Mouse,
The thanks is to you guys, this has got to be one of the most helpful forums anywhere :-TU
Just have to wait and see now, meanwhile I’ll run with guard dissed.
Best regards to you both
Rick
I have the same problem but with a different game (Sam & Max: Season 3). The game works only if I remove/rename guard32.dll. Disabling anything in Defense+ doesn’t solve it.
Hi odnorf,
Seems more than myself are experiencing this sort of problem but with different apps. The more of us there are the more likely it is it will get fixed hopefully 
Just looking through the forums in the CIS4 Applications and Incompatibility Problems I notice javaws is referenced by several users in particular Phazed and Dch48 both on 8th April. My crash log for the Xpand Rally game indicate a problem with javax swing. I am not that good on this kind of software but Javaws is one of the applications in this game and I suspect javax swing is a function it is trying to run, which opens up the start up splash screen, but is being blocked by D+ and being a bit more specific, the Guard function, which we are disabling by removing or renaming Guard32.dll.
Looking through the forum it seems as though there is a bit of history with java apps and CIS although I have not had any real problems other than as outlined in this post.
All the best and hopefully a solution soon.
Rick
Hi rickrev.
In my case the game doesn’t use java and it doesn’t crash either. It just stays at 100% cpu usage while locking the computer (only way out of is -after leaving it for about an hour- is to reset). As I said before the only solution seems to be to remove guard32.dll. Even permanently disabling defense+ doesn’t solve it. Perhaps the devs can look into it.
Interesting. One of the previous problems with guard32 back in 3.x was with Java. If you got Open Office to load an external Java installation it locked!
Best wishes
Mouse
Are you running the latest CIS version? In my version (.828) guard32 appears only in the repair directory, suggesting perhaps that it was withdrawn between versions.
Mouse
I’m using latest CIS (828) version updated from the first non-beta 4.x
Apologies, it’s in Windows\System32!
Mouse
Results of investigations largely carried out by Endymion (Thanks a lot, Endymion). But NB I am responsible for any errors in interpretation!. This is also a summary of what we know.
As we know Guard32.dll causes some apps not to load. An interaction with Java seems to be implicated in some cases.
Loading of guard32 into all apps can be prevented by renaming the file, or disabling it using Sysinternals (now Microsoft) Autoruns (Just Google it) Appinit tab. The latter has the advantage that you should not get constant update reminders from CIS. Please note however that Autoruns should be used with caution - best to create a system restore point first.
However you should note that in V4 Guard32 appears to have a role in:
- automatic sandboxing (you can of course just turn this off to avoid problems)
- buffer overflow protection (could use OS facilities instead - Enable DEP in My Computer ~ Properties ~ Advanced ~ Performance ~ Data Execution Prevention)
- alert simplification for registry access alerts (no work around)
It may have other undiscovered roles, but cannot determine these unless we get feedback from the devs (which has been requested).
Therefore it would be better to disable guard32 temporarily and/or only for apps that object to it.
Some of the effects of Guard32 on specific apps can be disabled by deliberately sandboxing an application as limited and virtualised. (I am not not clear which of these is essential). Sandboxing unrestricted unvirtualised should not have significant effects on an application and so is worth trying but probably won’t be sufficient.
We are still looking for a better work-around, and will get back if we find one.
Mouse
Hi mouse1,
Thanks for the update and also thanks to Endymion for his efforts. Really good to know that things are happening albeit in the background. As far as I can see with my limited knowledge guard32 and associated processes are doing something in CIS4 that they were not doing in the later versions of CIS3.
I have not tried running the app in the sandbox but will have a go later when I have a bit more time, I have left the sandbox disabled at this time as I found it too buggy. If it works I will post and let you know.
All the very best, Rick
Thanks please lets me know the result, particularly if it runs at the unrestricted level, unvirtualised.
Mouse
Hi Mouse1,
Got a few weird results here but here goes anyway :o
Adding program to the Sandbox, program does not run no matter settings or conditions.
