PG 1.2 Kernel Mode Failure

Discussion in 'ProcessGuard' started by siliconman01, Jan 23, 2004.

Thread Status:
Not open for further replies.
  1. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    ProcessGuard 1.2 continues to yield the Kernel Mode Failure if I allow ProcessGuard to started up on a system reboot.

    I uninstalled PG 1.5 in SAFE MODE completely prior to installing PG 1.2. I do not get the Kernel Mode Failure if I manually start up PG 1.2 after a system reboot and other pgms are up and running.
     
  2. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    Cannon attach to Kernel mode error remains here too. o_O
     
  3. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hmm ok this is probably a case where if PG was installed FIRST then everything would be fine. What do you have installed that might influence it ?

    Can I ask you both to send me an ASViewer log to gavindcs@iinet.net.au so I can look at it tonight

    Could help to uninstall and then try safe mode install. Dont know havent tried it but it cant hurt to try
     
  4. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    Uninstalled per thread http://www.wilderssecurity.com/showthread.php?t=16931

    Rebooted to safe mode and installed. Rebooted normally, no error. Dropped my key in the folder and rebooted, error came right back. I have not even enabled protection and it still gives the kernel error. o_O
     
  5. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    is pg_msgprot.exe is running in your taskmanager processes list ?
     
  6. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
  7. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    I have disabled everything in my startup except for PG and the error still occurs :oops:
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Eliot, Can you try the following: This applies to 1.200 as well 1.150 as starting afresh is sometimes better than trying to put right a poor install :)

    Before installing the new version it is better to make sure that all the old files are gone, so disable PG protection, stop pg_msgprot in task manager & run the ununstall from the PG folder.
    Reboot
    Using explorer delete all your PG folder files except for your keyfile if there are any.
    Then go to \windows\system32 and delete procguard.dll if there, then go to \windows\system32\drivers and delete procguard.sys if there.
    (I also deleted all PG's reg keys as I had been running beta's but this may not be necessary for V1.150 users)

    Before installing I closed all my running programmes AV/AT etc. Then Installed version 1.200 & rebooted.

    Tested with APT and all is fine

    HTH Pilli
     
  9. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    Gave it a go. Still no joy. Maybe when I get home later I can try installing to the default folder with PG. If any of you think that would matter please let me know because now I have it on the 3rd partition of my second hard drive. Speaking of which, all my dhard drives are SATA if that makes any difference. Off to work now, subscribed to thread so I can follow up. Catch you later :)

    [me=Eliot]really thanks you for your time and help!!![/me]
     
  10. Clive T

    Clive T Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    189
    Location:
    Kent, UK
    Eliot, I think I'm right in saying that v1.200's UI loads from the startup group and not from a run key in the registry.

    Check that the registry entry is disabled -- I had a similar problem when I upgraded today.

    If you can't find the key, I'm sure someone here will help you.
     
  11. joeblow

    joeblow Registered Member

    Joined:
    Jan 23, 2004
    Posts:
    7
    I began to see the same message after I installed abtrusion protector.

    I uninstalled at, but the message remained.

    Fortunately I had a restore point from before at was installed, and reverting to that got rid of the message.

    fwiw, the process guard driver was running, and the gui said it was enabled, so maybe it was still working.
     
  12. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Have tried the above suggestions to no avail. So I used my StartupDelayer program and delayed the startup of ProcessGuard GUI for about 60 seconds...no error. Works fine this way.

    Definitely indicates to me that it is a timing/stability problem.
     
  13. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    First tell me the date of PG_MSGPRot.exe in your Process Guard directory.

    Then try renaming that PG_MSGprot.exe to PG_msgprot1.exe then rebooting to see if you still get the attach error.

    Our beta team noticed the same issue when running an old PG_MSGProt.exe with the latest release.

    -Jason-
     
  14. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    The created date for PG-MSGProt.exe is 23-January-04, 12:49.59 PM

    No, the error message does not appear when PG_MSGProt.exe is renamed. Procguard.exe shows up in memory.

