Last post by droncula - February 08, 2022, 11:50:53 PM
Thanks for looking into it. It seems the issue is there when I install version 2.5.
I am going to make a clean VM and retest it.
The only events I see are the "The computer has rebooted from a bugcheck. The bugcheck was: 0x000000ef (0xffffda0f7db7b2c0, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: aea74302-cbac-4e40-a1b7-ef67e98d3b16." and that a critical one that the computer recovers from a severe error.
Last post by fixer - February 03, 2022, 02:59:39 PM
Steps we tried: 1. Disable ReHIPS from main GUI window in Control Center. 2. Close Control Center. 3. Disable both services. 4. Delete both services. 5. Uninstall ReHIPS. Everything went fine. In theory it shouldn't cause any problems as one of the first things the uninstaller does is stopping and deleting both services.
0. Did we miss something? Or any way to reproduce it? 1. Are you sure you're using the latest 2.5.0 release? 2. What exactly went wrong? What was the problem?
Last post by fixer - February 03, 2022, 02:19:17 PM
Some critical process indeed unexpectedly died. svchost in session 0, to be exact. But doesn't look like you're using the latest ReHIPS 2.5.0 release. More like some 2.5.0 RC version. 1. Does it happen on latest 2.5.0 release? 2. Looks like the process crashed with ACCESS VIOLATION. But from this dump it's impossible to say what caused the exception. Any events about exception in windows journals?
HookDll may do some non-standard stuff to unload itself. So maybe you enabled some policy that forces system processes (since it's a system svchost process) to operate only the standard way, it may trigger the policy. Something like denying code execution from dynamically allocated memory or forcing additional checks to fight ROP-exploits.