eamonm.sys, bluescreen, sandboxie, Adobe

Brummelchen · #1 May 17th, 2012, 10:11 AM

while installing adobe photoshop cs6 into sandboxie windows throws a bluescreen with

Code:

BAD_POOL_HEADER
0x00000019
0x00000020

Code:

eamonm.sys	eamonm.sys+1e77c	0x8c01e000	0x8c0ee000	0x000d0000	0x4f577177	07.03.2012 16:32:23	ESET Smart Security	Amon monitor	5.2.7.0	ESET	C:\Windows\system32\drivers\eamonm.sys	
fltmgr.sys	fltmgr.sys+318a	0x82b45000	0x82b79000	0x00034000	0x4a5bbf11	14.07.2009 01:11:13	Betriebssystem Microsoft® Windows®	Microsoft Dateisystem-Filter-Manager	6.1.7600.16385 (win7_rtm.090713-1255)	Microsoft Corporation	C:\Windows\system32\drivers\fltmgr.sys	
ntoskrnl.exe	ntoskrnl.exe+b4c0d	0x81e43000	0x82255000	0x00412000	0x4f766ae5	31.03.2012 04:24:37	Microsoft® Windows® Operating System	NT Kernel & System	6.1.7601.17803 (win7sp1_gdr.120330-1504)	Microsoft Corporation	C:\Windows\system32\ntoskrnl.exe

Code:

eamonm.sys	eamonm.sys+1e77c	0x8be04000	0x8bed4000	0x000d0000	0x4f577177	07.03.2012 16:32:23	ESET Smart Security	Amon monitor	5.2.7.0	ESET	C:\Windows\system32\drivers\eamonm.sys	
fltmgr.sys	fltmgr.sys+318a	0x82ba0000	0x82bd4000	0x00034000	0x4a5bbf11	14.07.2009 01:11:13	Betriebssystem Microsoft® Windows®	Microsoft Dateisystem-Filter-Manager	6.1.7600.16385 (win7_rtm.090713-1255)	Microsoft Corporation	C:\Windows\system32\drivers\fltmgr.sys	
ntoskrnl.exe	ntoskrnl.exe+b4c0d	0x81e37000	0x82249000	0x00412000	0x4f766ae5	31.03.2012 04:24:37	Microsoft® Windows® Operating System	NT Kernel & System	6.1.7601.17803 (win7sp1_gdr.120330-1504)	Microsoft Corporation	C:\Windows\system32\ntoskrnl.exe

win7/32, eav 5.2.9.1 (german), sandboxie 3.69.01

last days with eset 5.0.94.0 german all was fine.
i try to reproduce with sandboxie 3.68 final and 3.69.03 (latest beta)

#with sb 3.68 final crashes
## 3.69.03 also

Marcos · #2 May 17th, 2012, 10:13 AM

Please upload the dumps somewhere and PM me the download links. If necessary, I can provide you with access to our ftp server.

Brummelchen · #3 May 17th, 2012, 11:06 AM

i can reproduce the crashes with all present versions of sandboxie.
Setup crashes somewhere in the middle of installation, last time i saw
something with "hunspell".
i linked the minidumps - hope that is enough i dont have others due settings.
in normal these where my 2nd to 5ths bluescreen with win7.

i need to go back after i had a view to beta 6.

Marcos · #4 May 17th, 2012, 11:17 AM

Thank you for the dumps provided, I've passed them to our developers for analysis.

Brummelchen · #5 May 17th, 2012, 12:58 PM

beta 6 let windows crash too, sorry

Code:

eamonm.sys	eamonm.sys+1e7fc	0x8c008000	0x8c0d8000	0x000d0000	0x4f9e3531	30.04.2012 08:46:09						
fltmgr.sys	fltmgr.sys+318a	0x82b3d000	0x82b71000	0x00034000	0x4a5bbf11	14.07.2009 01:11:13	Betriebssystem Microsoft® Windows®	Microsoft Dateisystem-Filter-Manager	6.1.7600.16385 (win7_rtm.090713-1255)	Microsoft Corporation	C:\Windows\system32\drivers\fltmgr.sys	
ntoskrnl.exe	ntoskrnl.exe+b4c0d	0x81e45000	0x82257000	0x00412000	0x4f766ae5	31.03.2012 04:24:37	Microsoft® Windows® Operating System	NT Kernel & System	6.1.7601.17803 (win7sp1_gdr.120330-1504)	Microsoft Corporation	C:\Windows\system32\ntoskrnl.exe

hyleaf · #6 May 22nd, 2012, 02:00 PM

I have the exact same problem with the latest version of ESET 5.2.9.1 in English, but Smart Security in my case.

