launch problems on windows vista business sp1

Started by darkone, July 25, 2009, 03:47:41 PM

Previous topic - Next topic

darkone

hi,

as said in the topic, i'm unable to start process lasso. i've tried several ways, with- and without administrator rights, different program/installation settings (normal/higher rights), but the result is the same:

the process "ProcessGovernor.exe" was started (active in sysinternals process explorer), but if i try to start "ProcessLasso.exe" (the gui?), a message box from windows tell me something about problems with ntdll.dll... restarting and reinstalling didn't solve the problem...

the windows error log entry:
Protokollname: Application
Quelle:        Application Error
Datum:         25.07.2009 20:01:07
Ereignis-ID:   1000
Aufgabenkategorie:(100)
Ebene:         Fehler
Schlüsselwörter:Klassisch
Benutzer:      *******************
Computer:      *******************
Beschreibung:
Fehlerhafte Anwendung ProcessLasso.exe, Version 3.6.2.1, Zeitstempel 0x4a6a035e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000005, Fehleroffset 0x00035bd9, Prozess-ID 0xc6c, Anwendungsstartzeit 01ca0d51e260b4a0.
Ereignis-XML:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2009-07-25T18:01:07.000Z" />
    <EventRecordID>3732</EventRecordID>
    <Channel>Application</Channel>
    <Computer>*******************</Computer>
    <Security />
  </System>
  <EventData>
    <Data>ProcessLasso.exe</Data>
    <Data>3.6.2.1</Data>
    <Data>4a6a035e</Data>
    <Data>ntdll.dll</Data>
    <Data>6.0.6002.18005</Data>
    <Data>49e03821</Data>
    <Data>c0000005</Data>
    <Data>00035bd9</Data>
    <Data>c6c</Data>
    <Data>01ca0d51e260b4a0</Data>
  </EventData>
</Event>


os: windows vista business sp1, 32 bit, microsoft update enabled and the latest patches installed
cpu: q6600

do you have some idea, whats the problem...?

oh, and sorry for my bad english, as you can guess from the error dump i'm german^^

Jeremy Collake

That is strange the the GUI would crash, but not the core engine. The base code that accesses NTDLL is the same..

Since Process Lasso uses the lowest level NT API available (from NTDLL.DLL), it is conceivable that improperly implemented changes to, or hooks on, the NT kernel could result in this behavior. Why it would affect only the GUI, I don't know.. perhaps some other process is injecting code into GUI processes and hooking APIs, causing problems.

Do you have any special software installed on your system that may be affecting the NT kernel? One example would be security software that injects hooks into the kernel (more than just a typical AV software). Another example would be malware - a rootkit. I would definitely check for rootkits, though they are sometimes very hard to detect while the system is running.

Anyway.. I suspect there is some sort interoperability issue with other software on your system, though I could be wrong. Can you think of anything unusual about your system, or the software you have installed on it?

Software Engineer. Bitsum LLC.

darkone

back after some rootkit scans, but nothing interisting found (only some hidden files)...
may be it's my internet security software, "comodo internet security (firewall & antivirus, malware protection disabled)"...

any idea, how to fix it?