Sandboxie Support

It seems like Sandboxie causes my Computer to bsod (page fault in nonpaged area). The bluescreen has always come up when opening IE in Sandboxie. Right after I click on the IE Icon in the taskbar the machine crashes with the bluescreen. However this does not always happen. I have looked into the Memory.dmp file and this is what it says:


Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Only kernel address space is available

Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 8 Kernel Version 9600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9600.16404.amd64fre.winblue_gdr.130913-2141
Machine Name:
Kernel base = 0xfffff800`b6c80000 PsLoadedModuleList = 0xfffff800`b6f44990
Debug session time: Thu Oct 31 11:43:14.489 2013 (UTC + 1:00)
System Uptime: 0 days 0:25:10.179
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Loading Kernel Symbols
...............................................................
...........................................................Page 13ad53 not present in the dump file. Type ".hh dbgerr004" for details
.Page 13b6b5 not present in the dump file. Type ".hh dbgerr004" for details
....
...................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00007ff6`de22f018). Type ".hh dbgerr001" for details
Loading unloaded module list
.......

************* Symbol Loading Error Summary **************
Module name Error
ntkrnlmp The system cannot find the file specified

You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {ffffc00010ef0000, 0, fffff800b6dda525, 0}

*** ERROR: Module load completed but symbols could not be loaded for SbieDrv.sys
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : SbieDrv.sys ( SbieDrv+1ca95 )

Followup: MachineOwner
---------


System info:
win8.1 x64
IE 11
Sandboxie 4.06 64bit
EMET 4.0
Crucial m4 SSD
Gigabyte 990FXA UD5
FX8350
MSI R9 280x
8GB 1866Mhz DDR3

this is the same error reported previously in this thread,
http://www.sandboxie.com/phpbb/viewtopic.php?t=16752

Can i ask you if you have EMET?

nsb wrote:this is the same error reported previously in this thread,
http://www.sandboxie.com/phpbb/viewtopic.php?t=16752

Can i ask you if you have EMET?

Yes, I do. Forgot to mention it. I have EMET 4.0 installed. I have read the Topic that you posted and I disabled fast Startup of Windows.

Arcanez wrote: yes, I do. Forgot to mention it. I have EMET 4.0 installed.

so do i...

Arcanez wrote: I have read the Topic that you posted and I disabled fast Startup of Windows.

do you have a more informative memory dump?

Are you logged in as standard user?

I also have this problem but I don't use EMET. My user account is just member of the local Users group.

Never seen this with EMET 4.0 and W8.1

nsb wrote:

Arcanez wrote: yes, I do. Forgot to mention it. I have EMET 4.0 installed.

so do i...

Arcanez wrote: I have read the Topic that you posted and I disabled fast Startup of Windows.

do you have a more informative memory dump?

Are you logged in as standard user?

I always log on as a standard user. Whenever I have to do administrative things I use a dos box with admin privileges and do everything from there.

There are a few similar problem reports about crashes. Usually close to the time when Windows finishes the start up sequence. I made some change that may have an effect, so please hold on until the next beta (which will be version 4.07.02) and we'll see if it makes a difference.

Good to hear you may have found something tzuk.

Since disabling fast startup and waiting for all of my icons to load in the system tray I've only had one BSOD since September 15th. Unfortunately it usually takes about 4 minutes for everything to load because a couple items are on delayed startup.

Here are my hardware specs. Perhaps there is something in common.

i5-4670K, Hyper 212 Evo, ASRock Z87 Extreme6, Sapphire Vapor-X Radeon HD 7970 Ghz Edition 3GB, 120GB Samsung 840 Series SSD, 1TB WD Blue HDD, Team Vulcan DDR3 1600 2x4GB, Corsair CX600 PSU, Asus 24x DVD Burner, Corsair Carbide 500R case, Windows 8 Pro 64 bit.

I'm not using EMET and I do use a standard user account. It's a local account.

I have disabled the fast Startup but unfortunately I got another bsod when I started my Computer this morning. One Thing I recognized though was that it seems like the Crash does only occur when I try to Launch Internet Explorer sandboxed right after the Startup sequence of Windows. When I click on Media Player or VLC Player right after the Windows Startup These work programs work just fine under sandboxie. I haven't seen this Crash with any other program but Internet Explorer so far.

A good Thing with this bsod is though that you can be sure that you don't have any serious Hardware issues. Let's see what the future beta Version Looks like in this regard. Until then I might have to wait some time after the Startup sequence before running Internet Explorer.

Thanks Tzuk and Keep it going!

Arcanez wrote:One Thing I recognized though was that it seems like the Crash does only occur when I try to Launch Internet Explorer sandboxed right after the Startup sequence of Windows

Have this one installed? http://www.microsoft.com/en-us/download ... x?id=40852

It seems like Sandboxie causes my Pc to Buy FUT 14 Coins PC bsod (page mistake in nonpaged area). The bluescreen has always come up when starting IE in Sandboxie. Right after I simply simply select the IE Symbol in the taskbar the device accidents with the bluescreen.

Please check if version 4.07.02 makes any difference. Keep in mind the change I did is a guess and will not necessarily fix the problem.

http://www.sandboxie.com/phpbb/viewtopic.php?t=16838

Version 4.07.03 includes the same fix and also should not cause problems with Internet Explorer.

Thanks tzuk. I will give this version a try. Should I re-enable fast startup which is default for a Windows 8 install?