Bug Report: Do you see what I see?

Hi,

I am new to Process Guard and to Wilders, so please bear with me. I apologize for this long introductory post.

Process Guard has incredible potential, in my opinion, but after 4 crashes in 6 days on an otherwise stable system, I started hunting for clues. It usually crashed shortly after a script that piped data through multiple programs in succession, so I tried running an endless script. The results were both simple and strange.

I've tried to make it reproducible and hope to find out if it happens for anyone else. The following DOS batch file (crash.bat) is the simplest example that crashed my system.


@echo off
:AGAIN
cmd /c echo "Here we go again"
goto AGAIN

If I open a DOS window and run crash.bat with "Execution Protection" disabled (Protection Settings), everything is fine. It would probably run forever. However, if I run it with "Execution Protection" enabled, the system is doomed.

There are two different scenarios.

1) A quick, clean blow to the head:
Click on the 'PG' tray-icon, and close the main window of procguard.exe (making the 'PG' icon disappear from the tray), then open a DOS window and run crash.bat. Within a minute, I get an Application Error on dcsuserprot.exe (reference out of bounds). At this point, you can still close some windows, but the system is pretty much dead. You can manage a graceful shutdown using Ctrl-Alt-Delete-->Shutdown.

2) Slow death by strangulation:
With procguard.exe still running ('PG' icon is still in tray) the results are more complicated. To see what is happening, start Task Manager, select the Processes tab, click on the colum head entitled "CPU" so that largest percentage of time (probably System Idle Process) is at the top. When this is ready, open a DOS window and start crash.bat. At first, DCSUserProt.exe will probably be at the top, while procguard.exe will consume very few CPU cycles. Soon, however, procguard.exe starts using more and more of the CPU until 99% of the CPU is going to procguard.exe. After it runs a bit longer, I get a similar Application Error on dcsuserprot.exe. The system is now in a state much like the first scenario. Again, shutdown with Ctrl-Alt-Delete-->Shutdown.


I don't think there is a conflict between the applications I use, because I retested this after disabling my FW, AV, AT, AS and even 'Direct CD'. My discretionary startup is virtually nil except for Process Guard. The results are the same with no other startup programs active. Also, I retested a thrd time after successfully uninstalling, then re-installing Process Guard.

I'm using Windows 2000 (sp4) on an old Dell laptop (P3-800), so my description may be off for XP users. I'm anxious to hear if this happens for anyone else, because I'm hoping that Process Guard will be making my computer safer for a long time to come.

I also hope there is a chance to (quickly) address a situation where Process Guard generates some pretty excessive overhead, but I'll start a new thread for that.

Many thanks,
Mike

 

... oops, I forgot to mention I'm running the public beta (v3.0 beta2) of Process Guard.

 

sounds a lot like what happened to me .... read this

 

Hi earth1 .

I decided to try this out using XP Home SP2 just to see what happens.

Overall CPU usage never goes over 76% here. DCSUserProt.exe never goes over 10% and I get no crashes (typeing this while it's still running).Ran Crash.bat for 15 minutes.

Overall CPU usage got as high as 100% for this test. DCSUserProt.exe never goes over 11%, but procguard.exe does rise steadily, reaching a peak of 81% after 15 minutes. I get no errors or crashes though...still running while typeing.

Must be something to do with Windows 2000....just a guess though . Would definately be great if others can test this also.


Regards,
Jade.

EDIT: should have mentioned I tested with latest Private Beta. Will wait and see what the DCS lads say .

 

I wonder if this could be to do with the actual logging of the events, as I had a 2.5 +MB log file after testing, and MANY alerts on the Alert Screen .

Regards,
Jade.

 

The reason Bowserman couldn't experience the crash is because he is on the latest PRIVATE beta which fixed this problem with too many alerts buffering up and causing a crash.

Thanks a lot for your very informative testing though, it does help to have someone who puts a lot of detail and work into bug finding.

 

Thanks Jason....I had a feeling it was due to the amount of alerts .

 

Thanks everyone, glad to hear a fix is on the way. More than glad to verify it works on Win2000 if that would be helpful.

 

Hi Bowserman, Here Goes.. Process Guards alert screen is paging thousands of alerts but no crash.
Running it here as I type XP Pro SP2 Procguard.exe 60% to 70% CPU -
DCSuserProt.exe 2% to 5%
Total CPU usage appears to have settled at between 89% and 93% with 41 processes running.

Stoped test after several thousand alerts and a 3MB log file was created.


@Earth1 - Interesting test thanks.

Cheers. Pilli

 

This sounds similiar to what happens if you run NIS 2005 with its own protection activated and PG V3.