Last post by fixer - February 03, 2022, 02:19:17 PM
Some critical process indeed unexpectedly died. svchost in session 0, to be exact. But doesn't look like you're using the latest ReHIPS 2.5.0 release. More like some 2.5.0 RC version. 1. Does it happen on latest 2.5.0 release? 2. Looks like the process crashed with ACCESS VIOLATION. But from this dump it's impossible to say what caused the exception. Any events about exception in windows journals?
HookDll may do some non-standard stuff to unload itself. So maybe you enabled some policy that forces system processes (since it's a system svchost process) to operate only the standard way, it may trigger the policy. Something like denying code execution from dynamically allocated memory or forcing additional checks to fight ROP-exploits.
Last post by lunarlander - January 28, 2022, 10:54:38 AM
Hi ReHIPs developers,
Did you bypass my Windows Firewall in allowing the Buy process? I DO NOT have any outbound rules in my firewall allowing ReHIPS to go outbound, and yet the buy option allows me to validate the purchase Key.
Last post by fixer - January 27, 2022, 01:40:15 PM
Hello, droncula. And welcome to our forum. Uploading the crash-dump and sending me link in PM might help find cause of crash. But it won't necessary help find the policy responsible. If I were debugging the issue, I'd try to apply only half of policies until I find the one responsible. P.S. Looks like some critical process dies, but by bugcheck code it's impossible to say why.
Last post by droncula - January 25, 2022, 11:44:42 PM
I have a rather strange issue with Rehips 2.5. I can install Rehips fine and it is working correct. But the system crashrf with a reboot or shutdown. The system also rebooted when I try to stop or stop/restart the Rehips service.
In the eventlog there is an entry with eventid 1001: The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (..). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: <ID>.
I traced the issue back to some local group policies. I am working with a set of policies to harden my machines. On a clean VM Rehips is working fine. When I load the local group policies with LGPO and restart the VM, the issue is back. For the moment I am not able to find which policy setting or combo is causing the issue.