Issue with Opening Chrome and Task Manager After Installing r77 v1.63 #124
Comments
|
I did encounter the same error on task manager and I am pretty sure it's anti-virus doinig.As soon as disable defender and it works fine.The difference is I didn't test on windows 11 but windows server 2016 |
|
I tried to complete delete the windows defender and the system does not come with other AVs, still the same. Very confusing. |
|
I updated Windows 11 on my VM to the version that you tested with, however, TaskMgr and Edge don't cause any crashes, even with Windows Defender on. Of course the problem is obviously there. I'll just need to be able to reproduce it. Do you have any more insights that might be helpful? |
|
It is indeed hard to reproduce. I can't see anything that is common among devices that ran into these errors, except they are relatively new laptops, running windows 11 24h2. In the screenshot it says lack of a dll file, but actually when I uninstall r77 chrome runs perfectly. Another thing is, some application freeze after installing r77. Again, for no apparent reasons. Since I am not expert in relevant areas, if you can give me some information you need to diagnose the problem, so that next time I encounter something alike, I can try to collect them and send them to you. |
|
Also, same issue persists in 1.70 as well. |
|
I was getting "cant find chrome_elf.dll" error today in a windows server 2019 VM,but it only occurred at the first run of chrome |
Not necessarily the first time for me, it may happen a couple of time before chrome runs normally. But when I closed it and tried to re-open, this error message may appear again. It seems something wrong with the r77's dll injection process, maybe sometimes the injection was only partially completed, so that chrome.exe couldn't find the dll files it needs, at least, not until the injection is fully done. |
|
also first run of edge,afterward,it becomes normal,no error pop up
console application sometimes still getting this kind of error |
|
@wineggdrop Exactly! The thing is, this access denied thing never happens on my own computers, laptop or desktop, actual machine or vm, they all work fine. So I can't reproduce it... |
|
That's really a bummer when a bug is obviously there but can't be reproduced :( You mind doing some trial & erroring with me? That way I can hopefully get an idea of where the bug may be.
Thank you in advance for helping me with testing & isolating the issue! |
|
the above test result is of removing all the hook s VOID InitializeHooks() VOID UninitializeHooks() so pretty sure it's not the hook causing it.I have been testing if the hook causing the issue by removing one hook at a time for testing,and eventually with no hook at all,still getting that same issue. The problem is the randomness,I am using the bat script looping to run console commands for the test,sometimes it won't reproduct the issue in hours or only occur once. Moreover,in some VM,it just works flawlessly |
|
Thanks for testing removing the hooks! What about 3.) uncommenting one of the injection routes - how does this play out? |
I would try that the coming test |
|
It turns out my friend's laptop CAN indeed reproduce this issue. When r77 is installed, try running ffmpeg in terminal will 100% trigger "access is denied". Even with ffmpeg.exe's DOS stub changed(r77 service process), it still 100% triggers winerror 5 access denied. |
|
Since the access denied error only happens in console application,I am thinking if involving injection too early issue since console program initiation is kind of different from GUI program,if the injecting data starts to run before the console program completing the initiation and start its main thread,it may cause that error.If that is the case,may need to switch NtCreateThreadEx to NtQueueAPCThread,which would make sure the newly created process would not start the injection data before its own initiation process completed |
|
@wineggdrop Please help me to get things straight here. I wrote R77_HELPER_SIGNATURE into ffmpeg, so technically r77 won't try to inject. I don't understand why this would be a injection too early problem. :( |
are you sure you do that right?if no injection,it won't affect ffmpeg at all because R77 will check if the target has been injected or not before performing the injection.you can add ffmpeg's process name into PROCESS_EXCLUSIONS and recompile R77 modify r77def.h
Assume the ffmpeg with the processname as ffmpeg.exe,if not,you can modify it. then you can test again,that would make sure ffmpeg will not be injected. |
|
Now I am 100% sure the hooking isn't the cause of that issue.Today I modified the R77 dll and using AppInit DLLs to load the code,it works flawlessly.All applications loading user32.dll will loaded the modified R77 dll,I tested a few hours in 4 different VMs,no issue found. |
Yes sir I am 100% percent positive I did that. In fact, I even let ffmpeg do some idle run so that it wouldn't get terminated, and I opened r77 console to check if ffmpeg was recognized as a r77 service process, and it did. |
|
First run,run it again,woh't happen |
|
For some machine it's like there would only be an one-time error, or better, no error at all. |
Hi,
I am encountering an issue where I am unable to open Chrome, Edge, or Task Manager after installing r77 v1.63. My target machine is running Windows 11 Home Edition (fresh installation), OS version 26100.3194.
Initially, Windows Defender was enabled during the installation of r77. However, after installation, I received an "Access Denied" error when attempting to open certain applications. I suspected that Windows Defender might have flagged some files as threats, preventing execution. To rule this out, I completely uninstalled Windows Defender using scripts from GitHub.
Strangely, even after uninstalling the antivirus and reinstalling r77, I am still unable to launch certain applications such as Chrome, Edge, and Task Manager. The errors I receive include:
Could you provide any insights into what might have gone wrong or how I can resolve this issue?
Thank you so much for you time!
The text was updated successfully, but these errors were encountered: