Get crashed when launch Wechat.exe (starting with 3.9.0)

[epitaphial]

Describe what you noticed and did

How often did you encounter it so far?

No response

Affected program

Wechat Windows 3.9.0

Download link

https://pc.weixin.qq.com/

Where is the program located?

The program is installed only inside a sandbox (NOT in the real system anyway).

Expected behavior

Launch WeChat properly.

What is your Windows edition and version?

Windows11 workstation pro 22H2

In which Windows account you have this problem?

Not relevant to my request.

Please mention any installed security software

Only Windows Defender

What version of Sandboxie are you running?

1.7.2 64bit

Is it a new installation of Sandboxie?

I recently did a new clean installation.

Is it a regression?

No response

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on a new empty sandbox?

I can confirm it also on a new empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No response

Crash dump

No response

Trace log

No response

Sandboxie.ini configuration

Enabled=y
BlockNetworkFiles=y
RecoverFolder=%{374DE290-123F-4565-9164-39C4925E467B}%
RecoverFolder=%Personal%
RecoverFolder=%Desktop%
BorderColor=#02f6f6,off,6
Template=TIM
Template=OpenBluetooth
Template=SkipHook
Template=FileCopy
Template=qWave
Template=BlockPorts
Template=LingerPrograms
Template=AutoRecoverIgnore
ConfigLevel=9
UseFileDeleteV2=y
UseRegDeleteV2=y
AutoRecover=y
DropAdminRights=y
FakeAdminRights=y
BoxNameTitle=-
CopyLimitKb=81920
LingerProcess=QQProtect.exe
EnableMiniDump=y

[NianzuMa]

Yes, I have the same issue for the new version Wechat 3.9.0

[XavierYue]

Yes, I have the same issue for the new version Wechat 3.9.0

me too.

[NianzuMa]

For those who need to use Wechat, an alternative way is to use the Windows builtin sandbox. It is a little heavy but not terribly heavy.

[onlyacat]

same here

[jdw1023]

0:000> !analyze -v

[snip]

CONTEXT:  (.ecxr)
eax=00000023 ebx=00eff601 ecx=00000001 edx=00c00012 esi=3d8640f0 edi=63e56cf0
eip=63e37df5 esp=00efeff4 ebp=00eff000 iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
mmmojo+0x57df5:
63e37df5 cc              int     3
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 63e37df5 (mmmojo+0x00057df5)
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 1
   Parameter[0]: 00000000

PROCESS_NAME:  WeChat.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.
EXCEPTION_CODE_STR:  80000003
EXCEPTION_PARAMETER1:  00000000

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
00eff000 63df1ccd     00000006 00eff010 3d8640f0 mmmojo+0x57df5
00eff044 555b52bd     00000000 00000000 ab072af9 mmmojo+0x11ccd
00eff6c0 0069657e     7659fb80 0069657e 00690000 WeChatWin+0x16152bd
00effd04 0069992a     00690000 00000000 01213a7c WeChat+0x657e
00effd50 765a00f9     00d30000 765a00e0 00effdbc WeChat+0x992a
00effd60 77aa7bbe     00d30000 a0527dbf 00000000 kernel32!BaseThreadInitThunk+0x19
00effdbc 77aa7b8e     ffffffff 77ac8d32 00000000 ntdll!__RtlUserThreadStart+0x2f
00effdcc 00000000     006999ae 00d30000 00000000 ntdll!_RtlUserThreadStart+0x1b


STACK_COMMAND:  ~0s; .ecxr ; kb
SYMBOL_NAME:  mmmojo+57df5
MODULE_NAME: mmmojo
IMAGE_NAME:  mmmojo.dll
FAILURE_BUCKET_ID:  BREAKPOINT_80000003_mmmojo.dll!Unknown
OS_VERSION:  10.0.19041.1
BUILDLAB_STR:  vb_release
OSPLATFORM_TYPE:  x86
OSNAME:  Windows 10
---------

0:000> lm m mmmojo
Browse full module list
start    end        module name
63de0000 63ff2000   mmmojo   T (no symbols)           

I tried taking a look at the crashdump. It seem to be crashing inside mmmojo.dll. The dll file seem to have something to do with chromium's mojo library (perhap a fork by wechat/tencent?) . The function it crashes at look very similar to this function in chromium sandbox.