Blue Screen with error in eamonm.sys, with an error of PAGE_FAULT_IN_NON_PAGED_AREA.

I'm running windows 7 64 bits, with Sandboxie 3.68 64 bits as well. But I get this error at random times while using Waterfox (firefox 64 bits) sandboxed.

Did not install Adobe Photoshop CS6 yet, but I have CS5 installed for a long time already.

From what I know, hunspell is a spell-checking plugin included in firefox, and on trillian, which I have running as well, but not sandboxed.

Anything else I can help with? How do I get these dumps?

Thanks.

EDIT: Got another crash, and got the minidump file.

hyleaf · #7 May 30th, 2012, 12:03 PM

What is the status of this problem?

I had to revert to 5.0.95 too, because of the problems. I got 2 minidumps from the last crashes, where can I send them? Seems like I cannot PM you Marcos.

Thanks.

bwb1 · #8 June 5th, 2012, 04:42 AM

Quote:

Originally Posted by hyleaf

What is the status of this problem?

I had to revert to 5.0.95 too, because of the problems. I got 2 minidumps from the last crashes, where can I send them? Seems like I cannot PM you Marcos.

Thanks.

I too have BSODs with latest version of ESS5 and Sandboxie 3.70. The text says there is a bad_pool_header. As Hyleaf alerted me to this being an ESet problem, I have removed SBIE until a result is found. This occurs on my desktop, but the same set up on my laptop runs together nicely

(All running 32 bit versions)

bwb1 · #9 June 9th, 2012, 04:48 AM

Quote:

Originally Posted by Marcos

Thank you for the dumps provided, I've passed them to our developers for analysis.

Is there any info on this Marcos please? (FF13/ESS 5.2.9.1/SBIE 3.70 all 32 bit)

Brummelchen · #10 June 10th, 2012, 09:16 AM

Latest Endpoint solution (EEA on win7/64) also crashes bad_pool_header. i hope there is a solution on the run.

Marcos · #11 June 14th, 2012, 01:58 PM

Quote:

Originally Posted by bwb1

Is there any info on this Marcos please? (FF13/ESS 5.2.9.1/SBIE 3.70 all 32 bit)

Does disabling Device control integration solve the issue for you?

Marcos · #12 June 14th, 2012, 01:59 PM

Quote:

Originally Posted by Brummelchen

Latest Endpoint solution (EEA on win7/64) also crashes bad_pool_header. i hope there is a solution on the run.

Our developers are on it and trying to figure out the cause of the crash.

Brummelchen · #13 June 15th, 2012, 10:15 AM

Quote:

Does disabling Device control integration solve the issue for you?

i can test this later the day (i hope i find it in the german build)

hyleaf · #14 June 18th, 2012, 12:45 PM

Marcos, I got a bunch more minidumps to help with this.

I had the crashes when using 5.2.9.1 and sandboxie 3.68 while browsing randomly with waterfox (firefox 64 bits) 12. Then I reverted to 5.0.95 and got no more crashes at all.

Some days ago, I updated sandboxie to 3.70, waterfox to 13.0, and then ESS auto-updated to 5.2.9.1. The crashes are almost gone, but I still got it when trying to pay with paypal, twice in a row. All the dumps are as follow:

https://dl.dropbox.com/u/70121451/052412-20326-01.dmp - SB 3.68, Wf 12 and ESS 5.2.9.1
https://dl.dropbox.com/u/70121451/052612-28828-01.dmp - SB 3.68, Wf 12 and ESS 5.2.9.1

https://dl.dropbox.com/u/70121451/061112-19297-01.dmp - SB 3.70, Wf 13 and ESS 5.2.9.1
https://dl.dropbox.com/u/70121451/061112-21652-01.dmp - SB 3.70, Wf 13 and ESS 5.2.9.1

Thanks, hope it helps.

Update:

Decided to do a test.

So, running Sandboxie version 3.72 (64bit version), Waterfox 13 PL1, and ESS 5.2.9.1. When running Waterfox sandboxed, I get a crash when trying to access a paypal page to buy something (for example, when clicking both of the paypal links on this page: http://www.crintsoft.com/MiniLyrics_buy.htm). This is the latest dump: https://dl.dropbox.com/u/70121451/061812-23025-01.dmp

Then, I tried the same pages running not-sandboxed, and got no bluescreens at all.

Anything else I can try to help?

bwb1 · #15 June 19th, 2012, 04:59 AM

5.2.9.1/ FF 13.0.1/SBIE 3.72 crashes the instant FF tried to open in the sandbox. Usual stuff on screen about a bad_pool_header same as always.

traviscn · #16 June 19th, 2012, 06:24 AM

Quote:

Originally Posted by bwb1

5.2.9.1/ FF 13.0.1/SBIE 3.72 crashes the instant FF tried to open in the sandbox. Usual stuff on screen about a bad_pool_header same as always.

Nod32 AV 5.2.9.1/Aurora 15.0a2/SBIE 3.72/Windows 7 Home 64x
no crashes yet.

bwb1 · #17 June 19th, 2012, 11:00 AM

Quote:

Originally Posted by Marcos

Does disabling Device control integration solve the issue for you?

Where do I find this please?

bwb1 · #18 June 24th, 2012, 11:36 AM

Bump......now my previously OK laptop now crashes with BSOD and the bad_pool_header info, so have uninstalled SBIE on that.

King Grub · #19 August 3rd, 2012, 01:09 PM

Hello!

Was this BSOD also fixed with the 5.0.2126 version? I see information about the Device control BSOD being fixed in the change log, but nothing about this one. I got the bad_pool_header BSOD as the earlier posters in the thread did when using NOD32 with Sandboxie, and since I consider Sandboxie a must, I haven't used NOD32 since (and the bluescreens stopped right away after removing NOD32).

hyleaf · #20 August 5th, 2012, 11:28 PM

Quote:

Originally Posted by King Grub

Hello!

Was this BSOD also fixed with the 5.0.2126 version? I see information about the Device control BSOD being fixed in the change log, but nothing about this one. I got the bad_pool_header BSOD as the earlier posters in the thread did when using NOD32 with Sandboxie, and since I consider Sandboxie a must, I haven't used NOD32 since (and the bluescreens stopped right away after removing NOD32).

Same here, had to uninstall ESS until a fix is released. Any word from the developers? Thanks in advance.

King Grub · #21 August 8th, 2012, 06:44 AM

Guess not.

Marcos · #22 August 8th, 2012, 09:42 AM

Quote:

Originally Posted by King Grub

Hello!
Was this BSOD also fixed with the 5.0.2126 version? I see information about the Device control BSOD being fixed in the change log, but nothing about this one. I got the bad_pool_header BSOD as the earlier posters in the thread did when using NOD32 with Sandboxie, and since I consider Sandboxie a must, I haven't used NOD32 since (and the bluescreens stopped right away after removing NOD32).

Please provide instructions how to reproduce BSOD as I've tried it by opening Firefox in Sandboxie on Win7 x64 as mentioned in another post here but I didn't get any BSOD. I've noticed that the version of Sandboxie that is currently available and that I used for replication was newer than the one mentioned in this thread.

bwb1 · #23 August 8th, 2012, 11:06 AM

I got the BSOD with ESS 5.2.9.1/SBIE 3.72/W7x32/FF13 and 14. I removed SBIE and since then FF13/14 has behaved. The BSOD occurs instantly when you try to open FF in SBIE, and it is the bad_ pool_header matter. This happens on two computers with very similar set ups.

King Grub · #24 August 8th, 2012, 11:13 AM

For me it wasn't instantly when opening FF, but rather random. It could happen once a day or every other day. After booting up again and visiting the same webpage or doing the same thing in FF, it worked fine. Then a few days later another BSOD with the "bad pool header" pointing at eamonm.sys.

And this on two separate systems, both with Nod32, FF and Sandboxie (including the latest version). Both systems hardware-error free (passes 36 hours of Memtest+, IntelBurnTest with max settings and no problems whatsoever at any other time). Remove Nod32 and the problems went away.

I would really like to use Nod32 again, but I am not prepared to experience more BSODs because of it. There are many good AVs, but only one Sandboxie. That's why I wondered if this issue had been explored and/or corrected with the latest version of the program, even if the release notes didn't say anything about it.

King Grub · #25 August 25th, 2012, 12:38 PM

Well, no replies here I guess, but several threads on the Sandboxie forum indicate that the problem is still there, with the latest versions of both products, and it is still the ESET driver that is implacated in the BSOD logs.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search