Hi Everyone,
Everytime I try to use cygwin openssh, Then my machine
will BSOD with an ( IRQ NOT LESS OR EQUAL in FILTNT.SYS).
Any hints what might be causing this? ANyone got this to
work?
It has worked perfectly until I uppgraded to 2.5
Thanks in advance
Michael
P.S running Windows XP SP2 + latest outpost
Tried without outpost and then everything works fine!
After tweaking with some option I can now see in "network activity" window
Process Destination Block reason
system localhost:loopback "blocked by component control"
How do I enable "system" to be able to access localhost?
//Michael
Thanks!
Unfortunatly I don't seem to get anything in the loggs since the machine panics a second later...
I tried to reinstall outpost firewall but that does not seem to help :(
I also tried to add all the cygwin dll's in the component control list...
I verified with a friend which also runs cygwin and outpost and for him it works, but he is still running sp1, so it seems that the combination outpost+sp2+cygwin is causing this.
Any more hints?
//Michael
B.T.W it should be easy to verify this since cygwin is freeware and can be downloaded http://www.cygwin.com/
this happens when the checksum is not set properly - and windows refuses to use the .sys file because of it.
maybe that patch info i gave did not have the crc set properly.. let me double check.
Got the following answer back from Agintum:
==================
We are glad to inform you that the problem you had reported was
solved in the internal release.
Currently we test new version of Outpost. Please await for update.
==================
//Michael
Got the following answer back from Agintum:
==================
We are glad to inform you that the problem you had reported was
solved in the internal release.
Currently we test new version of Outpost. Please await for update.
Does this mean it's supposed to be fixed in 2.6, since it was released April 12?
In that case, our BSOD's are not related, since I've never experienced as many of them as with 2.6... :( Maybe it was a very specific fix, regarding only the cygwin issues.
I've tried to disable both DEP and component control but unfortunatly without sucess... It seems that the problem is somewhere deeper inside the firewall
and can't be fixed just with configuration.
You would probably need to analyze the crashdump to check in which
function it fails..
I logged a bug repport to Agnitum so hopefully it may be fixed one day. In mean time I maybe planning to go back to 2.1 (where every thing still worked)
//Michael
If the problem appears to be XP SP2 related then switching off Data Execution Protection may be worth trying. Outpost 2.5 should work with DEP but it may still cause issues with other program combinations - see Windows XP SP2 and Outpost (http://outpostfirewall.com/forum/showthread.php?t=11186) for details on disabling DEP.
As for Component Control, you can disable it on a global basis via Options/Application/Components. You can also disable it for individual applications by adding the IgnoreCC action to their application rules. These options should be worth a try also (you should get a component control popup when it is triggered but if Cygwin is taking over your screen then it may be hiding it).
After patching Filtnt.sys I get the following message on Outpost startup:
Outpost Firewall Pro driver configuration was invalid and could not be corrected.
To resolve the problem:
1. From the Outpost installation folder run install.exe /u
2. Restart your computer;
3. From the Outpost installation folder run install.exe;
4. Restart your computer;
5. Start Outpost Firewall.
In Device Manager Outpost Kernel Driver is in error state:
We welcome you to 'Make The Move'::
Mail filter / spam killer, cygwin+Exim port, 1) spamassassin. .. 2) Screensaver "bsod" :). Whom it is necessary to curse for bugs and defects of the
http://makethemove.net/table.phpHOME |
VMware Communities: Discussion Threads::
BSoD in Creating Win2k3 x64 VM using LSI Logic SAS, VM v7 in VMware ESX™i 4 . Cygwin/OpenSSH in VMware Studio, 463, 17, 2 weeks ago by JMills
http://communities.vmware.com/main-threads.jspa;jsessionid=DC6F374744A4797592BA8A580982ABAB?start=3700&numResults=50&filter=allHOME |
This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Suggestions?
any word on this im getting same problem?
//---------------------------------------------------------------------------
On several computers I am getting a reliable bluescreen from Agnitum Outpost
(latest version as of 1/15/05), when connecting to a local cygwin compiled
psybnc.
I have an amd64, the bluescreen occurs both in Win Xp Pro SP1 and in a vmware
test meachine running SP2. The problem occurs with or without the so-called
"Data Execution Protection" boot.ini fix.
The crash happens reliably 100% of the time. You can test it by running
psybnc on your pc (http://prdownloads.sourceforge.net/windrop/psybnc2.3.2-4b.exe),
and connecting to it with mirc (www.mirc.com).
The blue screen is one described in these forums often, in Filtnt.sys,
"IRCQL_NOT_LESS_THAN_OR_EQUAL" at address xxxAF92.
After some analysis a friend figured out the location of the offending code
and a workaround that does solve the problem and seems to leave the rest
of outpost working as normal (i've tried various firewall testers and
outpost still blocks them all), though we really aren't sure if some
functionality of outpost security is now being skipped. We would need
to hear from agnitum for a definitive answer, and given agnitum's customer
support record i'd say the chances of that are 1 in a million.
Anyway, here is the modification to FiltNt.sys which is in the kernel
subdir of outpost. Note your machine must be rebooted before this change
will take effect, and most importantly the CRC for the file needs to be
updated. I will list the hex changes to make both the workaround asm patch
and the crc change.
First the asm explaination for the fix:
* Reference To: HAL.KeGetCurrentIrql, Ord:0042h
:0001AEB6 8B3D80020100 mov edi, dword ptr [00010280]
:0001AEBC FFD7 call edi
:0001AEBE 3C02 cmp al, 02 << --- change to cmp al,01 (DISPATCH_LEVEL)
:0001AEC0 0F87EB020000 ja 0001B1B1
a brief explanation for why this works can be found
here: http://www.osronline.com/ddkx/kmarch/k106_8ble.htm
Ok now the bottom line bytes to patch in original FiltNt.sys (109184bytes, crc32=43919022):
// FileOffset: OriginalBytes ChangedBytes
// 000000D9: FC F7 (checksum)
// 0000AEBF: 02 01 (change compare above)
Make a backup of your FiltNt.sys before you mess with it, and be very careful
about this - its a system driver prone to blue screens so messing around
with it can be asking for trouble. Im posting it only for those who
feel capable of exploring this issue.
//---------------------------------------------------------------------------
I can't follow those instructions to change the Filtnt.sys. Could someone send me the patched file?.
just a reminder: you have to reboot after copying in the new file;
note i dont know how many blue screens this will fix, i only know that it does for certain fix the confirmed repeatable bluescreen i described in the above post.
Welcome to the forums Michaelk,
Please check your Outpost Blocked, Attack Detection, Component Control and Alerts Tracker logs for any entries relating to OpenSSH and give details of any found.
i apologize i was too quick in my first post, the checksum bytes were wrong (were for an older change i tried). sorry.
revised changes which reflect proper checksum:
// FileOffset: OriginalBytes ChangedBytes
// 000000D9: FC FB (checksum)
// 0000AEBF: 02 01 (change compare above)
 Microsoft Unleashes Visual Studio .NET
 IBM's iPhrase Buy Adds to WebSphere
|
HOME
PRINT
Add to favorites