Occasional Crushes during process restraint - FAULTY SHELL EXTENSION

Started by smartbit, October 29, 2013, 04:25:39 PM

Previous topic - Next topic

smartbit

Hi,
I've been using Process Lasso for a several month now, all worked perfectly.

Unfortunately, several days ago, it started to crush about ~10 times a day.
Usually the behavior is:
- I hear the sound notification of a process being restrained (tried to identify which one, but it varies from crush to crush)
- Process Lasso stops responding
- After 2-3 seconds Process Lasso crushes with Windows' program crush message (Edit: see attachment)

-No configuration changes has been done to Process Lasso lately
-One possible clue - somewhere before the crushes appeared, I've switched from Avast! antivirus to Avira Antivirus.
(For somewhat reason, the 2014 Avast version didn't work properly on the PC)
*I checked Avira's logs, but all clear, there seems to be that Avira did not take any action that might cause the crush.

Another issue (and this one is Lassos' bug for sure):
- I tried to export the log to CSV
- The moment I click this in the menu, Process Lasso crushes immediately, with no warning messages.

Any suggestoins? Maby some known issues with the mentoned SW?

Process Lasso Pro x64 v.6.7.0.0
OS: Windows 7 x64 Ultimate (En), 16GB RAM

edkiefer

hi .

first I would set sound to off in main menu .

With AV see where you can add a process to exempt from AV and add PL GUI and governor.exe's

exporting log to cvs works here on w7 64bit
Bitsum QA Engineer

BenYeeHua

It can be the log issues?
Try copy the whole log folder as backup, then you delete all logs file.

As it is crashed, you can find the minidump at %LOCALAPPDATA%\CrashDumps.
Just upload the minidump by using attach, if you don't wanna let other people get it, just email to Official Support, you can find his email here.
https://bitsum.com/forum/index.php?action=profile;u=1

And ya, after crash, you can open the log file, it is readable but just with 1 space per words, so you can check the last restrained process.

When he is online, he will check the minidump. :)

smartbit

Some more info:

It's turned out that ProcessGovernor.exe is alive after the crush, so it's only the UI/manager process that dies all the time.

Minidump: I don't have such folder "\CrashDumps" (under  %LOCALAPPDATA% directory) - maybe because the Governor.exe was still alive at each crush.

Log files: I'm having some trouble finding their location, can you hint me the default location?

AV: I've added both Process Lasso's processes to the exception list of the Real Time scanner and monitor.  - No change in behavior, still experiencing occasional crushes...

BenYeeHua

QuoteIt's turned out that ProcessGovernor.exe is alive after the crush, so it's only the UI/manager process that dies all the time.

Minidump: I don't have such folder "\CrashDumps" (under  %LOCALAPPDATA% directory) - maybe because the Governor.exe was still alive at each crush.
That strange...
Check the registry value, it should be somewhere, or being disabled by some software that wanna save space.
http://msdn.microsoft.com/en-us/library/windows/desktop/bb787181%28v=vs.85%29.aspx

For finding where is the log, just open ProcessLasso UI, right click on the log, click on "Jump to log file on disk". :)
---
Or C:\Users\(your username)\AppData\Roaming\ProcessLasso\logs

edkiefer

Quote from: BenYeeHua on October 30, 2013, 12:58:12 PM
That strange...
Check the registry value, it should be somewhere, or being disabled by some software that wanna save space.
http://msdn.microsoft.com/en-us/library/windows/desktop/bb787181%28v=vs.85%29.aspx

For finding where is the log, just open ProcessLasso UI, right click on the log, click on "Jump to log file on disk". :)
---
Or C:\Users\(your username)\AppData\Roaming\ProcessLasso\logs
I don't have that path or folder "crashdumps" same with registry , no folder .
Win7 Pro 64bit
Edit; checked System properties>advanced>startup/recovery and path from kernal dumps is "%SystemRoot%\MEMORY.DMP"
thats default path .
Bitsum QA Engineer

BenYeeHua

Quote from: edkiefer on October 30, 2013, 01:17:50 PM
I don't have that path or folder "crashdumps" same with registry , no folder .
Win7 Pro 64bit
Edit; checked System properties>advanced>startup/recovery and path from kernal dumps is "%SystemRoot%\MEMORY.DMP"
thats default path .
Yup, it look like there should be no value in that, so if there are value in that, then some software changed the setting.

And, the System properties>advanced>startup/recovery is for BSoD.  ;)

edkiefer

ok, knock on wood this system been pretty stable .

only dumps I found are here C:\Windows\LiveKernelReports\WATCHDOG
which I think might be vid OC ones .

anyway, lets get back on topic .
Bitsum QA Engineer

smartbit

#8
Hi,
I've been away several days, now I'm back. Thanks for the replays.

I've noticed an important detail: the crashes start to appear only if the Lasso's UI has been opened since the program's startup.
If I just start it minimized to tray and leave it there, it will run fine, but once I open the UI to take a look, and close it again, several minutes later it will eventually crush.

(And btw, I tried to delete the log files - no change though)

Quote from: BenYeeHua on October 30, 2013, 12:58:12 PM
That strange...
Check the registry value, it should be somewhere, or being disabled by some software that wanna save space.
http://msdn.microsoft.com/en-us/library/windows/desktop/bb787181%28v=vs.85%29.aspx

For finding where is the log, just open ProcessLasso UI, right click on the log, click on "Jump to log file on disk". :)
---
Or C:\Users\(your username)\AppData\Roaming\ProcessLasso\logs

That worked, I've got the dump and the log of a recent crash, and sent it to the Support e-mail.



BenYeeHua


smartbit

Hi guys,
Well, it's been a week since I've send an email to the support ( support@bitsum.com ) on the issue.
But no word from there, not even "we will look at it, but only next year..."

Is it the right email address? Or is it anything else I should do to get some response?
Because it's kinda weird, not even to have a smallest acknowledgement that your voice has been heard....

BenYeeHua

Quote from: Official Support on November 10, 2013, 08:09:32 PM
And I was out of town for a week, work related - apparently Bitsum supporters aren't used to this, I think some people thought I died ;).
This is the answer for you, I think he has a inbox that full with email. :)

smartbit

Thanks for a quote.
Well, that's would make a lots of sense.

I'll wait with patience...

Jeremy Collake

Yes, this IS on my radar, please hold ... thanks for your patience! I won't release any new build until I've investigated what is going on here.
Software Engineer. Bitsum LLC.

smartbit

Thank you for the attention.

This is pretty annoying - every time I take a look at the Process Lasso's UI, I have to relaunch it so it'll continue to work...
Seems pretty bad to me, though I don't see others experiencing the same so far...

Contact me if any extra info is necessary.

BenYeeHua

Ya, anything(software or windows or game...) that crash is....
It just like your are thinking something, and someone just cut you down... :P
---Off-topic
Most people still angry for BSoD, and blame on Microsoft for why making the windows so unstable, but not finding which driver are causing this.

smartbit

Well, nothing in particular that causes it to crash. I mean, there is no specific SW/HW that I added/started that caused the crashes to appear.
The usage pattern of the PC is pretty much the same for the last 6 month at least, and the crash issues appeared a couple of weeks ago.

The only major change around the same time (as I mentioned in the posts above) was the attempt to upgrade Avast A/V to 2014 version, which was unsuccessful for several times in a row (all UI was empty after an upgrade) - very weird and still a mystery.
And since A/V is not something that can wait for weeks to be fixed, I removed Avast, and replaced it with Avira A/V.
Avira worked with no troubles at all (so far...).

Regarding violent security SW, I also run Comodo Firewall with defense plus (HIPS), I regularly check it's logs, and it never interrupted Process Lasso (it's in the "allowed" list), but again, nothing changed at this domain in the past several months.

There are also a bunch of other SW I run (web browsers, office, etc.) list of which is very long, and no changes were done there around the time that crashes begun.

P.S.: I don't blame anyone, I'm well aware that it might be some SW conflict as well as other program's bug, or some rare PL's bug that comes to life under very specific condition that happens to present at my PC.
I just want to figure out the issue, so everything can work properly again.

edkiefer

AV software can be very funny , many times it integrates into windows pretty deep .
Since yo had issues with  Avast , I wonder if it uninstalled cleanly , AV can be pain to remove all parts of it .
Maybe check if there app to remove all parts of it ,though now with another AV , it might not show anything .

Not saying that is a problem, but something to keep in mind .
Bitsum QA Engineer

BenYeeHua

Ya, Anti-virus can very easy to becoming a virus sometimes. ;D

I think it can be the old AV left some file loaded, and operating?

edkiefer

Bitsum QA Engineer

smartbit

I know, security SW can sometimes bite back at you..
When I removed avast, I also used their "Clean Tool" they provide on the website to remove remainings of the bad installations.
It runs in Safe Mode and suppose to do the job.

I also double checked that there are no avast processes left, as well as files it it's directory.
(for avast's inner components, in various windows system folders, I have to trust their cleanup tool to do the job...)

P.S.: edkiefer, thats exactly the cleanup tool i was talking about

edkiefer

Yes, second one was from Avast , there safe mode uninstaller .
Ok guess that is not a problem then , also if new AV works w/o errors , that generally good indicator old one removed ok .
Bitsum QA Engineer

BenYeeHua

Yup, windows don't like old software/dll/driver that you will never used. :)

Jeremy Collake

#23
The fact that no minidump is being generated suggests strongly that the crash is occurring in a third-party DLL mapped into ProcessGovernor.exe's process space. If it were in the governor's code, then it would have been caught by the top level exception handler. This would also explain why this is a sole report of such an anomaly.

