Active Debugger???

Discussion in 'Port Explorer' started by Rikster33, Dec 28, 2002.

Thread Status:
Not open for further replies.
  1. Rikster33

    Rikster33 Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    37
    Has anyone received this error when trying to run PE
    "This program does not run on machines with active system debugger"
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi again Rikster33.
    Still puzzling on this one. As you know by now how to download your proper registered copy, install it, copy in your licence keyfile and reboot, start PE and write in your unlock code if you get that far (do you? or where does the message appear?) than all that must be ok from your side.
    Here comes to look for the debugger which might be active and wondering which one.
    In the other thread mentioned the MDM.exe from windows itself (in TDS, if you look in the System Analysis > Autostart Explorer > in the main or any of the other files/tabs there or the Process list any unknown process which might be or look like a debugger?)
    Hoping Jason can find it with some testing files with you, so i hope you've been able to access your PE area on the website and write this in the feedback form. Hoping for a quick solution, but in the meantime also maybe other people with suggestions which possible debuggers might be around without our knowledge.
    I like to know if you before the registered PE version also used the trial and if so, if you got any error messages of this kind in that too?

    In the meantime i also IM-ed the DCS team in their location so they'll find it when they come around from their seasons break.
     
  3. Rikster33

    Rikster33 Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    37
    Hello Jooske, looks like only tds is the only 1 registered i will keep tryin the wg and pe programs and let ya know,thanks
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Rikster33,

    Are you using any programs which can step through execution of other programs, or pause any program completely to see what it is doing?
    Some AV or Active Monitor?

    Regards,

    Pieter
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    For who missed the first part of the whole story and might see ideas not mentioned yet:
    http://www.wilderssecurity.com/showthread.php?t=5789


    Pieter you just mentioned a magical term: AV, which reminds me i forgot to recommend before installing anything at all to close any anti-virus/anti-trojan programs from running, and the firewall, (especially if it's ZoneAlarm)
    or even get them from the auto-start and reboot, so to make sure none of them is running.
    This is in general for software installation, but with WormGuard and Port Explorer which go so very deep into the system it might be an extra help.
    Also possible Registry Protection like RegRun, RegProt you might like or need to disable temporary.
    In cases it could even --depending on the systems itself-- be better to first install PE and after WG, where TDS comes in this order doesn't matter i guess, do all the copying in of keyfiles, rebooting (maybe a reboot after each install on a win98 system -- could win98 have specialties different from win98SE ?) but make sure all keyfiles are copied into their own program, so not the PE key in the WG or TDS and it's no use to put the PE key in the PE trial, only in the full version.

    Looking forward to reading next episodes........
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Jooske,

    It just came to me in a flash ;)
    I am so used to installing almost anything in safe mode, that it is easy to forget about possible conflicts while installing.
    Maybe that´s the best way to go Rikster33.
    Boot into safe mode and then install the programs in the following order Jooske suggested.

    Regards,

    Pieter
     
  7. Rikster33

    Rikster33 Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    37
    Ok I get as far as "Run this program to unlock your code" thats when the error appears. TDS also saw a change in autostart "
    $ Enternet=C:\PROGRAM FILES\NTS\ENTERNET300\APP\EnterNet.exe -AutoStart" Not sure if this is the debu problem? Anyhow i have the code just cannot unlock it.
    thanks again
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi Rikster33,

    Sorry, I have to ask: are you using the short code you got from the website mentioned in your e-mail and not the long code from the same mail?

    Regards,

    Pieter
     
  9. Rikster33

    Rikster33 Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    37
    I've used the long passy to downLoad PE but have not had the chace to use the small code
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Did you install PE - copy your keyfile into the PE directory - reboot the computer - start PE - see the popup telling to include there your unlock code (the small code you got from your web site location) - include that unlock code?
    Do you again get the debugger error message here?

    I'm not familiar with the Autostart change TDS gave, do you know that program mentioned yourself, any idea where it comes from or what it is?
    What happens if you remove that one from the autostart, reboot and try again with PE ?
     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    I did some searching on this Enternet and came across: http://www.nts.com/support/Docs/enternet_cmdline.html
    Does that clarify things?

    Groetjes,

    Pieter
     
  12. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Rikster33, are you running a debugger by any chance like the message box says? :) Softice for instance, installs itself as a system debugger on WINNT/2k/XP machines, Softice is used for reverse engineering software and the protection scheme we use doesn't allow a debugger to be running whilst Port Explorer is, obviously to protect the software. The only time that messagebox will come up is when you have some form of debugger active whilst running Port Explorer, it has nothing to do with the install process or not, if you remove the debugger it will work.
    -Jason-
     
  13. Rikster33

    Rikster33 Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    37
    Hello Jooske I see your online, The link left by Pieter shows what is in my system but not sure what to do if anything.
    Still getting the error b4 i can use the code.
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Dear Jason, good to see you here and all that during your holiday break! thanks so much! Hope you're having a good time.

    Rickster runs in so many unexpected problems, using Win98. I wonder if going for Win98SE would make any difference?
    I don't think from the description i don't think the enternet registrykey has to do with this, there must be another one.
    If you look in TDS > System analysis > Process Lists , is there anything unknown or known which could be a debugger?

    In other parts in the forums here was posted about a program logging all start programs, will hunt for that URL and post here so we might be able to look with you once you run and post it here.
     
  15. Rikster33

    Rikster33 Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    37
    Jooske and Jason,
    I will look in the TDS list and post it here maybe that will help us.
     
  16. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    It's hard to make a copy of the process list unfortunately, so you might like to use this little tool: (this is a direct download to the file!)
    http://home.earthlink.net/~rmbox/Reticulated/StartLog.zip
    Download and click the little zip file (about 29kb) and have it extracted somewhere, nothing to install.
    This you can run and gives a full output of all that is started on your system (thought there was another one but can't find it in the forums this moment); the log you can save as a text and paste it here in a posting, so we can look with you if anything looks like a debugger. And there must be more the matter unless you succeeded in the meantime to copy your WormGuard key in the WG directory and got it registered by now.

    Just found a brother of the program, which is downloadable here at wilders.org, which gives more info:
    http://www.wilders.org/HTMLobj-1488/startuplist.zip
    it downloads immediately!
     
  17. Rikster33

    Rikster33 Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    37
    Here is the list i copied to notepad,and yes I registered the womguard. C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM\FILES\NTS\ENTERNET 300\APP\ENTERNET.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\TDS-3.EXE
     
  18. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi, we crossed, in my posting above i posted a better version of the same program, do you mind trying to get and run that too? Think that is the one used here more often in the forum; doesn't matter that the output is big, we can always delete it if we've seen what we want to know :)
    So please paste away for us. It might contain more specific parts here.

    At the moment i paste this little part i see:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "$EnterNet"="C:\\PROGRAM FILES\\NTS\\ENTERNET 300\\APP\\EnterNet.exe -AutoStart"
    "POINTER"="point32.exe"
    "EnsoniqMixer"="starter.exe"
    "Mount Safe & Sound"="C:\\PROGRAM FILES\\MCAFEE\\MCAFEE SHARED COMPONENTS\\SAFE&SOUND\\FBMOUNT.EXE"
    "ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
    "SystemTray"="SysTray.Exe"

    The "enternet" key you posted about;
    i wonder what is POINTER? and i wondered seeing in fact only mcafee if you tried a few moments to run PE without mcafee just to make sure there is no conflict between those (there should not and never heard there were, but a few moments to make sure on your system...?)
    Looking forward to your next posting.

    Do you really have so few programs started? No agentsvr.exe and all those? Hmmm..

    You succeeded with the WG in the meantime, displaying "registered" in the console and "about" ? That is good news! So step by step you're getting closer! Congratulations with that part too, so now it's only PE -- wished it could tell which program is seen as a debugger :( but we'll find out for sure!
     
  19. Rikster33

    Rikster33 Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    37
    Yes I shut down other start up progs to eliminate conficts, also pointer is the mouse "explorer"
     
  20. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Aha, so pointer will not be the problem; as you have both WG and TDS running i suppose you have all required system files as well.
    Did you try the other startup program i posted later here above?
    Hope Jason comes with more suggestions.........
     
  21. Rikster33

    Rikster33 Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    37
    Still looking for that debugger and how to remove it--Thanks
     
  22. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    If we only knew which it could be, in the startup list from the other day did not see anything suspicious. What happens if you close the mcafee virushield or life update and that enternet for a moment? It's the last i can think of this moment.
    Also if you look with contr+alt+del, is there anything you don't recognize, or an old program running in the background? (it should show up in the TDS process lists, ...
    In the MSConfig you might like to disable all autostarts and see what happens then.
    As PE even runs on 486 and win95 systems there can't be a problem with that in general, you looked in your IE browser as well in the advanced settings for not displaying page errors and script errors in webpages which would make the windows debugger jump up .. is there such an option in any of your possible other browsers even if you would not use them at the moment? Not even the windows critical update alert could cause this (i had it enabled some time to test this with PE), what more did you try in the meantime?
    There is one more try, sorry for an extra download: i wrote somewhere about the Faber Toys (free from www.faberbox.com ) which you can start, start also PE, and in FT get the PE process and all started with that.
    It displays all dlls and files started with PE, the same you can look at with all the other processes running one by one.
    But what could function as a debugger?
     
  23. Rikster33

    Rikster33 Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    37
    Looske, I will email you my results ok
     
  24. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Got it; you went really deep! Wow! That is Jason-stuff! (and Wayne/Gavin).
    If you start FT, in the "tools > dependencies you get a listing like the process list in TDS almost.
    In that upper window get the Portexplorer, click on it and you see all modules started with that. So that will not be the over 864 handles you sent me from the kernel details, in which i see several times the word "debug" but i can't find out clearly if that is just a standard function in the kernel, so i will look the same way at mine now, or something special for your kernel.

    (Edited: in the meantime compared it with my kernel version giving the same handles, and my PE functions, so it must be in another area.)

    The "dependencies list gives where possible a name to the various files found there and this is the one i also use if i want a quick look for dll's versions, to see if updates changed versions, which BHOs are started with IE, etc.
    Think you will like this toy and find more use for it.

    We get nearer to a solution, for sure.
     
  25. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Received your overview with Faber toys of the dependencies of PE.
    I see you have only 10 processes running from there and i have 44. Why?
    I have TDS and WG running (WG does not show in the process list), the FW, IE, OE, VisualZone, a guard from my internet connection, etc.
    In those 10 of yours i only see the Mcafee virushield as last item to try to close and see if that does anything.
    I hope when Jason comes back from seasons break he has more tests for you to run and look at.
    When you got the evaluation version of PE, did you get the same error messages or nothing at all?
     
Thread Status:
Not open for further replies.