SBIE2205 Service not implemented: NtCreateProcessEx (4024)
SBIE2204 Cannot start sandboxed service RpcSs (-1)
With 4.15.11, I now get something like this:
SBIE2101 Object name not found: OpenProcess (C0000022) 001FFFFF, error
SBIE2314 Canceling process SandboxieRpcSs.exe
SBIE2314 Canceling process SandboxieRpcSs.exe
SBIE2204 Cannot start sandboxed service RpcSs (1)
A few days ago (prior to 4.15.11), I attached WinDbg to the RpcSs process after getting the error:
Code: Select all
Microsoft (R) Windows Debugger Version 6.3.9600.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
*** wait with pending attach
************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*your local folder for symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*your local folder for symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
ModLoad: 00007ff7`982e0000 00007ff7`982eb000   C:\Program Files\Sandboxie\SandboxieRpcSs.exe
ModLoad: 00007ffd`e2a40000 00007ffd`e2be6000   C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffd`e04e0000 00007ffd`e061a000   C:\Windows\system32\kernel32.dll
ModLoad: 00007ffd`e01b0000 00007ffd`e02bf000   C:\Windows\system32\KERNELBASE.dll
ModLoad: 00000000`71fb0000 00000000`7201d000   C:\Program Files\Sandboxie\SbieDll.dll
ModLoad: 00007ffd`de900000 00007ffd`de9c6000   C:\Windows\system32\hmpalert.dll
ModLoad: 00007ffd`e03a0000 00007ffd`e03f8000   C:\Windows\system32\WS2_32.dll
ModLoad: 00007ffd`e2520000 00007ffd`e25c5000   C:\Windows\system32\ADVAPI32.dll
ModLoad: 00007ffd`e1e70000 00007ffd`e1fe1000   C:\Windows\system32\USER32.dll
ModLoad: 00007ffd`e0430000 00007ffd`e04d7000   C:\Windows\system32\msvcrt.dll
ModLoad: 00007ffd`e0390000 00007ffd`e0399000   C:\Windows\system32\NSI.dll
ModLoad: 00007ffd`e27c0000 00007ffd`e28f7000   C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ffd`e2750000 00007ffd`e27a7000   C:\Windows\SYSTEM32\sechost.dll
ModLoad: 00007ffd`e1ff0000 00007ffd`e2134000   C:\Windows\system32\GDI32.dll
ModLoad: 00007ffd`e2380000 00007ffd`e23b4000   C:\Windows\system32\IMM32.DLL
ModLoad: 00000000`00b00000 00000000`00c39000   C:\Windows\system32\MSCTF.dll
ModLoad: 00007ffd`dfcc0000 00007ffd`dfd57000   C:\Windows\SYSTEM32\sxs.dll
ModLoad: 00007ffd`df440000 00007ffd`df485000   C:\Windows\SYSTEM32\powrprof.dll
ModLoad: 00007ffd`deeb0000 00007ffd`deec6000   C:\Windows\SYSTEM32\rpcepmap.dll
ModLoad: 00007ffd`dfd60000 00007ffd`dfd8b000   C:\Windows\SYSTEM32\sspicli.dll
ModLoad: 00007ffd`dee90000 00007ffd`deea2000   C:\Windows\SYSTEM32\RpcRtRemote.dll
ModLoad: 00007ffd`deed0000 00007ffd`def8c000   C:\Windows\SYSTEM32\rpcss.dll
ModLoad: 00007ffd`e07c0000 00007ffd`e0996000   C:\Windows\SYSTEM32\combase.dll
ModLoad: 00007ffd`e0a50000 00007ffd`e1e5f000   C:\Windows\system32\shell32.dll
ModLoad: 00007ffd`e24c0000 00007ffd`e2511000   C:\Windows\system32\SHLWAPI.dll
ModLoad: 00007ffd`de300000 00007ffd`de39f000   C:\Windows\SYSTEM32\SHCORE.dll
ModLoad: 00007ffd`df720000 00007ffd`df73e000   C:\Windows\SYSTEM32\CRYPTSP.dll
ModLoad: 00007ffd`df310000 00007ffd`df345000   C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffd`df960000 00007ffd`df986000   C:\Windows\SYSTEM32\bcrypt.dll
ModLoad: 00007ffd`dfd90000 00007ffd`dfd9a000   C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffd`dfc60000 00007ffd`dfcc0000   C:\Windows\SYSTEM32\bcryptPrimitives.dll
ModLoad: 00007ffd`deaa0000 00007ffd`debc1000   C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffd`ddf70000 00007ffd`ddf90000   C:\Windows\system32\dwmapi.dll
ModLoad: 00007ffd`db8d0000 00007ffd`dba3f000   C:\Windows\SYSTEM32\PROPSYS.dll
ModLoad: 00007ffd`e02c0000 00007ffd`e0381000   C:\Windows\system32\OLEAUT32.dll
ModLoad: 00007ffd`e25d0000 00007ffd`e2748000   C:\Windows\system32\ole32.dll
(5f4.974): Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
00007ffd`e2ad31a0 cc              int     3
0:007> ~* k 99
   0  Id: 5f4.bf4 Suspend: 1 Teb: 00007ff7`977ee000 Unfrozen
Child-SP          RetAddr           Call Site
00000000`006ffb08 00007ffd`e01b124a ntdll!NtDeviceIoControlFile+0xa
*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\Sandboxie\SandboxieRpcSs.exe
00000000`006ffb10 00007ff7`982e1559 KERNELBASE!SleepEx+0xa2
00000000`006ffbb0 00007ff7`982e33f6 SandboxieRpcSs+0x1559
00000000`006ffd90 00007ff7`982e4001 SandboxieRpcSs+0x33f6
00000000`006ffe00 00007ffd`e04e16ad SandboxieRpcSs+0x4001
00000000`006ffed0 00007ffd`e2a94409 kernel32!BaseThreadInitThunk+0xd
00000000`006fff00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
   1  Id: 5f4.810 Suspend: 1 Teb: 00007ff7`977ec000 Unfrozen
Child-SP          RetAddr           Call Site
00000000`0252ef98 00007ffd`e01b13ad ntdll!NtDeviceIoControlFile+0xa
00000000`0252efa0 00007ffd`e04e132f KERNELBASE!WaitForMultipleObjectsEx+0xe1
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\Sandboxie\SbieDll.dll - 
00000000`0252f280 00000000`71fdb120 kernel32!WaitForMultipleObjects+0xf
00000000`0252f2c0 00000000`71fdc72e SbieDll!SbieDll_IsOpenCOM+0x1330
00000000`0252f650 00007ffd`e27eb12f SbieDll!SbieDll_StartCOM+0x11fe
00000000`0252f740 00007ffd`e27eb2de RPCRT4!LRPC_CASSOCIATION::AlpcConnect+0x17f
00000000`0252f900 00007ffd`e27cff00 RPCRT4!LRPC_CASSOCIATION::Connect+0x177
00000000`0252f9a0 00007ffd`e27d57aa RPCRT4!LRPC_BASE_BINDING_HANDLE::DriveStateForward+0x3b3
00000000`0252fa10 00007ffd`e27d5472 RPCRT4!LRPC_FAST_BINDING_HANDLE::Bind+0x3af
00000000`0252fb20 00007ffd`deed848a RPCRT4!RpcBindingBind+0x4a
00000000`0252fb50 00007ffd`def15e52 rpcss!CFastBH::CreateFromBindingString+0xfa
00000000`0252fc20 00007ffd`def15dec rpcss!CFastBH::GetOrCreate+0x32
00000000`0252fc50 00007ffd`def13166 rpcss!CreateActivationClientBinding+0xcc
00000000`0252fcf0 00007ffd`def14907 rpcss!ScmServiceMain+0x8a
00000000`0252fd40 00007ff7`982e1dd3 rpcss!ServiceMain+0x11f
00000000`0252fda0 00007ffd`e04e16ad SandboxieRpcSs+0x1dd3