    HOWEVER, when I renamed PG-MSGProt1.exe back to PG-MSGProt.exe and rebooted, the error message DID NOT appear, the icon showed up for PG and it is in memory... Doggone thing!

    Of course, now I have all my list of protected programs in. Perhaps that is changing the timing a bit.
     
  15. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks Jason,

    Siliconman01,pg_msgprot must be running for protection to work, likewise it must be stopped by disabling protection or Task Manager before installing

    Further file information:

    procguard.exe is 200KB dated 23/01/04 - PG folder
    procguard.sy is 15KB and dated 23/01/04 - \windows\system32\driver
     
  16. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Phili,

    Those match the stats I have in my system.
     
  17. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hmm, I f you feel confident working in the registry - Do a search for "procguard" without the speech marks. What you are looking for is a folder "Run" called procGuard_ Start if it is there delete it.
    The key is
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - ProcGuard_Startup"="\"C:\\Program Files\\ProcessGuard\\procguard.exe\" -minimize

    Do NOT delete any other Procguard keys unless you wish to totally re-install procgurrd after running the uninstall programme.
    Procguard.exe should have placed a shortcut in your Start up folder Start - All programmes - Startup
     
  18. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    The installation did not put ProcGuard.exe in the Programs/Startup folder. It put it in the Registry Run list. I verified that on the initial installation.

    So it should be moved to the Startup folder??

    I have no problems with registry work and know how to get it in the Startup folder.
     
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Correct that must have been an install or uninstall fault.
    I have checked both these PC's and there should be no Run key for procguard.exe only the startup shortcut.

    You will find that after that PG should run correctly :) Check it with DCS's APT to make sure.

    So procguard.sys should have started at boot up, procguard.exe from the startup folder. pg_msgprot & procguard.exe should be running in Task Manager.
     
  20. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Change made and confirmed working.

    There must be a bug in the Installer for ProcessGuard. I confirmed that on installation, it loads the startup in the Registry RUN entries, NOT in the C:\Documents and Settings\All Users\Programs\Startup folder.

    There is ONE condition that may be fooling me. I use Ad-Aware6 Plus with Ad-Watch. It is set to BLOCK all Upper Registry modifications. IF the procedure of the PG Installer is:

    1. Place startup in the Registry RUN for the FIRST startup after installation.

    2. Issue the Alert Box that this is the first startup and do you want to add files automatically.

    3. If the user answers YES or NO, remove the entry from the Registry RUN and place a shortcut in the Startup folder.

    If this is the sequence, then Ad-Watch could/would block step 3 and the startup would be left in Registry RUN.

    If not this sequence, then the ProcessGuard Installer has a bug for Windows XP-SP1 Home. :eek:
     
  21. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Phew! Glad you have it working at last, As I was using the beta I deleted all references to PG in the registry so I cannot verify what AdWatch may or may not have done :)

    I use SSM and suspended it during the install - I also have AdAware Pro with AdWatch but rarely use it now.

    Others have not had problems so it is possible that AdWatch had an effect on the install - uninstall.

    You certainly desrve a Karma cookie for your trouble :D Best taken with a Jack Daniels or an Ice cold drink of your choice - Enjoy!
     
  22. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Gentleman Jack works just Fine! :rolleyes:
     
  23. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia

    Have another siliconman01,....glad you got it sorted out....good job.

    Regards,
    Jade.
     
  24. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    Tried everything in this thread with no luck. Still get the error on boot. I have noticed that my procguard.sys is 14.2KB and not 15KB as the post up there says. I have made sure that all traces of PG was gone and then installed. The file is 14.2KB every time. o_O
     
  25. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    The value listed depends on where you look as well as "meaning" of K. In Windows Explorer, you'll see 15KB. Right-click the filename and select properties and you'll see 14.2 Kb (14,543 bytes or 15 KB where K means a 1000 (and the value is rounded up) not usual 1024, which yields 14.2 KB - confused yet?)

    Blue
     
Thread Status:
Not open for further replies.