Sep 21 2021 08:38 AM
@Tim Mangan I tried to set a environment variable using HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment, but that is not being picked up by the package. The configured variable does not appear in the package. Seems to be the same issue as with App-V 5.1. There is does not work also.
So I tried using the PSF tooling. My config.json is configured like
{
"enableReportError": true,
"applications": [],
"processes": [],
"config": {
"dll": "EnvVarFixup32.dll",
"EnvVars": [{
"name": "APP_HOME",
"value": "C:\\Program Files\\Test\\Test",
"useregistry": "false"
},
{
"name": "APP_TEST1",
"value": "TestTestTest",
"useregistry": "false"
},
{
"name": "APP_TEST2",
"value": "VFS\\ProgramFilesX64\\Zulu",
"useregistry": "false"
},
{
"name": "JAVA_HOME",
"value": "C:\\Program Files\\Zulu\\zulu-8-jre\\bin",
"useregistry": "false"
}
]
}
}
But after deploying the package, none of the environment variables do appear in by cmd process. What am i doing wrong. I also added the file EnvVarFixup32.dll to the root of the package.
Sep 30 2021 07:37 AM
@TIMOTHY MANGAN We did some further testing with the variables and found out the following.
Using the examples decribed in MSIX-PackageSupportFramework/readme.md at develop · TimMangan/MSIX-PackageSupportFramework · GitHub we use:
{
"dll": "EnvVarFixup.dll",
"config": {
"EnvVars": [{
"name": "ENVTEST1",
"value": "Test1!",
"useregistry": "false"
},
But this is not working. Why, because in the code the envVars is case-sensitive. When using envVars it is all working ;) EnvVars is wrong and envVars is working.
According to the debug logs we see it is working.
However when starting a cmd and dump the environment variables, we do not see them available. Any idea why?
Sep 30 2021 11:15 AM
Sep 30 2021 01:51 PM
Sep 30 2021 02:22 PM
Sep 30 2021 02:28 PM
Oct 04 2021 12:49 AM
@TIMOTHY MANGAN Thanks for your support in all these questions. I updated my JSON and package and did another test. Below my CONFIG.JSON which basically contains 3 shortcuts to a BAT, CMD and PS1 file to start in the bubble.
{
"applications": [{
"id": "PSFLAUNCHER2",
"executable": "c:\\program files\\Test\\Test.cmd",
"arguments": "",
"workingDirectory": "VFS\\ProgramFilesX64\\Test"
},
{
"id": "PSFLAUNCHER1",
"executable": "c:\\program files\\Test\\Test.bat",
"arguments": "",
"workingDirectory": "VFS\\ProgramFilesX64\\Test"
},
{
"id": "PSFLAUNCHER3",
"executable": "c:\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe",
"arguments": "-ExecutionPolicy Bypass -file Test.ps1",
"workingDirectory": "VFS\\ProgramFilesX64\\Test"
}
],
"processes": [{
"executable": ".*",
"fixups": [{
"dll": "TraceFixup.dll",
"config": {
"traceMethod": "outputDebugString",
"traceLevels": {
"default": "allFailures"
}
}
},
{
"dll": "EnvVarFixup.dll",
"config": {
"envVars": [{
"name": "APPHOME",
"value": "APP-HOME Test",
"useregistry": "false"
},
{
"name": "JAVAHOME",
"value": "JAVA-HOME Test",
"useregistry": "false"
},
{
"name": "VARTEST1",
"value": "VAR Test One",
"useregistry": "false"
}
]
}
}
]
}]
}
The CMD files contained a piece of code like:
echo "APPHOME %APPHOME%"
echo "JAVAHOME %JAVAHOME%"
echo "VARTEST1 %VARTEST1%"
The outcome of my CMD is:
The Debug logs show:
00000001 0.00000000 [3116] g_PackageFullName=test_1.0.23.0_x64__fg0t8wag126gc
00000002 0.00004560 [3116] g_PackageFamilyName=test_fg0t8wag126gc
00000003 0.00010110 [3116] g_ApplicationUserModelId=test_fg0t8wag126gc!PSFLAUNCHER2
00000004 0.00014800 [3116] g_ApplicationId=PSFLAUNCHER2
00000005 0.00019480 [3116] g_PackageRootPath=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc
00000006 0.00024190 [3116] g_FinalPackageRootPath=\\?\C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc
00000007 0.00029260 [3116] g_CurrentExecutable=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\PsfLauncher2.exe
00000008 0.00053690 [3116] Config.json not found in root of package C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc, look elsewhere.
00000009 0.00074920 [3116] Config.json found in executable folder of package C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc
00000010 0.00254990 [3116] Processes config match=.*
00000011 0.00334180 [3116] PsfRuntime is ready.
00000012 0.00378480 [3116] fixup not found at root of package, look elsewhere TraceFixup32.dll.
00000013 0.00984140 [3116] config traceMethod is default
00000014 0.01008900 [3116] fixup found at . C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\TraceFixup32.dll
00000015 0.01059720 [3116] Inject into current process: C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\TraceFixup32.dll
00000016 0.01171350 [3116] LoadLibrary:
00000017 0.01178380 [3116] File Name=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\EnvVarFixup.dll
00000018 0.01237080 [3116] Result=Expected Failure
00000019 0.01246850 [3116] Last Error=126 (The specified module could not be found)
00000020 0.01271630 [3116] Calling Module=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\PsfRuntime32.dll
00000021 0.01279940 [3116] LoadLibrary:
00000022 0.01286590 [3116] File Name=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\EnvVarFixup32.dll
00000023 0.01314120 [3116] Result=Expected Failure
00000024 0.01322660 [3116] Last Error=126 (The specified module could not be found)
00000025 0.01331330 [3116] Calling Module=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\PsfRuntime32.dll
00000026 0.01352820 [3116] fixup not found at root of package, look elsewhere EnvVarFixup32.dll.
00000027 0.01683790 [3116] NtQueryValueKey:
00000028 0.01694030 [3116] Value Name=
00000029 0.01701370 [3116] PreferExternalManifest
00000030 0.01707890 [3116]
00000031 0.01741750 [3116] Result=Expected Failure
00000032 0.01750540 [3116] Status=C0000034 (Object Name not found)
00000033 0.01837390 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL
00000034 0.01849100 [3116] Attaching EnvVarFixup
00000035 0.01863870 [3116] Initializing EnvVarFixup
00000036 0.01879930 [3116] EnvVarFixup InitializeConfiguration()
00000037 0.01886130 [3116] [0] GetEnvFixup Config: name=APPHOME
00000038 0.01892110 [3116] [0] GetEnvFixup Config: value=APP-HOME Test
00000039 0.01915770 [3116] [0] GetEnvFixup Config: useregistry=false
00000040 0.01922140 [3116] [0] GetEnvFixup Config: name=JAVAHOME
00000041 0.01928080 [3116] [0] GetEnvFixup Config: value=JAVA-HOME Test
00000042 0.01938060 [3116] [0] GetEnvFixup Config: useregistry=false
00000043 0.01944040 [3116] [0] GetEnvFixup Config: name=VARTEST1
00000044 0.01949940 [3116] [0] GetEnvFixup Config: value=VAR Test One
00000045 0.01958590 [3116] [0] GetEnvFixup Config: useregistry=false
00000046 0.01966940 [3116] EnvVarFixup: 3 config items read.
