This is a read-only archive of the Mumble forums.

This website archives and makes accessible historical state. It receives no updates or corrections. It is provided only to keep the information accessible as-is, under their old address.

For up-to-date information please refer to the Mumble website and its linked documentation and other resources. For support please refer to one of our other community/support channels.

Jump to content

crash on Windows 7 (32b)


dred3
 Share

Recommended Posts

0:001> kb

ChildEBP RetAddr Args to Child

0286f6a8 006450fb 006a5f20 00767288 0286f6f0 ntdll!RtlEnterCriticalSection+0x12

WARNING: Stack unwind information not available. Following frames may be wrong.

0286f6b8 00643f0c 0000000d ee073b95 00000000 wl_hook+0x450fb

0286f6f0 0063e01b 00767288 00000000 00000000 wl_hook+0x43f0c

0286f708 0063e0a5 00600000 00000002 00000000 wl_hook+0x3e01b

0286f748 0063e160 00600000 0286f774 77d0afc4 wl_hook+0x3e0a5

0286f754 77d0afc4 00600000 00000002 00000000 wl_hook+0x3e160

0286f774 77d0b5b1 0063e142 00600000 00000002 ntdll!LdrpCallInitRoutine+0x14

0286f814 77d0b338 0286f884 7512c0c8 00000000 ntdll!LdrpInitializeThread+0x15b

0286f860 77d0b365 0286f884 77cb0000 00000000 ntdll!_LdrpInitialize+0x1ad

0286f870 00000000 0286f884 77cb0000 00000000 ntdll!LdrInitializeThunk+0x10

 

now I undestand that is a problem mumble + outpost_firewall(wl_hook)

is any solution for this bug?

Link to comment
Share on other sites

yes, wl_hook - its Outpost

looks like its their bug

 

FAULTING_IP:

ntdll!RtlEnterCriticalSection+12

77cf6bf0 f00fba3000 lock btr dword ptr [eax],0


EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)

ExceptionAddress: 77cf6bf0 (ntdll!RtlEnterCriticalSection+0x00000012)

ExceptionCode: c0000005 (Access violation)

ExceptionFlags: 00000000

NumberParameters: 2

Parameter[0]: 00000001

Parameter[1]: 006a5f24

Attempt to write to address 006a5f24


DEFAULT_BUCKET_ID: INVALID_POINTER_READ


PROCESS_NAME: mumble.exe


ERROR_CODE: (NTSTATUS) 0xc0000005 -


WRITE_ADDRESS: 006a5f24


NTGLOBALFLAG: 0


APPLICATION_VERIFIER_FLAGS: 0


ADDITIONAL_DEBUG_TEXT: Followup set via attribute from Frame 0 on thread ffffffff


LAST_CONTROL_TRANSFER: from 006450fb to 77cf6bf0


FAULTING_THREAD: 00001734


PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ


BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ


STACK_TEXT:

006a3b40 wl_hook

77870000 kernel32!_imp__DebugBreak (kernel32+0x0)

006450fb wl_hook

006a5f20 wl_hook

00643f0c wl_hook

00600000 wl_hook

0063db80 wl_hook

0063e01b wl_hook

0063e0a5 wl_hook

0063e160 wl_hook

77d0afc4 ntdll!LdrpCallInitRoutine

77d0b5b1 ntdll!LdrpInitializeThread

0063e142 wl_hook

77d8714c ntdll!LdrpProcessInitialized

77d0b58b ntdll!LdrpInitializeThread

77ccd75d ntdll!_except_handler4

77d0b338 ntdll!_LdrpInitialize

77cb0000 ntdll!`string' (ntdll+0x0)

77d0b365 ntdll!LdrInitializeThunk

77cdd662 ntdll!TppWorkerThread

77cf64d8 ntdll!RtlUserThreadStart



FOLLOWUP_IP:

wl_hook+a3b40

006a3b40 205f6a and byte ptr [edi+6Ah],bl


SYMBOL_STACK_INDEX: 0


SYMBOL_NAME: wl_hook+a3b40


FOLLOWUP_NAME: MachineOwner


MODULE_NAME: wl_hook


IMAGE_NAME: wl_hook.dll


DEBUG_FLR_IMAGE_TIMESTAMP: 4ca48649


STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; dds 286f698 ; kb


FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_wl_hook.dll!Unknown


BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_wl_hook+a3b40


Followup: MachineOwner

 

PROCESS_NAME: mumble.exe

 

it crashed on startup, the mumble main window doesnt painted even

is mumble have some antirootkits or antidebug methods?

I do not saw the sources yet

some idea I have to compile it with debug info and then test it

Link to comment
Share on other sites

and I see now some debugger logs from mumble before crash

and some hook methods in sources (void HardHook::setup(voidFunc func, voidFunc replacement))

that is a reason of the crash I think

HardHook: Asked to replace 7E379766 with 00464E60

HardHook: Unknown opcode at 0: b8 50 12 0 0 ba 0 3 fe 7f ff 12

HardHook: Asked to replace 7E3742ED with 00464E10

HardHook: Chaining from 7E3742ED to 01165574

HardHook: Unknown opcode at 0: 90 58 68 74 55 16 1 50 50 e9 9e 61

which functions hooks the mumble?

outpost protects own memory and modules

near this......

Link to comment
Share on other sites

  • Administrators

Mumble hooks into OpenGL and Direct3D applications.

I guess Outlook doesn’t use Direct3D to draw!?


You can disable the Mumble overlay so no hooking on Mumbles side will happen, and see if that helps.

[HKEY_CURRENT_USER\Software\Mumble\Mumble\overlay]
"enable"="false"

Link to comment
Share on other sites

 Share

×
×
  • Create New...