Jump to content
Mumble forums

crash on Windows 7 (32b)


dred3
 Share

Recommended Posts

0:001> kb

ChildEBP RetAddr Args to Child

0286f6a8 006450fb 006a5f20 00767288 0286f6f0 ntdll!RtlEnterCriticalSection+0x12

WARNING: Stack unwind information not available. Following frames may be wrong.

0286f6b8 00643f0c 0000000d ee073b95 00000000 wl_hook+0x450fb

0286f6f0 0063e01b 00767288 00000000 00000000 wl_hook+0x43f0c

0286f708 0063e0a5 00600000 00000002 00000000 wl_hook+0x3e01b

0286f748 0063e160 00600000 0286f774 77d0afc4 wl_hook+0x3e0a5

0286f754 77d0afc4 00600000 00000002 00000000 wl_hook+0x3e160

0286f774 77d0b5b1 0063e142 00600000 00000002 ntdll!LdrpCallInitRoutine+0x14

0286f814 77d0b338 0286f884 7512c0c8 00000000 ntdll!LdrpInitializeThread+0x15b

0286f860 77d0b365 0286f884 77cb0000 00000000 ntdll!_LdrpInitialize+0x1ad

0286f870 00000000 0286f884 77cb0000 00000000 ntdll!LdrInitializeThunk+0x10

 

now I undestand that is a problem mumble + outpost_firewall(wl_hook)

is any solution for this bug?

Link to comment
Share on other sites

yes, wl_hook - its Outpost

looks like its their bug

 

FAULTING_IP:

ntdll!RtlEnterCriticalSection+12

77cf6bf0 f00fba3000 lock btr dword ptr [eax],0


EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)

ExceptionAddress: 77cf6bf0 (ntdll!RtlEnterCriticalSection+0x00000012)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 00000001

Parameter[1]: 006a5f24

Attempt to write to address 006a5f24


DEFAULT_BUCKET_ID: INVALID_POINTER_READ


PROCESS_NAME: mumble.exe


ERROR_CODE: (NTSTATUS) 0xc0000005 -


WRITE_ADDRESS: 006a5f24


NTGLOBALFLAG: 0


APPLICATION_VERIFIER_FLAGS: 0


ADDITIONAL_DEBUG_TEXT: Followup set via attribute from Frame 0 on thread ffffffff


LAST_CONTROL_TRANSFER: from 006450fb to 77cf6bf0


FAULTING_THREAD: 00001734


PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ


BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ


STACK_TEXT:

006a3b40 wl_hook

77870000 kernel32!_imp__DebugBreak (kernel32+0x0)

006450fb wl_hook

006a5f20 wl_hook

00643f0c wl_hook

00600000 wl_hook

0063db80 wl_hook

0063e01b wl_hook

0063e0a5 wl_hook

0063e160 wl_hook

77d0afc4 ntdll!LdrpCallInitRoutine

77d0b5b1 ntdll!LdrpInitializeThread

0063e142 wl_hook

77d8714c ntdll!LdrpProcessInitialized

77d0b58b ntdll!LdrpInitializeThread

77ccd75d ntdll!_except_handler4

77d0b338 ntdll!_LdrpInitialize

77cb0000 ntdll!`string' (ntdll+0x0)

77d0b365 ntdll!LdrInitializeThunk

77cdd662 ntdll!TppWorkerThread

77cf64d8 ntdll!RtlUserThreadStart



FOLLOWUP_IP:

wl_hook+a3b40

006a3b40 205f6a and byte ptr [edi+6Ah],bl


SYMBOL_STACK_INDEX: 0


SYMBOL_NAME: wl_hook+a3b40


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: wl_hook


IMAGE_NAME: wl_hook.dll


DEBUG_FLR_IMAGE_TIMESTAMP: 4ca48649


STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; dds 286f698 ; kb


FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_wl_hook.dll!Unknown


BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_wl_hook+a3b40


Followup: MachineOwner

 

PROCESS_NAME: mumble.exe

 

it crashed on startup, the mumble main window doesnt painted even

is mumble have some antirootkits or antidebug methods?

I do not saw the sources yet

some idea I have to compile it with debug info and then test it

Link to comment
Share on other sites

and I see now some debugger logs from mumble before crash

and some hook methods in sources (void HardHook::setup(voidFunc func, voidFunc replacement))

that is a reason of the crash I think

HardHook: Asked to replace 7E379766 with 00464E60

HardHook: Unknown opcode at 0: b8 50 12 0 0 ba 0 3 fe 7f ff 12

HardHook: Asked to replace 7E3742ED with 00464E10

HardHook: Chaining from 7E3742ED to 01165574

HardHook: Unknown opcode at 0: 90 58 68 74 55 16 1 50 50 e9 9e 61

which functions hooks the mumble?

outpost protects own memory and modules

near this......

Link to comment
Share on other sites

  • Administrators

Mumble hooks into OpenGL and Direct3D applications.

I guess Outlook doesn’t use Direct3D to draw!?


You can disable the Mumble overlay so no hooking on Mumbles side will happen, and see if that helps.

[HKEY_CURRENT_USER\Software\Mumble\Mumble\overlay]
"enable"="false"

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...