, L"\\SystemRoot\\System32\\sysferThunk.dll" },
    51925200
    51935201        { SUPHARDNT_ADVERSARY_SYMANTEC_N360, L"\\SystemRoot\\System32\\drivers\\N360x64\\1505000.013\\ccsetx64.sys" },
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette