[prev in list] [next in list] [prev in thread] [next in thread]
List: twsocket
Subject: Re: [twsocket] EAccessViolations when Posting Data to a HTTPServer
From: "Arno Garrels" <arno.garrels () gmx ! de>
Date: 2009-02-04 15:06:36
Message-ID: 702FB4CF02FC4DCA9DDB9674C8575E12 () asus
[Download RAW message or body]
Dod wrote:
> You said "disabled", one thing I learned by experience about FWs and
> AVs is that they are never 100% "disabled", you MUST uninstall them to
> be sure they are not causing the problem because disabling keep low
> level drivers loaded.
That's my experience as well and the only reliable method.
If they used user mode hooking one could also check the list of libraries
loaded either in debugger event log or by Sysinternal's Process Explorer.
In the sample below there is a suspicious SSSensor.dll which is injected
into each process by an old version of Sygate Personal Firewall. Those
injected DLLs may hook the API calls they are interested in. They could be
injected by many different applications including a virus or other stuff.
If they are buggy it looks like a bug in your application :( Btw: The error
might not happen with blocking winsock API since most internet applications
use blocking winsock so they are more carefully tested.
--
Arno Garrels
Module Load: Project1.exe. Has Debug Info. Base Address: $00400000. Process Project1.exe (640)
Module Load: ntdll.dll. No Debug Info. Base Address: $7C910000. Process Project1.exe (640)
Module Load: KERNEL32.dll. No Debug Info. Base Address: $7C800000. Process Project1.exe (640)
Module Load: OLEAUT32.dll. No Debug Info. Base Address: $770F0000. Process Project1.exe (640)
Module Load: ADVAPI32.dll. No Debug Info. Base Address: $77DA0000. Process Project1.exe (640)
Module Load: RPCRT4.dll. No Debug Info. Base Address: $77E50000. Process Project1.exe (640)
Module Load: Secur32.dll. No Debug Info. Base Address: $77FC0000. Process Project1.exe (640)
Module Load: GDI32.dll. No Debug Info. Base Address: $77EF0000. Process Project1.exe (640)
Module Load: USER32.dll. No Debug Info. Base Address: $7E360000. Process Project1.exe (640)
Module Load: msvcrt.dll. No Debug Info. Base Address: $77BE0000. Process Project1.exe (640)
Module Load: ole32.dll. No Debug Info. Base Address: $774B0000. Process Project1.exe (640)
Module Load: VERSION.dll. No Debug Info. Base Address: $77BD0000. Process Project1.exe (640)
Module Load: COMCTL32.dll. No Debug Info. Base Address: $773A0000. Process Project1.exe (640)
Module Load: SHLWAPI.dll. No Debug Info. Base Address: $77F40000. Process Project1.exe (640)
Module Load: SHELL32.dll. No Debug Info. Base Address: $7E670000. Process Project1.exe (640)
Module Load: ShimEng.dll. No Debug Info. Base Address: $5CF00000. Process Project1.exe (640)
Module Load: IMM32.dll. No Debug Info. Base Address: $76330000. Process Project1.exe (640)
Module Load: LPK.dll. No Debug Info. Base Address: $62E10000. Process Project1.exe (640)
Module Load: USP10.dll. No Debug Info. Base Address: $75790000. Process Project1.exe (640)
Module Unload: ShimEng.dll. Process Project1.exe (640)
Module Load: UxTheme.dll. No Debug Info. Base Address: $5B0F0000. Process Project1.exe (640)
Module Load: MSCTF.dll. No Debug Info. Base Address: $746A0000. Process Project1.exe (640)
Module Load: appHelp.dll. No Debug Info. Base Address: $77B10000. Process Project1.exe (640)
Module Load: msctfime.ime. No Debug Info. Base Address: $75250000. Process Project1.exe (640)
Module Load: SSSensor.dll. No Debug Info. Base Address: $061F0000. Process Project1.exe (640)
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic