guard32.dll and GDB problems (CFP 3.0.25.378)

[svadimr]

Hello all,
I noticed a problem related to guard32.dll and GDB. This is the same problem as:

https://forums.comodo.com/empty-t20386.0.html

and

https://forums.comodo.com/empty-t21329.0.html

Summery of the problem is:
Program received signal SIGSEGV, Segmentation fault.
In ?? () (C:\WINDOWS\system32\guard32.dll)

Is there any formal solution for this problem besides disabling guard32.dll or disabling DEFENSE+?

Hope for your answer.

[3xist]

Hello all,
I noticed a problem related to guard32.dll and GDB. This is the same problem as:

https://forums.comodo.com/empty-t20386.0.html

and

https://forums.comodo.com/empty-t21329.0.html

Summery of the problem is:
Program received signal SIGSEGV, Segmentation fault.
In ?? () (C:\WINDOWS\system32\guard32.dll)

Is there any formal solution for this problem besides disabling guard32.dll or disabling DEFENSE+?

Hope for your answer.

Hey svadimr & Welcome to the Forums!

Is anything related to these files blocked here?

Defense+\Advanced\Computer Security Policy.

If so (Blocked or Allowed), Remove them from the list. Switch Defense+ to Training Mode (It will learn the applicaton), Then if it DOES succeed, Swtich D+ back to Safe Mode.

 

[svadimr]

Thank you for the fast answer.

I did exactly what you said and the problem is still exists. The interesting thing is if the DEFENSE+ disabled the problem still exists. If I rename guard32.dll or disable DEFENSE+ permanently then everything working.

What is the effect of disabling "guard32.dl" from autoruns?

[3xist]

Thank you for the fast answer.

I did exactly what you said and the problem is still exists. The interesting thing is if the DEFENSE+ disabled the problem still exists. If I rename guard32.dll or disable DEFENSE+ permanently then everything working.

What is the effect of disabling "guard32.dl" from autoruns?

Gurard32.dll is related to CFP 3.

So your saying it blocks it self?

[svadimr]

The full error message of the GDB is:
Program received signal SIGSEGV, Segmentation fault.
0x18f589a1 in ?? () from /cygdrive/c/WINDOWS/system32/guard32.dll

The same error happens in others different places related to GDB.

I don't sure what is exactly the reason for that.

How I can check if it blocks itself?

[3xist]

The full error message of the GDB is:
Program received signal SIGSEGV, Segmentation fault.
0x18f589a1 in ?? () from /cygdrive/c/WINDOWS/system32/guard32.dll

The same error happens in others different places related to GDB.

I don't sure what is exactly the reason for that.

How I can check if it blocks itself?

Well the thing is I don't know the effects of guard32.dll... It's very strange. Can you please make this a bug report? I'll actually move this thread to bug reports...

Done!

Developers check Bug Reports regularly. So I am *hoping* a Comodo Staff Member responses to you.

[gibran]

The full error message of the GDB is:
Program received signal SIGSEGV, Segmentation fault.
0x18f589a1 in ?? () from /cygdrive/c/WINDOWS/system32/guard32.dll

The same error happens in others different places related to GDB.

I don't sure what is exactly the reason for that.

How I can check if it blocks itself?

I guess  guard32.dll is injected in all processes as part of CFP design.
Maybe guard32.dll trigger such errors because the debugger access it.

Can you disable windows DEP to check if there are any changes?

[svadimr]

How do I disable windows DEP?

[gibran]

How do I disable windows DEP?

A detailed description of the Data Execution Prevention (DEP) feature
Disabling Windows DEP (Data Execution Prevention)

Keep it disabled until you take this test after that eneble it again.

[svadimr]

I took the test and with DEP and without DEP the situation is the same. The only thing that matters is in AutoRuns guard32.dll is checked or not. Without guard32.dll everything works just fine.

[gibran]

I took the test and with DEP and without DEP the situation is the same. The only thing that matters is in AutoRuns guard32.dll is checked or not. Without guard32.dll everything works just fine.

Thanls for taking the test. It appears there is no way round.
I'm concerned that guard32.dll is an essential CFP component.
Please run some leaktest to evaluate your security when guard32.dll is disabled.

BTW for reference please post an URL to download the toolchain that includes GDB as it could be useful when developer are going to address this bug.

[svadimr]

Oh well,
Do you have a good suggestion for easy and secure way to perform a leak test? I'll publish my results on this thread.

I'll publish soon the full chain of events that cause this BUG, but it is the same as in
https://forums.comodo.com/empty-t20386.0.html
and
https://forums.comodo.com/empty-t21329.0.html

Thanks a lot for your help.

[gibran]

Oh well,
Do you have a good suggestion for easy and secure way to perform a leak test? I'll publish my results on this thread.

As I don't know how guard32 work I cannot suggest a specific test. There are many leaktests at http://www.testmypcsecurity.com/securitytests/all_tests.html you can choose few tests in the first group with Firewall Leak and HIPS in Type of Test column

I'll publish soon the full chain of events that cause this BUG, but it is the same as in
https://forums.comodo.com/empty-t20386.0.html
and
https://forums.comodo.com/empty-t21329.0.html

No please post only a site to downoad the version of GDB you are using

[pepalogik]

I can confirm the bug. I use MinGW with GCC 4.2.1:
http://sourceforge.net/project/showfiles.php?group_id=2435
But it happens for some projects only. Actually, in my case, it happens since I checked the checkbox "This target provides the project's main executable" in Code::Blocks (http://www.codeblocks.org/). It seems impossible to uncheck it and I can't find where this setting is stored. Does anyone know something about this?

[mickmur]

Hey guys,

I could be way off here but through using the autoruns software as suggested earlier in this thread I have disabled the guard32.dll and everything seems to be working fine as regards using dbg.. thing is that the guard32.dll appears (in autoruns.exe) to belong to AVG's shield.

This doesn't bother me as I only use avg for on demand scanning.
As I said, I could be waaaay off!

Micheal