PS: it looks like there's a similar crash running wechat 3.9.0 on wine. https://bbs.archlinuxcn.org/viewtopic.php?pid=55008

[okrc]

So, a temporary solution is to replace the mmmojo.dll with an older version.

sha256

099a7e89aeb67b2d6a79229392d14dc616c93b4b6469f0f66c09c1befbd84add  mmmojo.dll

mmmojo.zip (3.8.1.26)

[hongdengdao]

same here ,message say:
WerFault.exe *32 (3908): SBIE2205 未实现该服务: NtSaveKeyEx
platform: win10

[cxw620]

Since simply replace the dll may cause unknown issue, I think it's better to use an older version instead, like 3.8.0, and turn off WeChat's automatic updates. In addition, add one line to host:

127.0.0.1 dldir1.qq.com

---

本issue中文总结, 供搜索引擎索引及英文不是很好的同志参考:

微信3.9.0在Sandboxie中崩溃/无法启动问题的处理方案

原因: mmmojo.dll导致崩溃

解决方案:

A 使用平替: Windows SandBox #2674 (comment)
B 直接替换掉导致崩溃的dll, 大佬提供了旧版dll: #2674 (comment), 找不到目录可以用Everything搜. 参考路径:

| <--------- 你的沙盒路径 ---------> | C\Program Files (x86)\Tencent\WeChat\[你的微信版本号] |
D:\Sandbox\Hantong\TencentShit\drive\C\Program Files (x86)\Tencent\WeChat\[3.8.0.41]\mmmojo.dll

C 个人意见:
鉴于直接替换dll可能导致未知的问题, (稳妥起见), 我觉得能找得到安装包的话使用旧版本会好一点, 例如3.8.0版本. 然后微信设置里面关掉自动更新, 同时在host文件加上下面这行阻止强制更新:

127.0.0.1 dldir1.qq.com

P.S. 国产软件大多向来在制造垃圾, 微信, QQ, TIM, 腾讯会议这些腾讯系的尤为严重, 腾讯会议崩溃的问题至今也没能较好解决(那个是直接检测到沙盒环境就不让用好像). 综上, 能用就别动, 不必追新版, 除非旧版用不了, 或者新版确实加了自己想要的功能(此论断仅供参考).
P.S. 3.8.0版本官网下载的文件HASH, 从第三方下载的建议验证一下HASH, 或者验证数字证书, 防止文件被篡改

C:\Users\Hantong\Downloads\WeChatSetup.exe

Algorithm Hash
--------- ----
MD5       3EFD527EE04C027F401E3B0A460242C2

Algorithm Hash
--------- ----
SHA1      12421DAAEDFE434A7981650FAE836BB0E84A69B5

Algorithm Hash
--------- ----
SHA256    F1D1139498D0E76C5356E1F6542AB9A2CC468F11FB4A88FFC1E826BAEF02CAFC

Algorithm Hash
--------- ----
SHA384    6338ACCA16938E7FD4D9DF042A814729A67BC413F00ACED9DB929AE229B7820DB92C6EFB003A3AE3D912EAF9961C0D57

Algorithm Hash
--------- ----
SHA512    75B0C1A913F9357742405664BC293B9A71D726BA94E0F7AC30CB11C1E7B0EC62F459BA6D1EFA56AFF6A198FECB50068C58491DC12E196FAEA549A1A7CFE276DD

Algorithm    Hash
---------    ----
MACTRIPLEDES 785364BB82C9A8AA

Algorithm Hash
--------- ----
RIPEMD160 D9B2F4E67276FB267D91238355634E12DE1C56DE

[okrc]

腾讯会议崩溃的问题至今也没能较好解决(那个是直接检测到沙盒环境就不让用好像)

In fact, Sandboxie can run TencentMeeting installed outside the sandbox directory. Even if it is installed in another Sandbox.

[Nambers]

Since simply replace the dll may cause unknown issue, I think it's better to use an older version instead, like 3.8.0, and turn off WeChat's automatic updates. In addition, add one line to host:

127.0.0.1 dldir1.qq.com

本issue中文总结, 供搜索引擎索引及英文不是很好的同志参考:

微信3.9.0在Sandboxie中崩溃/无法启动问题的处理方案

原因: mmmojo.dll导致崩溃

解决方案:

A 使用平替: Windows SandBox #2674 (comment) B 直接替换掉导致崩溃的dll, 大佬提供了旧版dll: #2674 (comment), 找不到目录可以用Everything搜. 参考路径:

| <--------- 你的沙盒路径 ---------> | C\Program Files (x86)\Tencent\WeChat\[你的微信版本号] |
D:\Sandbox\Hantong\TencentShit\drive\C\Program Files (x86)\Tencent\WeChat\[3.8.0.41]\mmmojo.dll

C 个人意见: 鉴于直接替换dll可能导致未知的问题, (稳妥起见), 我觉得能找得到安装包的话使用旧版本会好一点, 例如3.8.0版本. 然后微信设置里面关掉自动更新, 同时在host文件加上下面这行阻止强制更新:

127.0.0.1 dldir1.qq.com

P.S. 国产软件大多向来在制造垃圾, 微信, QQ, TIM, 腾讯会议这些腾讯系的尤为严重, 腾讯会议崩溃的问题至今也没能较好解决(那个是直接检测到沙盒环境就不让用好像). 综上, 能用就别动, 不必追新版, 除非旧版用不了, 或者新版确实加了自己想要的功能(此论断仅供参考).

确实 我在这里拿的 3.8 还能用 https://www.123pan.com/s/Wno9-Nb3UA

But how to enable the log / trace log / crash log of sandboxie? I mean, currently all I got is SBIE 2224.
I already try to enable all log options in Access Tracing and use Dbgview application to watch logs, but I fail to get any other useful log.

[isaak654]

Indeed, the 3.8 I took here still works https://www.123pan.com/s/Wno9-Nb3UA

But how to enable the log / trace log / crash log of sandboxie? I mean, currently all I got is SBIE 2224. I already try to enable all log options in Access Tracing and use Dbgview application to watch logs, but I fail to get any other useful log.

1. https://sandboxie-plus.github.io/sandboxie-docs/Content/TraceLog.html (more contributors with pull requests are needed to update this documentation page)
2. https://user-images.githubusercontent.com/12372772/161425270-3fdc8304-d053-4fdb-9476-20237311e0fa.png
3. Immediately start saving Trace Log to file #2487
4. https://youtu.be/4k2XoT7VQuc (for security hardened sandboxes)

In my experience, even a resource that needs to be closed could cause issues. It is possible to fix compatibility issues by opening resources or closing them. If a prompt fix is needed, you could try getting in touch with any developer to provide a pull request in this repository.

[isaak654]

I was able to launch WeChat 3.9.2 in this test build with the following configuration line: SpecialImage=chrome,wechat.exe

Note: this replaces the previous suggestion provided here.

If it works for everyone, I expect a commit or pull request to apply the fix in Templates.ini.

[ZedG2]

I was able to launch WeChat 3.9.2 in this test build with the following configuration line: SpecialImage=chrome,wechat.exe

Note: this replaces the previous suggestion provided here.

If it works for everyone, I expect a commit or pull request to apply the fix in Templates.ini.

It's worked for me.

[Nambers]

I was able to launch WeChat 3.9.2 in this test build with the following configuration line: SpecialImage=chrome,wechat.exe

Note: this replaces the previous suggestion provided here.

If it works for everyone, I expect a commit or pull request to apply the fix in Templates.ini.

Also works for me