Hi All,

Here is a modified driver for the crash when the beta/adv features and DEP are both enabled:
http://looknstop.soft4ever.com/Beta/lnsfw1/LNSFW1-3.05p1.zip

At this time this is only for the "Watch Thread Injection" feature. If the test is positive for this one, the same will be tried for the other beta features.
So, don't try to activate the other beta features (through the registry) yet.

Not sure at all it will work. If you don't like crashes, you should not test it ;)
Only persons having issues with DEP protection should try it at this time. However, it should work the same on computers/systems without DEP.

Thanks in advance for any report.

Frederic

Procedure is as usual:
- rename c:\windows\system32\drivers\lnsfw1.sys to lnsfw1.old
- put the new driver in c:\windows\system32\drivers
- reboot
- if the new driver is worst than before, revert to the .old file

Hey
I have got all beta features enabled without a problem - only Thread Injection is crashing my system. Want me to try this driver too??

Ruben

Does the naming of the new driver (3.05p1) hint at a new LnS version?

What does this mean for the current line (2.05p3)?

with new driver no crashes anymore. All betafeatures enabled

Where can I test if its funcioning as the old one??

Ruben

New driver, all beta features enabled, NON hardware DEP system (just testing the driver on standard machine):

After installing Kaspersky AV personal 5, reboot, computer freezes at login (select user name, enter password, freeze).

Solved by removing new driver while in safe mode, put the old driver back and problem gone :)

i too tested it on a non DEP-enabled system with all features enabled and so far everythings fine.

{QUOTE-> with new driver no crashes anymore. All betafeatures enabled

Where can I test if its funcioning as the old one??

Ruben <-QUOTE}
Hi Ruben,

Thanks for testing the new driver.
You need to run Thermite leaktest to verify that the "Watch thread injection" feature is working.

You must not activate all the other beta features (the one with the registry settings) because nothing was done for these features. If you get a crash with the other beta features enabled, we won't know if it is normal or not.

Regards,

Frederic

{QUOTE-> New driver, all beta features enabled, NON hardware DEP system (just testing the driver on standard machine):

After installing Kaspersky AV personal 5, reboot, computer freezes at login (select user name, enter password, freeze).

Solved by removing new driver while in safe mode, put the old driver back and problem gone :) <-QUOTE}
Hi SSK,

Ok, thanks for testing and for the information.
Maybe there is a compatibility issue with Kaspersky :(

To answer your first post: the current driver version of the 2.05p3 is 3.05. This new driver is 3.05p1. Version numbering between the exe and the drivers are independant.

Regards,

Frederic

{QUOTE-> Hi SSK,

Ok, thanks for testing and for the information.
Maybe there is a compatibility issue with Kaspersky :(

To answer your first post: the current driver version of the 2.05p3 is 3.05. This new driver is 3.05p1. Version numbering between the exe and the drivers are independant.

Regards,

Frederic <-QUOTE}

Thanks for the information! :). I'm going to check the new driver with KAV 6 beta as well, see if there are problems.

EDIT: the problem is there as well with KAV 6.

cried too early - got a bad crash sequence even with the new driver - I ahd all beta stuff enabled - yesterday after installing it and testing it worked great, but today:

1. Y killed the exe of lns with one of phantoms tools, started the programm again, everything loked fine
2. I updated wmplayer to version 10 - and restarted - lsass.exe made a system crash, explorer will shut down ... the whole story - help

Ruben

i just got teh beta driver onto my athlon 64 comp with no problems however i dont know how to run the leaktest. it first say i have to have IE running and if i run IE tehn thermite, i get the following:

http://img126.imageshack.us/img126/9632/thermite8pm.jpg

and "securityfocus.html" on my desktop. did i fail the test?

