HitmanPro.ALERT Support and Discussion Thread

What are you running on that other system?

 

No just one flyout.

 

Same programs as per my current signature, Erik.

Thanks.

 

W7 Ult. (64)

 

I am finally able to reproduce the crash.
Seems related to Windows 7 (possibly Windows Vista as well).

Thanks everyone

Expect a new build soon.

 

Erik, I am transferring a dumpfile to you. Seems I got some problem opening IE but not sure it is a HMPA (152) problem.

 

Yes!

 

Could this cause Windows to freeze also? Windows froze on me, and I had to do a hard shutdown. I was using build 148. I'm using Windows 7X64 Ultimate.

 

Erik, with build 152 no problems using Vista 32 bits and Firefox 35.0.1 (also a fligh out).

 

Firefox keeps crashing each time I click on download trial from this page. http://ax64.com/ Sometimes it crashes as soon as I click on it, and other times it crashes right after the download is complete. I'm not sure if HMPA is causing it, but maybe other users could check to see if they experience the same issue when downloading the trial. I'm using Windows 7X64 Ultimate. Below is the only information I received about the crash.

AdapterDeviceID: 0x6719
AdapterDriverVersion: 14.501.1003.0
AdapterSubsysID: 0b001002
AdapterVendorID: 0x1002
Add-ons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118,calomelsslvalidation%40calomel.org:0.72,fiddlerhook%40fiddler2.com:2.4.9.7,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.13,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1,firefox%40ghostery.com:5.4.1,%7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.6.7,%7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:5.0.12
AvailablePageFile: 13913460736
AvailablePhysicalMemory: 6042988544
AvailableVirtualMemory: 3404824576
BIOS_Manufacturer: American Megatrends Inc.
BlockedDllList:
BreakpadReserveAddress: 235864064
BreakpadReserveSize: 41943040
BuildID: 20150122214805
CrashTime: 1423824422
EMCheckCompatibility: true
EventLoopNestingLevel: 1
FramePoisonBase: 00000000f0de0000
FramePoisonSize: 65536
InstallTime: 1422297159
Notes: AdapterVendorID: 0x1002, AdapterDeviceID: 0x6719, AdapterSubsysID: 0b001002, AdapterDriverVersion: 14.501.1003.0
D2D? D2D+ DWrite? DWrite+ D3D11 Layers? D3D11 Layers+
ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
ProductName: Firefox
ReleaseChannel: release
SecondsSinceLastCrash: 254
StartupTime: 1423824190
SystemMemoryUsePercentage: 29
Theme: classic/1.0
Throttleable: 1
TotalPageFile: 17159340032
TotalPhysicalMemory: 8580620288
TotalVirtualMemory: 4294836224
URL: https://ax64.com/tour-product/
User32BeforeBlocklist: 1
Vendor: Mozilla
Version: 35.0.1
Winsock_LSP: MSAFD Tcpip [TCP/IP] : 2 : 1 :
MSAFD Tcpip [UDP/IP] : 2 : 2 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [RAW/IP] : 2 : 3 :
MSAFD Tcpip [TCP/IPv6] : 2 : 1 : %SystemRoot%\system32\mswsock.dll
MSAFD Tcpip [UDP/IPv6] : 2 : 2 :
MSAFD Tcpip [RAW/IPv6] : 2 : 3 : %SystemRoot%\system32\mswsock.dll
RSVP TCPv6 Service Provider : 2 : 1 :
RSVP TCP Service Provider : 2 : 1 : %SystemRoot%\system32\mswsock.dll
RSVP UDPv6 Service Provider : 2 : 2 :
RSVP UDP Service Provider : 2 : 2 : %SystemRoot%\system32\mswsock.dll
useragent_locale: en-US

 

Crash build 151 (W7 64 bits).

Logboeknaam: Application
Bron: Application Error
Datum: 13-2-2015 12:12:21
Gebeurtenis-id:1000
Taakcategorie: (100)
Niveau: Fout
Trefwoorden: Klassiek
Gebruiker: n.v.t.
Computer: ****2-PC
Beschrijving:
Naam van toepassing met fout: hmpalert.exe, versie: 3.0.29.151, tijdstempel: 0x54dca515
Naam van module met fout: hmpalert.exe, versie: 3.0.29.151, tijdstempel: 0x54dca515
Uitzonderingscode: 0x40000015
Foutoffset: 0x001e7513
Id van proces met fout: 0x2f4
Starttijd van toepassing met fout: 0x01d0476da874f2e6
Pad naar toepassing met fout: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Pad naar module met fout: C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
Rapport-id: 2d63ab07-b371-11e4-a188-001f16aa0c13
Gebeurtenis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-02-13T11:12:21.000000000Z" />
<EventRecordID>161297</EventRecordID>
<Channel>Application</Channel>
<Computer>****2-PC</Computer>
<Security />
</System>
<EventData>
<Data>hmpalert.exe</Data>
<Data>3.0.29.151</Data>
<Data>54dca515</Data>
<Data>hmpalert.exe</Data>
<Data>3.0.29.151</Data>
<Data>54dca515</Data>
<Data>40000015</Data>
<Data>001e7513</Data>
<Data>2f4</Data>
<Data>01d0476da874f2e6</Data>
<Data>C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe</Data>
<Data>C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe</Data>
<Data>2d63ab07-b371-11e4-a188-001f16aa0c13</Data>
</EventData>
</Event>

Edit: dmp sent by mail.

 

HitmanPro.Alert 3 Build 153 Release Candidate

Changelog

• FIXED: Windows 7 NT loader incompatibility introduced in build 152.
• IMPROVED: ROP mitigations.

Download
http://test.hitmanpro.com/hmpalert3b153.exe

Please let me know how this version runs on your computer

 

With build 153 Firefox starts without a problem. Sanboxed Firefox also no problem. Thank you.

 

OK, then all is good. I didn't really test older versions of HMPA, but I've now installed 153 and will run it with most features turned on, to see what happens. So far, Firefox and Opera 12 seem to run just fine inside the sandbox, no more error messages from Sandboxie. MPC also does not crash anymore. About the interface, is it possible to implement tool-tips when you hover over icons?

 

Tooltips is on our todo-list.

 

OK, cool. Another minor thing: Perhaps an idea to add "running applications" to the "safe browsing" menu, so that you can quickly add browsers to the protection list.

 

It is ok now on win7 Ult.(64)

 

The blue border, and blue shield in the lower right corner does not go away with Media Player Classic with build 152. I have to stop, and restart the video to get it to go away. It does not happen always, but it seems to happen more with mkv videos. Also the blue border around the video is out of alignment. It does not go all the way down to the bottom portion of the screen.

 

Hallo!
The "build 143" terminated an apllication on my computer, because it contained a malignant code.
The application is "Heartstone", a digital "free-to-play" game, but Virustotal didn't notice any malware...
how is it possible?
OS Win 7 (64 bit)

I upgraded the version from the 3.0.25 build 143 to the 3.0.30 build 153, but I can't activate the following processes:
system vaccination
cryptoguard
protection of processes
Need I to activate the license to do it, now?

 

Heartstone is executing code on the stack. Please remove it from mitigations.

 

Using W7-x64 with hpalert build 153:

1. EVERY .mp4 or .wmv file causes MediaPlayerClassic-x64-1.7.8. to be stopped by hpalert 153 showing a 'NullPage' mitigation error!
The protection template -> 'Media' was used for application MPC-x64.
Unchecking the memory mitigation 'NullPage' enables MPC-x64 to run again.

2. Application Soft Organizer 3.51, protected with template 'Other' runs into a 'ROP' mitigation error.
Uncheckink the ROP mitigation enables Soft Organizer to run again.

EDITed: Point 1. and 2. are valid TOO for build 143, 151 and 152
added the version of Soft Organizer (=3.51)

 

Build 153 is up and running fine so far on my machine. The issue with FF and IE11 has been resolved with this build.

Cheers!

 

Upgraded from 151 without error and running smoothly on Windows 7 x64