drmemory icon indicating copy to clipboard operation
drmemory copied to clipboard
verified publisher icon DynamoRIO

Failed to start target application on Windows due to initial heap allocation failing with STATUS_INVALID_SYSTEM_SERVICE

Open mikeheck opened this issue 3 years ago • 8 comments

<Application Test.exe (15952). Out of memory. Program aborted. Source I, type 0x0000000000000001, code 0x00000000c000001c.> Dr. Memory failed to start the target application, perhaps due to interference from invasive security software. Try disabling other software or running in a virtual machine. WARNING: Examine the following unusual libraries in this process to help identify invasive software that may have affected the target application:

C:\WINDOWS\System32\umppc15005.dll

Please file a bug about this at http://drmemory.org/issues WARNING: application exited with abnormal code 0xffffffff

mikeheck avatar Mar 23 '22 18:03 mikeheck

Got the exact same problem. I guess we don't have any news about this ?

PapaNoyel avatar Apr 05 '22 08:04 PapaNoyel

Please provide the information in the template which you are not supposed to be able to file a bug without filling in (there is a Github bug that lets you bypass if you authenticate late): https://github.com/DynamoRIO/drmemory/issues/new?assignees=&labels=&template=bug_report.md&title=

For:

Out of memory. Program aborted. Source I, type 0x0000000000000001, code 0x00000000c000001c

Source I is OOM_INIT which is the very first allocation.

type 0x1 is VMM_HEAP.

The failure code is:

#define STATUS_INVALID_SYSTEM_SERVICE    ((NTSTATUS)0xC000001CL)

Must be an unusual kernel or something: but you never provided any info on the OS version. Please fill out the template.

derekbruening avatar Apr 06 '22 16:04 derekbruening

Hi ! I'll gladly complete it :

Describe the bug Launching Dr.Memory from CLI or Visual Studio open a window with the following message :

<Application Test.exe (15952). Out of memory. Program aborted. Source I, type 0x0000000000000001, code 0x00000000c000001c.>

Dr. Memory failed to start the target application, perhaps due to interference from invasive security software. Try disabling other software or running in a virtual machine. WARNING: Examine the following unusual libraries in this process to help identify invasive software that may have affected the target application:

C:\WINDOWS\System32\umppc15005.dll Please file a bug about this at http://drmemory.org/issues WARNING: application exited with abnormal code 0xffffffff

To Reproduce Steps to reproduce the behavior:

  1. The HelloWorld example of Visual Studio 2019 trigger this.

  2. Using the "External tools" feature of Visual Studio 2019 with :

    • Title : Dr. Memory
    • Command : C:\Program Files (x86)\Dr. Memory\bin\drmemory.exe
    • Arguments : -visual_studio -- $(TargetPath)
    • Initial Directory : $(TargetDir) [x] Use Output window [ ] Prompt for arguments [ ] Treat output as Unicode [x] Close on exit

  3. Dropping the executable produced by VS on the Dr Memory exe link is outputting the same.

Please also answer these questions drawn from https://drmemory.org/page_help.html#sec_narrow :

  • Does the problem go away when running in light mode (pass -light to Dr. Memory) : No
  • Does the problem go away when running with the options -leaks_only -no_count_leaks -no_track_allocs : No
  • Does the problem go away when running under plain DynamoRIO : No
  • What happens with the debug version of Dr. Memory and of its underlying engine DynamoRIO : See the attached screenshot

Expected behavior Execution of Dr.Memory

Versions

  • Dr Memory version : DrMemory-Windows-2.5.0
  • OS Version : Windows 10 Business 21H2
  • 32-bit or 64-bit : 64

Additional context Add any other context about the problem here.

debug mode : image

PapaNoyel avatar Apr 07 '22 08:04 PapaNoyel

Thank you for the information. So plain DynamoRIO fails to allocate memory which from the STATUS_INVALID_SYSTEM_SERVICE code sounds like the kernel no longer supports NtAllocateVirtualMemory. Such a problem would be expected to result in failure running any application on that kernel.

Unfortunately I can't reproduce this: I have a machine with Windows 21H2 (OS Build 19044.1586)

04:17 PM ~/drmemory/releases/DrMemory-Windows-2.5.0
% bin64/drmemory.exe -batch -- ../../git/build_x64_dbg/tests/hello.exe
~~Dr.M~~ Dr. Memory version 2.5.0
~~Dr.M~~ Running "../../git/build_x64_dbg/tests/hello.exe"
~~Dr.M~~ Using system call file D:\derek\drmemory\releases\DrMemory-Windows-2.5.0\drmemory\logs\symcache\syscalls_x64.txt
Hello world!
~~Dr.M~~
~~Dr.M~~ NO ERRORS FOUND:
...

Wondering if there is some App Compatibility layer or security software or something on your machine which would explain the differing behavior.

derekbruening avatar Apr 07 '22 20:04 derekbruening

Thanks ! I've also tried on a personnal computer and it succeed on the Hello World example... On the problematic computer I can run my code fine on Visual, do you know of a Windows security policy that may prevent the use of NtAllocateVirtualMemory ?

I've the exact same build of Windows. I'll also get in touch with my IT service to know if they have an idea about this. Will come back to give some updates if I happen to have some !

PapaNoyel avatar Apr 08 '22 09:04 PapaNoyel

This same OOM was seen here: https://groups.google.com/g/dynamorio-users/c/hCL1GfwDiK8/m/YgINheqZCQAJ

derekbruening avatar May 03 '22 03:05 derekbruening

Looks like this issues was also reported here https://groups.google.com/g/DynamoRIO-Users/c/gKF6RqG6wqI

prasun3 avatar Feb 09 '24 04:02 prasun3