Trust No Program

Windows Installer not working

Please post your problem description here

Postby tzuk » Wed Jan 26, 2011 7:50 pm

Ah, good results.

msiserver, bits and wuauserv run under the LocalSystem account.
cryptsvc runs under your own user account.

Therefore it seems to me the problem is not specifically with msiserver but rather something in your system is preventing Sandboxie from running programs under the LocalSystem account.

I don't know if a Windows update is responsible for that. I'd look more into any other security software that you use.
tzuk
tzuk
Site Admin
 
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Postby Ad » Wed Jan 26, 2011 8:28 pm

Some other services running from the Local System account can also be started fine. SharedAccess and Netlogon for example. The security software I use didn't change nor their settings and it did already work with them.

On my systems the cryptsvc is configured to start under the local system account like all the others, isn't that the default?

Any other way for me to narrow down the cause of this logon problem?
Ad
 

Postby tzuk » Thu Jan 27, 2011 12:49 am

Why are we talking about services in general? SharedAccess and Netlogon don't run in the sandbox so why bring them up.

Under the sandbox, CryptSvc (SandboxieCrypto) runs under your standard user account. The others, including MSIServer, all run with SYSTEM privileges. And you were able to start CryptSvc but not any of the others.

So again I am saying that apparently you can't get programs in the sandbox to run under LocalSystem. I am not sure why. For example one possible scenario: At some point, your security software popped a question that SbieSvc.exe is trying to run a program under LocalSystem, and you blocked it.

Or maybe you enabled Drop Rights in Sandboxie and then you hid the messages that inform you that a service was blocked due to dropped rights.

You probably think these are silly examples, and maybe they are, but my point is the most likely reason for this problem is that something is preventing Sandboxie from running programs under LocalSystem.
tzuk
tzuk
Site Admin
 
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Postby Ad » Thu Jan 27, 2011 5:08 pm

You are right those services are not relevant because they are not started inside the sandbox. Hadn't thought about that, sorry.

Aside from my effort to find the cause of this issue I guess that's the end of it for now. I went back and checked on my other system which is running a very static overall configuration except for individual software updates for security fixes and Windows Updates and it has the same problem. It's just no good continuing unless someone with a fresh idea chimes in.

Thank you for your support so far. :)
Ad
 

Postby tzuk » Fri Jan 28, 2011 1:05 pm

Well, in case you're still around and still willing to experiment with this:

Another question I have is whether the service programs start in the sandbox when you do "net start". I.e. do they start and immediately fail. Or do they not start at all.

So suppose you do "net start bits", do you see SandboxieBITS.exe appearing in Sandboxie Control?
tzuk
tzuk
Site Admin
 
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Postby Ad » Fri Jan 28, 2011 6:53 pm

Except for cryptsvc which starts successfully sandboxed right away all show the same behavior. Bits, wuauserv and msiserver launch a Start.exe child process under SbieSvc.exe. After approximately 30 seconds the error message about the logon is being displayed. That's all. The Start.exe's will just sit there until I kill them.


Code: Select all
MSIServer
"C:\Program Files\Sandboxie\Start.exe" /model:2308:\Sessions\0\DosDevices\00000000-000304f2: C:\WINDOWS\system32\msiexec.exe /V
BITS
"C:\Program Files\Sandboxie\Start.exe" /model:3124:\Sessions\0\DosDevices\00000000-000304f2: "C:\Program Files\Sandboxie\SandboxieBITS.exe"
Ad
 

Postby tzuk » Sat Jan 29, 2011 10:53 pm

I see. In this case, would you mind using the windbg debugger on that Start.exe to see where it is stuck?

I have some detailed instructions for doing this here:

http://www.sandboxie.com/index.php?HowToUseWinDbg

You obviously want scenario 2 from that page, i.e. attach the debugger to a running program.
tzuk
tzuk
Site Admin
 
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Postby Ad » Sun Jan 30, 2011 1:56 pm

Hopefully this is the correct output:

Code: Select all
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 01000000 0101c000   C:\Program Files\Sandboxie\Start.exe
ModLoad: 7c910000 7c9c9000   C:\WINDOWS\system32\ntdll.dll
ModLoad: 7c800000 7c908000   C:\WINDOWS\system32\kernel32.dll
ModLoad: 77da0000 77e4a000   C:\WINDOWS\system32\ADVAPI32.dll
ModLoad: 77e50000 77ee3000   C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 77fc0000 77fd1000   C:\WINDOWS\system32\Secur32.dll
ModLoad: 77ef0000 77f39000   C:\WINDOWS\system32\GDI32.dll
ModLoad: 7e360000 7e3f1000   C:\WINDOWS\system32\USER32.dll
ModLoad: 77f40000 77fbc000   C:\WINDOWS\system32\SHLWAPI.dll
ModLoad: 77be0000 77c38000   C:\WINDOWS\system32\msvcrt.dll
ModLoad: 7e670000 7f2c6000   C:\WINDOWS\system32\SHELL32.dll
ModLoad: 774b0000 775ee000   C:\WINDOWS\system32\ole32.dll
ModLoad: 76350000 7639a000   C:\WINDOWS\system32\comdlg32.dll
ModLoad: 773a0000 774a3000   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll
ModLoad: 7d220000 7d25e000   C:\Program Files\Sandboxie\SbieDll.dll
ModLoad: 76330000 7634d000   C:\WINDOWS\system32\IMM32.DLL
ModLoad: 005a0000 006fc000   C:\Program Files\Sandboxie\SbieMsg.dll
ModLoad: 5b0f0000 5b128000   C:\WINDOWS\system32\uxtheme.dll
(d7c.634): Break instruction exception - code 80000003 (first chance)
eax=7ffde000 ebx=00000001 ecx=00000002 edx=00000003 esi=00000004 edi=00000005
eip=7c91120e esp=0070ffcc ebp=0070fff4 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
ntdll!DbgBreakPoint:
7c91120e cc              int     3
0:001> .sympath srv*C:\Windows\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\Windows\Symbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
0:001> .reload
Reloading current modules
...................
0:001> ~* k 99

   0  Id: d7c.378 Suspend: 1 Teb: 7ffdd000 Unfrozen
ChildEBP RetAddr 
0006ea08 7e369418 ntdll!KiFastSystemCallRet
0006ea40 7e3749c4 USER32!NtUserWaitMessage+0xc
0006ea68 7e38a956 USER32!InternalDialogBox+0xd0
0006ed28 7e38a2bc USER32!SoftModalMessageBox+0x938
0006ee78 7e3b63fd USER32!MessageBoxWorker+0x2ba
0006eed0 7e3a0853 USER32!MessageBoxTimeoutW+0x7a
0006eef0 7e3b6579 USER32!MessageBoxExW+0x1b
*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\Sandboxie\Start.exe
0006ef0c 01001ff9 USER32!MessageBoxW+0x45
WARNING: Stack unwind information not available. Following frames may be wrong.
0006ff30 010029f0 Start+0x1ff9
0006ffa8 010031f5 Start+0x29f0
0006ffc0 7c817077 Start+0x31f5
0006fff0 00000000 kernel32!BaseProcessStart+0x23

#  1  Id: d7c.634 Suspend: 1 Teb: 7ffdc000 Unfrozen
ChildEBP RetAddr 
0070ffc8 7c961e40 ntdll!DbgBreakPoint
0070fff4 00000000 ntdll!DbgUiRemoteBreakin+0x2d



The Start.exe command-line: "C:\Program Files\Sandboxie\Start.exe" /model:1236:\Sessions\0\DosDevices\00000000-0003064e: C:\WINDOWS\system32\msiexec.exe /V
Ad
 

Postby tzuk » Sun Jan 30, 2011 3:25 pm

The debug log was done correctly. But it suggests you're still using version 3.46. When people keep using version 3.46 even in the face of problems, that tells me something. Anyway, my mistake for not asking the version number, and I certainly paid for that mistake with my time. Obviously, you should upgrade to the latest version.
tzuk
tzuk
Site Admin
 
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Postby Ad » Sun Jan 30, 2011 4:57 pm

I am sorry having wasted your time then. Yes I use version 3.46 because it is working perfectly fine otherwise.
The reason I did not update is the introduced requirement to reactivate after X period of time which would be a first for any software I ever used to be reactivated just because time has passed. Should the terms of the activation finalize and settle down I might update at some point, but I don't see that happening for the moment.

A one-time activation I could bear instead of having a possibility that Sandboxie suddenly stops to work because of the activation. This is because I rely heavily on the "force" feature. But you don't want to hear that because everything has been said already, so again sorry and thank you for your help anyway.
Even if you didn't mean to, to me your last post had a distinct undertone indicating that I might not have a valid license which is not true. I just wanted to make that clear.
Ad
 

Postby nnezz » Sun Mar 25, 2012 11:46 am

My experience with wuauserv errors is that they happen if internet/network access has been blocked in the sandbox.
nnezz
 
Posts: 44
Joined: Tue Jul 13, 2010 12:52 pm

Previous

Return to Problem Reports

Who is online

Users browsing this forum: No registered users and 3 guests