VBoxHardenedLoader icon indicating copy to clipboard operation
VBoxHardenedLoader copied to clipboard
verified publisher icon hfiref0x

Loader ends with an error NTSTATUS (0xC000009A)

Open Najsr opened this issue 4 years ago • 2 comments

Describe the bug After running loader.exe It fails with an error.

To Reproduce Start loader.exe See the results

Expected behavior It should load the driver.

Screenshots none

Environment Windows 10 Pro - 21H2 (OS Build 19044.1466) loader - master and dev202 (loader from both branches did not work) AMD Ryzen CPU

Additional context loader log:

VirtualBox Hardened Loader v2.0.2.2008
[>] Entering VBoxLdrMain
LDR: Listing process token privileges...
LDR: SeLockMemoryPrivilege Disabled
LDR: SeIncreaseQuotaPrivilege Disabled
LDR: SeSecurityPrivilege Disabled
LDR: SeTakeOwnershipPrivilege Disabled
LDR: SeLoadDriverPrivilege Disabled
LDR: SeSystemProfilePrivilege Disabled
LDR: SeSystemtimePrivilege Disabled
LDR: SeProfileSingleProcessPrivilege Disabled
LDR: SeIncreaseBasePriorityPrivilege Disabled
LDR: SeCreatePagefilePrivilege Disabled
LDR: SeBackupPrivilege Disabled
LDR: SeRestorePrivilege Disabled
LDR: SeShutdownPrivilege Disabled
LDR: SeDebugPrivilege Enabled
LDR: SeSystemEnvironmentPrivilege Disabled
LDR: SeChangeNotifyPrivilege Enabled (Default Enabled)
LDR: SeRemoteShutdownPrivilege Disabled
LDR: SeUndockPrivilege Disabled
LDR: SeManageVolumePrivilege Disabled
LDR: SeImpersonatePrivilege Enabled (Default Enabled)
LDR: SeCreateGlobalPrivilege Enabled (Default Enabled)
LDR: SeIncreaseWorkingSetPrivilege Disabled
LDR: SeTimeZonePrivilege Disabled
LDR: SeCreateSymbolicLinkPrivilege Disabled
LDR: SeDelegateSessionUserImpersonatePrivilege Disabled
LDR: VirtualBox version 6.1.6
LDR: Windows version: 10.0 build 19044
LDR: Maximum User Mode address 0x7FFFFFFEFFFF

Pattern matching: 'VBOX'

Pattern FACP (pre v6.1) was not found
FACP (v6.1+)            0x35227
Pattern RSDT (pre 6.1) was not found
RSDT (6.1+)             0x3548e
XSDT            0x355e5
APIC            0x3583b
HPET            0x359e4
MCFG            0x35ae8
VBOXCPU         0x3fc20
Pattern VBOX generic (pre 6.1) was not found
VBOX (6.1+)             0x12f5cc

Pattern matching: 'VirtualBox'

VirtualBox      0x134a38
VirtualBox__    0x1441a0
VirtualBox GIM  0x144828
VirtualBox VMM  0x145000

Pattern matching: 'Configuration'

Pattern Configuration (pre 6.1) was not found
Configuration (6.1+)            0x141275

Pattern matching: Hardware ID

80EE            0x92d1
80EE            0x20e61
80EE            0x20e85
80EE            0x47bb5
BEEF            0x20e77
BEEF            0x20e91
CAFE            0x47c5d
LDR: Patch table created
LDR: SeDebugPrivilege assigned
LDR: SeLoadDriverPrivilege assigned
[>] Entering MapTsugumi
[>] Entering ProviderCreate
[>] Entering StartVulnerableDriver
LDR: NtLoadDriver, NTSTATUS (0xC000009A)
[!] Unable to load vulnerable driver, NTSTATUS (0xC000009A)
[<] Leaving StartVulnerableDriver
[<] Leaving ProviderCreate
[!] ProviderCreate failed, abort
LDR: Cannot inject monitor code
[<] Leaving VBoxLdrMain

Windows event viewer log:

The description for Event ID 26 from source Application Popup cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

\??\E:\vboxhardener\IntelNal.sys failed to load

The message resource is present but the message was not found in the message table

Najsr avatar Jan 16 '22 15:01 Najsr

This error code corresponds to STATUS_INSUFFICIENT_RESOURCES. You may be running out of file handles.

Atrate avatar Jan 16 '22 21:01 Atrate

How can I tell that system is running out of file handles? What is the limit?

Najsr avatar Jan 19 '22 16:01 Najsr