Opened 7 years ago
Last modified 7 years ago
#17640 new defect
supR3HardenedWinReSpawn VERR_INVALID_NAME on specific driver paths
| Reported by: | latifrons | Owned by: | |
|---|---|---|---|
| Component: | other | Version: | VirtualBox 5.2.8 |
| Keywords: | Hardening | Cc: | |
| Guest type: | all | Host type: | Windows |
Description
When Hardening rejecting DLL with name like "\Device\HarddiskVolume6\opt\adguolvds\glhp64.dll", an error will always show as below and none of the VM can be started.
VirtualBox - Error In supR3HardenedWinReSpawn Error relaunching VirtualBox VM process: 5 Command line: '60eaff78-4bdd-042d-2e72-669728efd737-suplib-3rdchild --comment Windows10 --startvm 1e2c22cb-276b-43b0-9049-1e50628f9490 --no-startvm-errormsgbox "--sup-hardening-log=C:\Users\latifrons\VirtualBox VMs\Windows10\LogsWBoxHardening.log's (rc=-104) Please try reinstalling VirtualBox. where: supR3HardenedWinReSpawn what: 5 VERR_INVALID_NAME (-104) -Invalid (malformed) file/path name.
VBoxHardening.log:
4530.4674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume6\opt\adguolvds\glhp64.dll [lacks WinVerifyTrust] 4530.4674: Error (rc=0): 4530.4674: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1024 \Device\HarddiskVolume6\opt\adguolvds\glhp64.dll 4530.4674: Error (rc=0): 4530.4674: supR3HardenedMonitor_LdrLoadDll: rejecting 'D:\opt\adguolvds\glhp64.dll' (D:\opt\adguolvds\glhp64.dll): rcNt=0xc0000190 4530.4674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'D:\opt\adguolvds\glhp64.dll' 4530.4674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume6\opt\adguolvds\glhp64.dll [lacks WinVerifyTrust] 4530.4674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume6\opt\adguolvds\glhp64.dll [lacks WinVerifyTrust]WinVerifyTrust]\Device\HarddiskVolume6\opt\adguolvds\glhp64.dll [lacks WinVerifyTrust] 4530.4674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume6\opt\adguolvds\glhp64.dll [lacks WinVerifyTrust] 4788.4444: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 129076 ms, the end);
Seems that file path beginning with \Device is not supported?
How to get this dll: Goto http://www.admon.cn and download the installer at the bottom of the page. This software is a low level ad removing tool which hooks many processes. D:\opt\adguolvds\glhp64.dll is its dll hook.
For those who comes here from Google: Just remove this software and your VirtualBox will be fine.
Replying to latifrons:
As you already figured out, that's exactly the problem; it hooks on processes without being properly signed. This is not allowed by VirtualBox.