-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] Selecting "Quit" on the support reminder popup window actually does not lead to a proper process termination of SandMan.exe. #3421
Comments
@DavidXanatos Can you reproduce this on your system? If not, I could write a small library to (inline) hook the code in I could also tamper with the InstallDate and LastReminder variables. Let me know if the same behavior occurs on your end. |
I cant reproduce this issue right now, does anyone else has this issue? |
I will post a dump of the frozen process the next time this happens for sure, but yeah, input from other people would be valuable. My system is a heavily modified Windows 11, well, actually something called Tiny11 (which basically takes a pristine Windows 11 image and removes all the junk, as well as the need for TPM 2.0, and some more system requirements), but I have no issues with any other executable or dynamic library, so this seems something Sandboxie related, maybe just an odd coincidence but nonetheless it happened to me more than once. Still a bit annoyed that I didn't dump the frozen process when I had a chance to do so. Maybe the call-stack of In case you didn't know, if you load it's PDB into IDA, and rebase the segments to This is the only static analysis clue I could offer you in this situation, since I have no dump, and I don't feel like changing either the install or last reminder date to hopefully make the window appear. |
I can reproduce this issue.
sbie3421rmndrqt01.mp4 |
@offhub Thank you for your confirmation. I initially thought it was just my tampered-with operating system for a short period upon then realizing that everything else has been working just fine without any issues since the installation of said OS, Tiny11, around May earlier this year. |
Describe what you noticed and did
After a period of time,
SandMan.exe
will prompt you to support the project by buying a certificate, based on safely stored variables such as install date and last reminder date.When you click "Quit",
SandMan.exe
fails to shut down properly.I decided to investigate the code for this popup, which is located in the function
bool DoAboutDialog(bool bReminder)
inside the fileaboutdlg.cpp
.I could not find any errors in the code itself, however I only took a quick look.
I then used SystemInformer (latest version) to check out the unresponsive process:
This is the stack trace for the first thread in the list:
Since it was stuck on
WaitForMultipleObjects
, I used the "Analyze" and "Wait chain traversal" tool provided by SystemInformer:This did not provide much more information, except that it was waiting on two completions.
So I decided to look at the stack trace for the
SandMan.exe
process itself:Repeating the analyze option from above, I could yield the following information from the thread since it was stuck on a similar function,
WaitForSingleObject
:With this information I looked at all handles, and found the one it was waiting on:
Upon clicking "Set" in the event tab, it seems like
WaitForSingleObject
was satisfied and now the actual graceful shutdown of the process began..or so I thought!
I double checked by opening Event Viewer, and sure enough, it had an AppCrash event in it:
I (ab)used slui.exe to translate the exception code to a human readable one, and it appears that heap corruption occurred:
Now, I loaded
ntdll.dll
into IDA 8.3, which downloaded it's PDB and then I manually rebased the database to0x1000
.This allowed jumping to the exception address directly,
0x000000000010c1f9
, which just turned out to be the functionRtlReportFatalFailure
, which subsequently callsRtlRaiseException
to actually raise an exception and log it to the event log.I don't have much else to report here, and I am not familiar with your code base so I don't know what could be the cause.
Unfortunately I forgot to dump the process while I still had the chance before manually triggering the event through SystemInformer, so maybe try reproducing the issue on your end by forcing the window to show?
How often did you encounter it so far?
Every single time "Quit" is chosen as the option.
Affected program
Not relevant
Download link
Not relevant
Where is the program located?
Not relevant to my request.
Expected behavior
I expect the "Quit" button to initiate a graceful shutdown of the program.
What is your Windows edition and version?
Windows 11 Enterprise 22H2 (Build 22621.1992)
In which Windows account you have this problem?
A local account (Standard user).
Please mention any installed security software
None
What version of Sandboxie are you running?
Sandboxie-Plus 1.11.4
Is it a new installation of Sandboxie?
I have been using the same version for some time.
Is it a regression?
No response
In which sandbox type you have this problem?
Not relevant to my request.
Can you reproduce this problem on a new empty sandbox?
Not relevant to my request.
Did you previously enable some security policy settings outside Sandboxie?
No response
Crash dump
No response
Trace log
No response
Sandboxie.ini configuration
The text was updated successfully, but these errors were encountered: