Returnil 2.01 Beta BSOD

Discussion in 'Returnil Betas' started by Ed_H, Jan 13, 2009.

Thread Status:
Not open for further replies.
  1. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    I installed the 2.01 Beta version and was using memory caching mode during a session lock. All worked fine until I needed to reboot to exit Returnil's protection. The re-boot took much longer than usual and I eventually got a BSOD. Another re-boot had the same results so I uninstalled Returnil in safe mode.

    My system:
    Lenovo T61 Thinkpad
    Vista HP SP1
    Avira Premium
    DefenseWall 2.46
    Vista firewall

    What other info can I provide to help track this down?
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hello ffreedom01 and welcome :)

    Please reply with the exact text of the critical stop error. If you cannot remember, please try to reproduce the issue and get a picture of the Blue screen.

    Thanks
    Mike
     
  3. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL

    Hello Mike,

    Attached is a picture of the BSOD. It seems to be related to file protection as I have been able to enter session lock and re-boot OK without file protection enabled.
     

    Attached Files:

  4. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    Mike,

    Any update on this?

    Ed
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    that has been a problem with Returnil for a long time.:doubt:
     
  6. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi Guys,
    We are working on it and hope to have an updated version next week. This is another rare issue and hard to track down for the same reason. So until then do not use the File Protection or tools on your system as the cause is common to both.

    Mike
     
  7. uc-icq

    uc-icq Registered Member

    Joined:
    Oct 28, 2006
    Posts:
    129
    My only BSOD happened when I just turned on session lock as soon as desktop wallpaper showed up and Vista was still busy accessing HDD for its super-fetching stuff. And after reboot I took care not to turn session lock on until Vista completely loaded up and HDD not being accessed, I'm no longer having BSODs.
     
  8. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Is the Files and Tools issue affecting XP Pro too?
    Thanks.
    Hugger
     
  9. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    No, this is only affecting a small sub-set of Vista users. This does not effect users with XP or most Vista users...

    HTH
    Mike
     
  10. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Thanks Mike.
     
  11. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    Is there a target date for a new beta?
     
  12. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi,
    Sorry for the late reply on this. 2.0.1 is now final:

    https://www.wilderssecurity.com/showthread.php?t=234140

    We will begin the public testing for the new 3x generation as soon as possible following the release of the 2.0.1 Personal Edition.

    Mike
     
  13. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    I installed the latest version and got a BSOD shortly after enabling session lock with file protection on. Got another BSOD on reboot...had to uninstall in safe mode. I did not get the info from the blue screen but I have a mini dump I can email.
     
  14. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Do you know if you are using dynamic partitioning?
     
  15. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    No, they are basic partitions.
     
  16. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Have you tried checking your hardware? Run diaganostics on your RAM and HDD to make sure they are not the source of the issue.
     
  17. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    I ran Lenovo's utilities to check ram and the HD and also Hitachi's HD utilities and found no problems.
     
  18. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Some additional things you can check:

    1) New software OR recently uninstalled software. Is there any possibility that there was an installation issue or something you used in the past being improperly or incompletely uninstalled?

    2) MSCONFIG - Try disabling startup items (ONE at a TIME!) and see if the issue clears. This takes a bit of patience but may lead to an insight or cause for the issue.

    From your last post we have eliminated hardware causing the 050 error so we need to explore possible software (driver) conflicts.

    Mike
     
  19. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    I don't seem to get the BSOD unless file protection is turned on...might be a clash with DefenseWall's resource protection. I'll check it out in the next day or so.
     
  20. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    I finally got around to checking this out and it is DefenseWall and Returnil not getting along when Returnil's file protection is turned on. Any ideas Mike? I'll also post at the DW forum.
     
  21. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    To be brutally honest, no other than to place restrictions on non-system drives and partitions using native Windows policy or manually changing the access permissions for those files and folders manually.

    One idea is to check the rules in DW to see if one is specifically responsible for filtering changes made to these folders as it is conceivable that DW may have additional settings that keep malicious/unwanted programs from doing similar things (Ex: Removing read/write access or denying the user permission to even open the file or folder).

    Mike
     
  22. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Mike, just check the minidump file data (I'm installing Premium version in order to try to reproduce the issue on my virtual test machine):

    PAGE_FAULT_IN_NONPAGED_AREA (50)
    Invalid system memory was referenced. This cannot be protected by try-except,
    it must be protected by a Probe. Typically the address is just plain bad or it
    is pointing at freed memory.
    Arguments:
    Arg1: d210e000, memory referenced.
    Arg2: 00000000, value 0 = read operation, 1 = write operation.
    Arg3: 828ffc09, If non-zero, the instruction address which referenced the bad memory
    address.
    Arg4: 00000000, (reserved)

    MODULE_NAME: RVFsSec

    FAULTING_MODULE: 82817000 nt

    DEBUG_FLR_IMAGE_TIMESTAMP: 47ba6df1

    READ_ADDRESS: unable to get nt!MmSpecialPoolStart
    unable to get nt!MmSpecialPoolEnd
    unable to get nt!MmPoolCodeStart
    unable to get nt!MmPoolCodeEnd
    d210e000

    FAULTING_IP:
    nt+e8c09
    828ffc09 ?? o_O

    MM_INTERNAL_CODE: 0

    CUSTOMER_CRASH_COUNT: 1

    DEFAULT_BUCKET_ID: WRONG_SYMBOLS

    BUGCHECK_STR: 0x50

    LAST_CONTROL_TRANSFER: from 82871b54 to 828bc0f5

    STACK_TEXT:
    WARNING: Stack unwind information not available. Following frames may be wrong.
    c26032b0 82871b54 00000000 d210e000 00000000 nt+0xa50f5
    c26032c8 828ffc09 badb0d00 d210e000 85118000 nt+0x5ab54
    c260333c 82f5c300 d210dc00 80f06000 80de3d08 nt+0xe8c09
    c2603358 82f5b88b 877da3e8 80de3d08 80f05c00 RVFsSec+0x3300
    c260335c 877da3e8 80de3d08 80f05c00 00000000 RVFsSec+0x288b
    c2603360 80de3d08 80f05c00 00000000 00000001 0x877da3e8
    c2603364 80f05c00 00000000 00000001 80de3fb0 0x80de3d08
    c2603368 00000000 00000001 80de3fb0 80de3d08 0x80f05c00


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    RVFsSec+3300
    82f5c300 ?? o_O

    SYMBOL_STACK_INDEX: 3

    SYMBOL_NAME: RVFsSec+3300

    FOLLOWUP_NAME: MachineOwner

    IMAGE_NAME: RVFsSec.sys

    BUCKET_ID: WRONG_SYMBOLS

    Followup: MachineOwner
     
Thread Status:
Not open for further replies.