00000047 0.01993030 [3116] fixup found at . C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\EnvVarFixup32.dll
00000048 0.02029310 [3116] Inject into current process: C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\EnvVarFixup32.dll
00000049 0.02039270 [3116] In Launcher_main()
00000050 0.02289420 [3116] Json Application match against id=PSFLAUNCHER2
00000051 0.02299730 [3116] NtQueryValueKey:
00000052 0.02308230 [3116] Value Name=
00000053 0.02315720 [3116] ParentFolder
00000054 0.02321850 [3116]
00000055 0.02330060 [3116] Result=Expected Failure
00000056 0.02337280 [3116] Status=C0000034 (Object Name not found)
00000057 0.02656720 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000058 0.02668540 [3116] NtQueryValueKey:
00000059 0.02675330 [3116] Value Name=
00000060 0.02681540 [3116] Description
00000061 0.02687360 [3116]
00000062 0.02693300 [3116] Result=Expected Failure
00000063 0.02701090 [3116] Status=C0000034 (Object Name not found)
00000064 0.02708410 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000065 0.02722250 [3116] NtQueryValueKey:
00000066 0.02729720 [3116] Value Name=
00000067 0.02735990 [3116] ParsingName
00000068 0.02741800 [3116]
00000069 0.02747890 [3116] Result=Expected Failure
00000070 0.02755710 [3116] Status=C0000034 (Object Name not found)
00000071 0.02762990 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000072 0.02770830 [3116] NtQueryValueKey:
00000073 0.02776710 [3116] Value Name=
00000074 0.02782500 [3116] InfoTip
00000075 0.02788240 [3116]
00000076 0.02794050 [3116] Result=Expected Failure
00000077 0.02801340 [3116] Status=C0000034 (Object Name not found)
00000078 0.02808370 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000079 0.02815910 [3116] NtQueryValueKey:
00000080 0.02821750 [3116] Value Name=
00000081 0.02827620 [3116] LocalizedName
00000082 0.02833450 [3116]
00000083 0.02839230 [3116] Result=Expected Failure
00000084 0.02846330 [3116] Status=C0000034 (Object Name not found)
00000085 0.02853380 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000086 0.02860960 [3116] NtQueryValueKey:
00000087 0.02866850 [3116] Value Name=
00000088 0.02872930 [3116] Icon
00000089 0.02878640 [3116]
00000090 0.02884530 [3116] Result=Expected Failure
00000091 0.02891580 [3116] Status=C0000034 (Object Name not found)
00000092 0.02898500 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000093 0.02906050 [3116] NtQueryValueKey:
00000094 0.02911870 [3116] Value Name=
00000095 0.02917670 [3116] Security
00000096 0.02923500 [3116]
00000097 0.02929300 [3116] Result=Expected Failure
00000098 0.02936450 [3116] Status=C0000034 (Object Name not found)
00000099 0.02943540 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000100 0.02951060 [3116] NtQueryValueKey:
00000101 0.02956840 [3116] Value Name=
00000102 0.02962720 [3116] StreamResource
00000103 0.02968310 [3116]
00000104 0.02974050 [3116] Result=Expected Failure
00000105 0.02981080 [3116] Status=C0000034 (Object Name not found)
00000106 0.02989300 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000107 0.02997100 [3116] NtQueryValueKey:
00000108 0.03002890 [3116] Value Name=
00000109 0.03008800 [3116] StreamResourceType
00000110 0.03014450 [3116]
00000111 0.03020370 [3116] Result=Expected Failure
00000112 0.03027440 [3116] Status=C0000034 (Object Name not found)
00000113 0.03034320 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000114 0.03042770 [3116] NtQueryValueKey:
00000115 0.03048640 [3116] Value Name=
00000116 0.03054460 [3116] Roamable
00000117 0.03060220 [3116]
00000118 0.03066080 [3116] Result=Expected Failure
00000119 0.03073140 [3116] Status=C0000034 (Object Name not found)
00000120 0.03080270 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000121 0.03088150 [3116] NtQueryValueKey:
00000122 0.03094060 [3116] Value Name=
00000123 0.03100140 [3116] PreCreate
00000124 0.03108280 [3116]
00000125 0.03114510 [3116] Result=Expected Failure
00000126 0.03121980 [3116] Status=C0000034 (Object Name not found)
00000127 0.03129160 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000128 0.03136850 [3116] NtQueryValueKey:
00000129 0.03142700 [3116] Value Name=
00000130 0.03148540 [3116] Stream
00000131 0.03154230 [3116]
00000132 0.03160050 [3116] Result=Expected Failure
00000133 0.03167240 [3116] Status=C0000034 (Object Name not found)
00000134 0.03174200 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000135 0.03182630 [3116] NtQueryValueKey:
00000136 0.03188520 [3116] Value Name=
00000137 0.03194370 [3116] DefinitionFlags
00000138 0.03200150 [3116]
00000139 0.03205990 [3116] Result=Expected Failure
00000140 0.03213090 [3116] Status=C0000034 (Object Name not found)
00000141 0.03220330 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000142 0.03227770 [3116] NtQueryValueKey:
00000143 0.03233640 [3116] Value Name=
00000144 0.03240620 [3116] Attributes
00000145 0.03246380 [3116]
00000146 0.03252190 [3116] Result=Expected Failure
00000147 0.03259300 [3116] Status=C0000034 (Object Name not found)
00000148 0.03266330 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000149 0.03273900 [3116] NtQueryValueKey:
00000150 0.03279750 [3116] Value Name=
00000151 0.03285660 [3116] FolderTypeID
00000152 0.03291310 [3116]
00000153 0.03297220 [3116] Result=Expected Failure
00000154 0.03304200 [3116] Status=C0000034 (Object Name not found)
00000155 0.03311510 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000156 0.03319060 [3116] NtQueryValueKey:
00000157 0.03324900 [3116] Value Name=
00000158 0.03330820 [3116] InitFolderHandler
00000159 0.03336530 [3116]
00000160 0.03342350 [3116] Result=Expected Failure
00000161 0.03349380 [3116] Status=C0000034 (Object Name not found)
00000162 0.03356360 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000163 0.03403190 [3116] NtOpenKey:
00000164 0.03414450 [3116] Path=
00000165 0.03420810 [3116] PropertyBag
00000166 0.03426580 [3116]
00000167 0.03433000 [3116] Root=\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
00000168 0.03439310 [3116] Object Attributes=00000040
00000169 0.03445040 [3116] (
00000170 0.03451150 [3116] OBJ_CASE_INSENSITIVE
00000171 0.03456850 [3116] )
00000172 0.03462510 [3116]
00000173 0.03469040 [3116] Access=00020019
00000174 0.03474780 [3116] (
00000175 0.03480790 [3116] KEY_QUERY_VALUE
00000176 0.03489620 [3116] | KEY_ENUMERATE_SUB_KEYS
00000177 0.03574550 [3116] | KEY_NOTIFY
00000178 0.03582660 [3116] | READ_CONTROL
00000179 0.03588980 [3116] )
00000180 0.03594830 [3116]
00000181 0.03607760 [3116] Options=00000000
00000182 0.03614270 [3116] (REG_OPTION_NON_VOLATILE)
00000183 0.03620070 [3116]
00000184 0.03626030 [3116] Result=Expected Failure
00000185 0.03633770 [3116] Status=C0000034 (Object Name not found)
00000186 0.03641020 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000187 0.03668250 [3116] NtOpenKey:
00000188 0.03677800 [3116] Path=
00000189 0.03683950 [3116] KnownFolders
00000190 0.03689710 [3116]
00000191 0.03701170 [3116] Root=\REGISTRY\USER\S-1-5-21-2396449878-2845259392-2342097501-10863\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\3
00000192 0.03707520 [3116] Object Attributes=00000040
00000193 0.03713260 [3116] (
00000194 0.03719100 [3116] OBJ_CASE_INSENSITIVE
00000195 0.03724890 [3116] )
00000196 0.03730940 [3116]
00000197 0.03737190 [3116] Access=00000001
00000198 0.03742890 [3116] (
00000199 0.03748600 [3116] KEY_QUERY_VALUE
00000200 0.03754390 [3116] )
00000201 0.03760020 [3116]
00000202 0.03765930 [3116] Options=00000000
00000203 0.03771870 [3116] (REG_OPTION_NON_VOLATILE)
00000204 0.03777480 [3116]
00000205 0.03783370 [3116] Result=Expected Failure
00000206 0.03790690 [3116] Status=C0000034 (Object Name not found)
00000207 0.03797830 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000208 0.03831000 [3116] NtQueryValueKey:
00000209 0.03837420 [3116] Value Name=
00000210 0.03843200 [3116] en-US
00000211 0.03849070 [3116]
00000212 0.03856540 [3116] Result=Expected Failure
00000213 0.03863830 [3116] Status=C0000034 (Object Name not found)
00000214 0.03875290 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000215 0.03881350 [3116] NtQueryValueKey:
00000216 0.03887390 [3116] Value Name=
00000217 0.03893190 [3116] en-US
00000218 0.03899050 [3116]
00000219 0.03906140 [3116] Result=Expected Failure
00000220 0.03913270 [3116] Status=C0000034 (Object Name not found)
00000221 0.03943260 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000222 0.03950170 [3116] NtQueryValueKey:
00000223 0.03956140 [3116] Value Name=
00000224 0.03962050 [3116] en-US
00000225 0.03967910 [3116]
00000226 0.03975260 [3116] Result=Expected Failure
00000227 0.03982420 [3116] Status=C0000034 (Object Name not found)
00000228 0.04017470 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL
00000229 0.04038520 [3116] NtQueryValueKey:
00000230 0.04045030 [3116] Value Name=
00000231 0.04054990 [3116] en
00000232 0.04062430 [3116]
00000233 0.04070350 [3116] Result=Expected Failure
00000234 0.04077800 [3116] Status=C0000034 (Object Name not found)
00000235 0.04102450 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL
00000236 0.04111930 [3116] NtOpenKey:
00000237 0.04118390 [3116] Path=
00000238 0.04124240 [3116] Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
00000239 0.04130320 [3116]
00000240 0.04136590 [3116] Root=\REGISTRY\MACHINE
00000241 0.04142450 [3116] Object Attributes=00000040
00000242 0.04148300 [3116] (
00000243 0.04154070 [3116] OBJ_CASE_INSENSITIVE
00000244 0.04159860 [3116] )
00000245 0.04166060 [3116]
00000246 0.04171850 [3116] Access=00000001
00000247 0.04177730 [3116] (
00000248 0.04183600 [3116] KEY_QUERY_VALUE
00000249 0.04189330 [3116] )
00000250 0.04195390 [3116]
00000251 0.04201250 [3116] Options=00000000
00000252 0.04206990 [3116] (REG_OPTION_NON_VOLATILE)
00000253 0.04212890 [3116]
00000254 0.04220350 [3116] Result=Expected Failure
00000255 0.04227690 [3116] Status=C0000034 (Object Name not found)
00000256 0.04238670 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000257 0.04242470 [3116] NtOpenKey:
00000258 0.04252870 [3116] Path=
00000259 0.04258550 [3116] Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
00000260 0.04262960 [3116]
00000261 0.04267680 [3116] Root=\REGISTRY\MACHINE
00000262 0.04272560 [3116] Object Attributes=00000040
00000263 0.04277330 [3116] (
00000264 0.04281320 [3116] OBJ_CASE_INSENSITIVE
00000265 0.04286010 [3116] )
00000266 0.04289940 [3116]
00000267 0.04294750 [3116] Access=00000001
00000268 0.04299020 [3116] (
00000269 0.04303420 [3116] KEY_QUERY_VALUE
00000270 0.04307800 [3116] )
00000271 0.04312130 [3116]
00000272 0.04316640 [3116] Options=00000000
00000273 0.04321160 [3116] (REG_OPTION_NON_VOLATILE)
00000274 0.04325400 [3116]
00000275 0.04329790 [3116] Result=Expected Failure
00000276 0.04335610 [3116] Status=C0000034 (Object Name not found)
00000277 0.04341280 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000278 0.04355460 [3116] StartingScript commandString=
00000279 0.04359150 [3116] StartingScript currentDirectory=
00000280 0.04362850 [3116] StartingScript waitForScriptToFinish=true
00000281 0.04371060 [3116] Shell Launch=c:\program files\Test\Test.cmd
00000282 0.04374740 [3116] Arguments=
00000283 0.04378500 [3116] Working Directory: =C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test
00000284 0.04410870 [3116] NtQueryValueKey:
00000285 0.04417780 [3116] Value Name=
00000286 0.04422410 [3116] PackageRootFolder
00000287 0.04426650 [3116]
00000288 0.04431120 [3116] Result=Expected Failure
00000289 0.04437940 [3116] Status=80000005 (Buffer Overflow)
00000290 0.04441810 [3116] Required Length=136
00000291 0.04447420 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000292 0.04455200 [3116] NtQueryValueKey:
00000293 0.04459670 [3116] Value Name=
00000294 0.04464090 [3116] PackageStatus
00000295 0.04468240 [3116]
00000296 0.04478860 [3116] Result=Expected Failure
00000297 0.04486820 [3116] Status=C0000034 (Object Name not found)
00000298 0.04495220 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000299 0.04501210 [3116] NtQueryValueKey:
00000300 0.04507140 [3116] Value Name=
00000301 0.04512890 [3116] PackageSid
00000302 0.04518770 [3116]
00000303 0.04526360 [3116] Result=Expected Failure
00000304 0.04532640 [3116] Status=80000005 (Buffer Overflow)
00000305 0.04537140 [3116] Required Length=52
00000306 0.04541110 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000307 0.04549300 [3116] NtQueryValueKey:
00000308 0.04554210 [3116] Value Name=
00000309 0.04558070 [3116] CapabilitySids
00000310 0.04562270 [3116]
00000311 0.04566660 [3116] Result=Expected Failure
00000312 0.04577090 [3116] Status=80000005 (Buffer Overflow)
00000313 0.04583780 [3116] Required Length=56
00000314 0.04590110 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000315 0.04607180 [3116] NtQueryValueKey:
00000316 0.04611830 [3116] Value Name=
00000317 0.04616400 [3116] DevelopmentMode
00000318 0.04620690 [3116]
00000319 0.04625170 [3116] Result=Expected Failure
00000320 0.04631100 [3116] Status=C0000034 (Object Name not found)
00000321 0.04636710 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000322 0.04724710 [3116] NtOpenKey:
00000323 0.04732410 [3116] Path=
00000324 0.04737470 [3116] SOFTWARE\Microsoft\OLEAUT
00000325 0.04741730 [3116]
00000326 0.04746380 [3116] Root=\REGISTRY\MACHINE
00000327 0.04751000 [3116] Object Attributes=00000040
00000328 0.04755320 [3116] (
00000329 0.04760230 [3116] OBJ_CASE_INSENSITIVE
00000330 0.04764010 [3116] )
00000331 0.04768300 [3116]
00000332 0.04772820 [3116] Access=00000001
00000333 0.04777110 [3116] (
00000334 0.04782520 [3116] KEY_QUERY_VALUE
00000335 0.04785560 [3116] )
00000336 0.04789790 [3116]
00000337 0.04794220 [3116] Options=00000000
00000338 0.04798700 [3116] (REG_OPTION_NON_VOLATILE)
00000339 0.04803320 [3116]
00000340 0.04807730 [3116] Result=Expected Failure
00000341 0.04813510 [3116] Status=C0000034 (Object Name not found)
00000342 0.04819560 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000343 0.04917650 [3116] NtOpenKey:
00000344 0.04930140 [3116] Path=
00000345 0.04935100 [3116] SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1
00000346 0.04938060 [3116]
00000347 0.04942140 [3116] Root=\REGISTRY\MACHINE
00000348 0.04946860 [3116] Object Attributes=00000040
00000349 0.04951200 [3116] (
00000350 0.04955610 [3116] OBJ_CASE_INSENSITIVE
00000351 0.04959920 [3116] )
00000352 0.04964050 [3116]
00000353 0.04968740 [3116] Access=00020019
00000354 0.04973060 [3116] (
00000355 0.04978000 [3116] KEY_QUERY_VALUE
00000356 0.04981840 [3116] | KEY_ENUMERATE_SUB_KEYS
00000357 0.04986270 [3116] | KEY_NOTIFY
00000358 0.04992780 [3116] | READ_CONTROL
00000359 0.04997520 [3116] )
00000360 0.05001680 [3116]
00000361 0.05005910 [3116] Options=00000000
00000362 0.05011150 [3116] (REG_OPTION_NON_VOLATILE)
00000363 0.05014490 [3116]
00000364 0.05018920 [3116] Result=Expected Failure