00000000`0252fdd0 00007ffd`e2a94409 kernel32!BaseThreadInitThunk+0xd
00000000`0252fe00 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
   2  Id: 5f4.dec Suspend: 1 Teb: 00007ff7`977ea000 Unfrozen
Child-SP          RetAddr           Call Site
00000000`0262f778 00007ffd`e01b124a ntdll!NtDeviceIoControlFile+0xa
00000000`0262f780 00007ff7`982e1d0a KERNELBASE!SleepEx+0xa2
00000000`0262f820 00007ffd`e04e16ad SandboxieRpcSs+0x1d0a
00000000`0262fa60 00007ffd`e2a94409 kernel32!BaseThreadInitThunk+0xd
00000000`0262fa90 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
   3  Id: 5f4.e4c Suspend: 1 Teb: 00007ff7`977e8000 Unfrozen
Child-SP          RetAddr           Call Site
00000000`0272f718 00007ffd`e1e72055 USER32!NtUserGetMessage+0xa
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Windows\system32\hmpalert.dll - 
00000000`0272f720 00007ffd`de918953 USER32!GetMessageW+0x25
00000000`0272f750 00007ff7`982e1133 hmpalert+0x18953
00000000`0272f780 00007ffd`e04e16ad SandboxieRpcSs+0x1133
00000000`0272f870 00007ffd`e2a94409 kernel32!BaseThreadInitThunk+0xd
00000000`0272f8a0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
   4  Id: 5f4.e6c Suspend: 1 Teb: 00007ff7`977e6000 Unfrozen
Child-SP          RetAddr           Call Site
00000000`0282f888 00007ffd`e2a74ecb ntdll!NtDeviceIoControlFile+0xa
00000000`0282f890 00007ffd`e04e16ad ntdll!TppWorkerThread+0x6eb
00000000`0282fc80 00007ffd`e2a94409 kernel32!BaseThreadInitThunk+0xd
00000000`0282fcb0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
   5  Id: 5f4.83c Suspend: 1 Teb: 00007ff7`977e4000 Unfrozen
Child-SP          RetAddr           Call Site
00000000`0303f7c8 00007ffd`e2a74ecb ntdll!NtDeviceIoControlFile+0xa
00000000`0303f7d0 00007ffd`e04e16ad ntdll!TppWorkerThread+0x6eb
00000000`0303fbc0 00007ffd`e2a94409 kernel32!BaseThreadInitThunk+0xd
00000000`0303fbf0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
   6  Id: 5f4.c60 Suspend: 1 Teb: 00007ff7`9764e000 Unfrozen
Child-SP          RetAddr           Call Site
00000000`0313f4e8 00007ffd`e2a74ecb ntdll!NtDeviceIoControlFile+0xa
00000000`0313f4f0 00007ffd`e04e16ad ntdll!TppWorkerThread+0x6eb
00000000`0313f8e0 00007ffd`e2a94409 kernel32!BaseThreadInitThunk+0xd
00000000`0313f910 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
#  7  Id: 5f4.974 Suspend: 1 Teb: 00007ff7`9764c000 Unfrozen
Child-SP          RetAddr           Call Site
00000000`0323f958 00007ffd`e2b01ac4 ntdll!DbgBreakPoint
00000000`0323f960 00007ffd`e04e16ad ntdll!DbgUiRemoteBreakin+0x34
00000000`0323f990 00007ffd`e2a94409 kernel32!BaseThreadInitThunk+0xd
00000000`0323f9c0 00000000`00000000 ntdll!RtlUserThreadStart+0x1d ) as Toolbar will not show ...  I know forget Toolbars.   FF 35.x Toolbar shows. May not be fully awake but, it shows up.
 ) as Toolbar will not show ...  I know forget Toolbars.   FF 35.x Toolbar shows. May not be fully awake but, it shows up.   

 
 