Running program in the Sandbox (starting it from sandbox) with the sandbox disabled allows the program to start running with limited permissions, however trying to start the race allows it to load the race almost fully and then the program freezes message displayed “Unable to open file Replays\Current State\Restart.rs.tmp for writing. Error opening file.” Note limited permissions is the only option that works.
Enabling the Sandbox with registry/program virtualization either on or off is successful as long as the program is run in the sandbox with limited permission option being the only one that works.
Of course it is a pain in the neck having to open CIS and run it from the sandbox every time, suppose I could try a short cut on the desktop to reduce the inconvenience for the time being but is still only a work around.
Hope the information above is of some use.
All the best, Rick
The idea of a short cut on the desktop to run program in the sandbox is a non starter, short cut to this function cannot be made/or is probably not allowed
All the best, Rick
Ah well wierd indeed!
Maybe guard32 is not getting injected when game is run from CFP, as it cannot be injected into CFP.
I’ll PM Endymion to get his thoughts
Mouse
I was able to reproduce the overall issue (game terminate silently after few seconds) using Xpand Rally SP Demo .
(Issue reproduced with CFP 4.0.141842.828 OS: Windows XP 32bit SP3)
The game demo installs protection drivers (won’t run otherwise) and is based on Java 1.4.2 version (available in jre subfolder in game directory)
The only effective workarounds:
[ol]- Launching the game using Defense+ > Sandbox >“Run a Program in the Sandbox” dialog \ Run as Button \ Unrestricted (guard32.dll is injected into the game)
- Preventing guard32.dll from being loaded/used (eg using Sysinternal Autoruns\APPINIT tab to disable guard32.dll ) and rebooting
- Deactivating D+ permanently and rebooting[/ol]
Any other way to run the game proved ineffective: The game starts and terminate silently after few seconds.
“Defense+ Tasks > Sandbox > Add a Program to the Sandbox” did not appear to work despite workaround at point 1 would suggest otherwise.
Disabling sandbox and setting D+ mode to disabled did not appear to work.
Disabling all D+ monitor settings did not work too.
The crashlog [url=https://forums.comodo.com/bug-report-cis/cis4-d-preventing-techland-xpand-rally-game-running-probable-bug-t55088.0.html;msg387746#msg387746]attached to the first post[/url] doesn't appear to be related to the issue: In fact [url=http://www.xpandrally.com/?id=media]Xpand Rally [i]Xtreme[/i] SP Demo[/url] (another game) was able to run fine and generated a similar log output.
Also Xpand Rally Xtreme SP Demo is based on Java 1.4.2 and need to install a protection driver.
[url=https://forums.comodo.com/bug-report-cis/cis4-d-preventing-techland-xpand-rally-game-running-probable-bug-t55088.0.html;msg388700#msg388700]drwtsn32.log attached earlier [/url] mention an [url=http://www.updatexp.com/0xC0000005.html]access violation[/url] for D:\Games\Techland\ChromEd.exe which looks unrelated to the issue described and could be probably solved adding ChromEd.exe to [url=http://www.updatexp.com/dep-exceptions.html]windows DEP exception.[/url]
Hi Mouse1 and Endymion,
Thanks guys for your input and help
Endymion, yes it seems your results tie in pretty much with what I have experienced. From your comments about the logs I posted I think I had better clarify a couple of points and my thinking when I attached them.
The game crash log was cleared fully and then I attempted to run the game and as you so clearly and accurately described it, it “terminated silently”, then I checked the crash log without doing anything else, the fact it listed all the javax swing events as not found, I assumed not being an expert, to be relevant to the crash.
Regarding the Dr. Watson log - In the full game there is Chrome editor (I don’t know if it would be in the Demo) which I have never used cos I could not get it to run but as I understand it is a rally course editor for the game. The reason the entry is there was because I attempted to run that during initial investigation of why the game was not running. However further down the log, about one third the way down, there are entries which appear to me to relate to the actual game and not the Chrome editor, part of which I have pasted below, I have not pasted it all as it is quite long and is attached in an earlier post anyway. The information there is really beyond my knowledge and skills but may be applicable to what is happening.
Extract from Dr. Watson log posted earlier
----> Stack Back Trace <----
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** WARNING: Unable to verify checksum for D:\Games\Techland\jre\bin\client\jvm.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\Games\Techland\jre\bin\client\jvm.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\msvcrt.dll -
ChildEBP RetAddr Args to Child
035ffeb4 7c802532 0000016c 000003e8 00000000 ntdll!KiFastSystemCallRet
035ffec8 080a306e 0000016c 000003e8 02d91610 kernel32!WaitForSingleObject+0x12
035fff10 080de03d 00000001 000003e8 02d91540 jvm!JVM_FindSignal+0x163e2
035fff68 080ddec9 03420bb8 02d98810 080a99f1 jvm!JVM_RegisterUnsafeMethods+0x6f90
035fff80 77c3a3b0 02d98810 03420bb8 03419e84 jvm!JVM_RegisterUnsafeMethods+0x6e1c
035fffb4 7c80b6a3 02d98250 03420bb8 03419e84 msvcrt!endthreadex+0xa9
035fffec 00000000 77c3a341 02d98250 00000000 kernel32!GetModuleFileNameA+0x1b4
Perhaps if it would be helpful I could clear the Dr. Watson log and try and run the game again and see if anything useful is logged. I think I might do that anyway.
Again many thanks for all the input and effort.
Best wishes, Rick
Indeed the already available testcases, workarounds and comments provided enough infos to reproduce the overall issue (the only difference being using unrestricted sandbox in the workaround at point 1). There was not much I could add whereas you guys had already done an excellent work to narrow down the possibilities.
I’m not an expert as well but having the same log entries with the game that ran without using the workarounds ( Xpand Rally Xtreme SP Demo ) lead me to believe that they were unrelated and that the silent termination was more relevant to confirm the issue.
That testcase lead me also to believe that Java 1.4.2 was not seemingly related since it was used for both games (the unaffected SP Xtreme edition demo and the affected Xpand Rally SP Demo)
The demos had no ChromEd.exe executable but there is no doubt that the whole Dr. Watson log pertained that executable. The related access violation (0xC0000005) can be usually prevented by adding the affected exceutable to Windows DEP exception.
Perhaps it could prove useful to confirm the issue with the demos as it looks advantageous to use them (freely available) for testing in place of the (paid) retail game.
This would also allow any member (with different OS and setups) to reproduce and confirm the overall issue.
:-[ Hi Endymion,
You were spot on, Dr. Watson log does not register any details when the game does not run. Also I found the game will start unrestricted from the sandbox as you said (I had to use limited before) but it will only go as far as loading the race and then freezes.
If file system virtualization is then unchecked it will run ok from the sandbox unrestricted and the rally stage can be accessed and run.
Thanks again for your efforts, I really do think this has to be one of the best forums around for the unselfish help and assistance provided by it’s members.
Best wishes and regards, Rick
Yes Endymion has done a brilliant analysis to bring us to this point. Thanks Endymion!
It will help the devs greatly as well as solving your problem.
Just to confirm, you have made it run:
Via ‘Add a program to the Sandbox’
Unrestricted
Unvirtualised
& in addition a Windows DEP exception is necessary to run the ChromeEd.exe executable
So by running unvirtualised it is possible to run via ‘Add a program’ instead of ‘Run a program’
Is this correct?
Best wishes
Mouse
Hi Mouse1,
I fully agree, Endymion has done an excellent job precise and very succinct and I very much appreciate his efforts, it cleared my thoughts and also highlighted a couple of things I had missed or misunderstood.
Regarding your last post, I think the way I wrote my post perhaps confused the issue by saying ‘from’ instead of ‘in’ I hope the below clarifies it.
Negative - Via ‘Add a program to the Sandbox’. It has to be ‘Run a program in the Sandbox’
Yes - Unrestricted
Yes - Unvirtualised file system only (registry virtualisation enabled is ok)
“Add a Program to the Sandbox” does not work at all under any circumstances with D+ working normally i.e. not fully disabled (requiring reboot) or Guard32 disabled or removed.
All the very best, Rick