{QUOTE->
1. Y killed the exe of lns with one of phantoms tools, started the programm again, everything loked fine <-QUOTE}

Hello Ruben :)
What do you mean by "... killed the exe of LnS..." Are you using a modified file of LooknStop.exe ?? "

Thomas :)

Not tested the beta driver yet. First I will create images of my harddrives, and I want to install all new Windows Updates (tomorrow is another huge MS patch-day 8) )! And then I will test the new driver...

no, no modified version of lns - Phantom in its ealry days made to little apps: "kill lns " and lns "shutdownprotection" - I used the later on my old notebook and wanted to set it again - but i mixed up the files so I hit "kill lns". It just shuts lns down, but when I restarted it all was fine till I restarted my machine - than everything went beserk. I don't know if that was the culprit cause after updating the wmplayer lns asked for permission for lsass, and some other system apps - and there after I got my crashes.

Ruben

Ruben

{QUOTE-> i just got teh beta driver onto my athlon 64 comp with no problems however i dont know how to run the leaktest. it first say i have to have IE running and if i run IE tehn thermite, i get the following:

http://img126.imageshack.us/img126/9632/thermite8pm.jpg

and "securityfocus.html" on my desktop. did i fail the test? <-QUOTE}
Yes, the test is failed.
Look 'n' Stop should display a popup saying Thermite is trying to connect.

Frederic

{QUOTE-> no, no modified version of lns - Phantom in its ealry days made to little apps: "kill lns " and lns "shutdownprotection" - I used the later on my old notebook and wanted to set it again - but i mixed up the files so I hit "kill lns". It just shuts lns down, but when I restarted it all was fine till I restarted my machine - than everything went beserk. I don't know if that was the culprit cause after updating the wmplayer lns asked for permission for lsass, and some other system apps - and there after I got my crashes.

Ruben <-QUOTE}
Ruben,

Don't forget only the "Watch Thread injection" should be enabled, not all the beta features.

Thanks,

Frederic

according to the advice of frederic,i did not active the reg file. but i got a crash with new beta drv after reboot. there was still the DEP crash yet.

the brand of my computer is IBM THINKPAD T43. OS is winxp sp2.

{QUOTE-> Ruben,

Don't forget only the "Watch Thread injection" should be enabled, not all the beta features.

Thanks,

Frederic <-QUOTE}

How do I go back?? I already had the betafeatures enabled, but with the regfile that comes in the package

Ruben

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lnsfw1]
"ActivatedSoon"=dword:00000000
"CheckDNSQ"=dword:00000000
"CheckHSRE"=dword:00000000
"CheckVAEUDTF"=dword:00000000
"IPFragActive"=dword:00000000

Replacing the driver alone will not reset these beta settings, you must manually undo, after undoing, re-boot Windows.

Thanks you are the man

Ruben

Here is my test report:

Brandnew DELL Notebook, 32bit-processor, WinXP-SP2, Software DEP only (No hardware DEP, I think :-\ ) , LnS 2.05p3

So far I had all beta features enabled, and I got system crashes, when either "Watch DNS calls" or "Watch Thread Injection", or both were enabled.

This morning I Installed the new LNSFW1.SYS, rebooted and activated "Watch Thread Injection".

Well, so far (after 8 hours of heavy work ;) ) no crashes !!

Thx,
Frederic :)

Hi Thomas,

Thanks for your report.

Could you try Thermite to verify the Watch Thread Injection is enabled and working ?
Look 'n' Stop should prompt you that Thermite is trying to connect.

(before testing that, close & save any important files that could be open, in case of a crash).

Thanks,

Frederic

{QUOTE-> (before testing that, close & save any important files that could be open, in case of a crash).
<-QUOTE}

Frederic,

Like tosbsas I also was too optimistic: This morning my machine produced 2 logon screens at startup (somehow over each other), and I was not able to login as any user at all.

After one reboot I started in "Safe mode" and renamed the new "LNSFW1.SYS" back to run the original one 8) Unfortunately, I did not unmark the option "Watch Thread injection" :blink: :gack: :-[ :lurking: ???
Well, with my next regular reboot I did not make it even up to the login screen :( :

A wonderful blue screen appeared stating:
STOP: c000021a {fatal system crash}
The Windows logon Process System process terminated unexpectedly with a status of 0xc0000005 (0x00000000). 0x00000000
The system has been shut down

GREAT >:(

So, after one more reboot (now again in "Safe Mode") I could manually load LNS and deactivate the "Watch Thread Injection" option.

With the next reboot everything is working as normal :) No surprise, since now I am running LNS without the new LNSFW1.SYS driver and without "Watch Threat Injection".

Yes, in my case all beta features of LNS 2.05p3 were (are) still enabled. I fear that was the mistake on my side :-\

Thomas :)

share you feelings - exactly the same thing. Safe mode was something I didn't think about

Ruben

Here is my test

All test inside VMWare Workstation 5.5.1 @ 19175
Real computer is:
CPU: AMD Athlon64 with hardware-DEP
RAM: 2048 MB
OS: Windows XP (32bit), setting to "optout" DEP option by modify boot.ini.
LNS: turn off Watch Thread Injection.
LNS ver: 2.05p3 + 3.05 (old driver)

Inside vmware's computer is:
CPU: (the same as real computer.)
OS: Windows XP (32bit), setting to "alwayson" DEP option by modify boot.ini.
RAM: 512MB
LNS: turn on Watch Thread Injection. (only)
LNS ver: 205p3 + 3.05p1 (beta driver)

Thermite seem could be captured by LNS 2.05p3 + 3.05p1 beta driver.
No crash, but I don't install any antivirus inside VMWare's computer yet.

Hi RetupmocSoft,

Thanks for your report.

Do you confirm you had a crash before with old driver in the same configuration and testing ?

Frederic

{QUOTE-> Hi RetupmocSoft,

Thanks for your report.

Do you confirm you had a crash before with old driver in the same configuration and testing ?

Frederic <-QUOTE}

Hi Frederic,

YES.

First, "Watch Thread Injection" turn on.
Second, DEP setting to "optout" or "alwayson".
After all, Old driver (3.05) will "freeze" after login, and also made BSOD.

But,
If "Watch Thread Injection" turn off.
No matter DEP setting.
Old driver (3.05) super stable.

New beta driver (3.05p1) no crash anymore (with DEP-alwayson, and can catch Thermite).


RetupmocSoft.

Hi RetupmocSoft,

Thanks a lot for this clarification.

This is exactly what I expected with new driver 8)

I'm not sure if the other reports mean sometimes it still doesn't work or if the crash is still there because some other beta features were enabled.

Frederic

{QUOTE-> Hi All,

Here is a modified driver for the crash when the beta/adv features and DEP are both enabled:
http://looknstop.soft4ever.com/Beta/lnsfw1/LNSFW1-3.05p1.zip

At this time this is only for the "Watch Thread Injection" feature. If the test is positive for this one, the same will be tried for the other beta features.
So, don't try to activate the other beta features (through the registry) yet.

Not sure at all it will work. If you don't like crashes, you should not test it ;)
Only persons having issues with DEP protection should try it at this time. However, it should work the same on computers/systems without DEP.

Thanks in advance for any report.

Frederic

Procedure is as usual:
- rename c:\windows\system32\drivers\lnsfw1.sys to lnsfw1.old
- put the new driver in c:\windows\system32\drivers
- reboot
- if the new driver is worst than before, revert to the .old file <-QUOTE}

Link is dead. Is there any place to download this patch?!

A newer version can be found here:

http://looknstop.soft4ever.com/Beta/Vista/LNSFW1-3.05v2.zip

BTW, it says VISTA, but it works under XP too.

Actually the most recent version is:
http://looknstop.soft4ever.com/Beta/lnsfw1/LNSFW1-3.05v3.zip

Not sure it will fix problem with DEP, since the experimental features are no longer supported so far.

Frederic