Open 'Event Viewer' , go to 'Windows Logs' , then 'Application'.  See if additional details are listed in an event there. We should be able to at least see the faulting module, then we'll go from there.
Software Engineer. Bitsum LLC.

smartbit

Hi,

Regarding the minidump - it is indeed created (I've mailed it to the support mail before) for ProcessLasso.exe (not the governor though)

Anyways, I examined yet another crash, and here is the Windows Log data

Windows Log:
------
Faulting application name: ProcessLasso.exe, version: 6.7.0.0, time stamp: 0x5241ffc4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000031852
Faulting process id: 0x3524
Faulting application start time: 0x01cee2414ac34f0d
Faulting application path: C:\Program Files\Process Lasso\ProcessLasso.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: bb154cc5-4f67-11e3-8670-3c970e18378e
-----

For the ProcessLasso Log file and the minidump, I prefer to supply to support directly and not post it here, so I've mailed them to the support@bitsum.com

Hope it helps

And thanks again for your assistance :-)

Jeremy Collake

Got the minidump, thanks!

So, since a minidump was generated, ignore my speculation about it being caused by third-party code.

I'll try to take a look at the dump today, and hopefully get to the bottom of this.

Thanks much for your report, and I'll reply again soon!
Software Engineer. Bitsum LLC.

BenYeeHua

Quote from: Official Support on November 18, 2013, 04:24:23 AM
Got the minidump, thanks!

So, since a minidump was generated, ignore my speculation about it being caused by third-party code.

I'll try to take a look at the dump today, and hopefully get to the bottom of this.

Thanks much for your report, and I'll reply again soon!

lol, but sometimes I also facing this issues, reading too fast or too tired, and miss the important point. :)

smartbit

Btw, I've installed the latest version (6.7.0.6) today, manual install, reset all settings and preferences to default...

But sadly, it still crashes like crazy. As before, I usually have less than 30 sec. (sometimes <5s) with UI open, until the crash occurs.
If you need more crash dumps/logs, just say the word...

Jeremy Collake

I believe I'm hearing other reports of this. I've continued to be super busy, but the time has come to deal with this for sure!
Software Engineer. Bitsum LLC.

smartbit

Thanks for the info, sad to hear it for Saad (???), but it somewhat nice that i'm possibly not alone...
Anyways, thanks for your time, and keep up the good work going ;), it's a great SW anyways. It's pretty hard to get without it, once you got used to it...

Jeremy Collake

The crash is occurring within 'SugarSyncShellExt_64' . It is trying to draw over the process icons (placing an overlay), and is crashing while doing so.

This means that it's not actually Process Lasso's fault, it's this faulty shell extension.

Disabling process icons will most likely stop the crash. See 'View / Show process icons' .  Alternatively, you could disable this shell extension.

Please let me know how it goes!
Software Engineer. Bitsum LLC.

BenYeeHua

En...
So the other thread/people that also facing the GUI crash is not the same crash?

smartbit

So, to confirm it in this forum as well:

- The crash indeed was caused by SugarSync extension.

- The workaround (disabling the icons) works.

Regarding the SugarSync - turns out is was preinstalled on the Laptop as a part of the Lenovo ThinkVantage tools. I never actually used it, so I removed it for now, enabled the icons back in PL, and all is fine - no crashes :-)

Thanks for the support and a professional handling of this issue.
Once again PL reminds me that it is one of the very few products that deserved do be paid for (and I'm proud I did so).
;)

BenYeeHua

And also proved that, never install/keep the OEM software...
Too much issues with OEM software...:P

smartbit

Quote from: BenYeeHua on November 24, 2013, 02:08:59 PM
And also proved that, never install/keep the OEM software...
Too much issues with OEM software...:P

Well, that's correct in most cases.
Usually, vendors (some more than others) pack in a lot of "extra bundled software" with the PCs, which are more of an advertising than of a use. (One of a reasons to install the OS by yourself in most cases.)

But in laptop area you may need the OEM stuff for a vendor-specific extra hardware functionality. And Lenovo/IBM has some useful tools (as connection manager, power manager, and some more) that are much better than their Windows' counterparts. So even though, a half of their "ThinkVantage" package is pretty much useless to me, I let it alone.
Sadly, in the end even Lenovo managed to bite back with some OEM SW.

Edit: And BenYeeHua - Congrats on your 1000-th post!

BenYeeHua

Quote from: smartbit on November 24, 2013, 03:49:54 PM
But in laptop area you may need the OEM stuff for a vendor-specific extra hardware functionality. And Lenovo/IBM has some useful tools (as connection manager, power manager, and some more) that are much better than their Windows' counterparts. So even though, a half of their "ThinkVantage" package is pretty much useless to me, I let it alone.
Sadly, in the end even Lenovo managed to bite back with some OEM SW.

Edit: And BenYeeHua - Congrats on your 1000-th post!
lol, I can reach 10000 post in half of the year, so that's not a big surprised. ;)

Anyways, yes, laptop need their OEM software to get their FN-function works, and also something buggy like USB charger+.
So, uninstalling OEM software is just a workaround that not too good, the correct ways is the OEM fix their software!!! :P