00000365 0.05025400 [3116] Status=C0000034 (Object Name not found)
00000366 0.05030550 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000367 0.05063890 [3116] NtCreateKey:
00000368 0.05070630 [3116] Path=
00000369 0.05075200 [3116] Software\Microsoft\SecurityManager\CapAuthz\HasRepaired
00000370 0.05079520 [3116]
00000371 0.05084590 [3116] Root=\REGISTRY\MACHINE
00000372 0.05088670 [3116] Object Attributes=00000040
00000373 0.05092930 [3116] (
00000374 0.05097330 [3116] OBJ_CASE_INSENSITIVE
00000375 0.05101590 [3116] )
00000376 0.05105840 [3116]
00000377 0.05110540 [3116] Access=0000000E
00000378 0.05114820 [3116] (
00000379 0.05119170 [3116] KEY_SET_VALUE
00000380 0.05123520 [3116] | KEY_CREATE_SUB_KEY
00000381 0.05127880 [3116] | KEY_ENUMERATE_SUB_KEYS
00000382 0.05132220 [3116] )
00000383 0.05136460 [3116]
00000384 0.05140800 [3116] Class=
00000385 0.05145130 [3116]
00000386 0.05149710 [3116] Options=00000001
00000387 0.05154010 [3116] (
00000388 0.05158340 [3116] REG_OPTION_VOLATILE
00000389 0.05162650 [3116] )
00000390 0.05167300 [3116]
00000391 0.05171240 [3116] Result=Failure
00000392 0.05177470 [3116] Status=C0000022 (Access Denied)
00000393 0.05182690 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000394 0.05216220 [3116] NtCreateKey:
00000395 0.05224260 [3116] Path=
00000396 0.05228780 [3116] HasRepaired
00000397 0.05233100 [3116]
00000398 0.05237860 [3116] Root=\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz
00000399 0.05242620 [3116] Object Attributes=00000040
00000400 0.05246930 [3116] (
00000401 0.05251320 [3116] OBJ_CASE_INSENSITIVE
00000402 0.05255620 [3116] )
00000403 0.05259910 [3116]
00000404 0.05264640 [3116] Access=0000000E
00000405 0.05268910 [3116] (
00000406 0.05273330 [3116] KEY_SET_VALUE
00000407 0.05277690 [3116] | KEY_CREATE_SUB_KEY
00000408 0.05282070 [3116] | KEY_ENUMERATE_SUB_KEYS
00000409 0.05286390 [3116] )
00000410 0.05290620 [3116]
00000411 0.05295050 [3116] Class=
00000412 0.05299310 [3116]
00000413 0.05303800 [3116] Options=00000001
00000414 0.05308050 [3116] (
00000415 0.05312410 [3116] REG_OPTION_VOLATILE
00000416 0.05316720 [3116] )
00000417 0.05321030 [3116]
00000418 0.05325360 [3116] Result=Failure
00000419 0.05331140 [3116] Status=C0000022 (Access Denied)
00000420 0.05336670 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000421 0.05354460 [3116] NtQueryValueKey:
00000422 0.05359220 [3116] Value Name=
00000423 0.05363750 [3116] MaxRpcSize
00000424 0.05368100 [3116]
00000425 0.05372610 [3116] Result=Expected Failure
00000426 0.05378940 [3116] Status=C0000034 (Object Name not found)
00000427 0.05384350 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000428 0.05396070 [3116] NtOpenKey:
00000429 0.05400910 [3116] Path=
00000430 0.05405710 [3116] \Registry\Machine\System\CurrentControlSet\Services\CCG
00000431 0.05410080 [3116]
00000432 0.05414810 [3116] Object Attributes=00000040
00000433 0.05419190 [3116] (
00000434 0.05423590 [3116] OBJ_CASE_INSENSITIVE
00000435 0.05427940 [3116] )
00000436 0.05432320 [3116]
00000437 0.05436910 [3116] Access=00020019
00000438 0.05441410 [3116] (
00000439 0.05445980 [3116] KEY_QUERY_VALUE
00000440 0.05450480 [3116] | KEY_ENUMERATE_SUB_KEYS
00000441 0.05454860 [3116] | KEY_NOTIFY
00000442 0.05459310 [3116] | READ_CONTROL
00000443 0.05463680 [3116] )
00000444 0.05467960 [3116]
00000445 0.05472390 [3116] Result=Expected Failure
00000446 0.05478090 [3116] Status=C0000034 (Object Name not found)
00000447 0.05483800 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000448 0.05493700 [3116] NtOpenKey:
00000449 0.05499280 [3116] Path=
00000450 0.05503250 [3116] \Registry\Machine\System\CurrentControlSet\Services\CCG
00000451 0.05507630 [3116]
00000452 0.05512300 [3116] Object Attributes=00000040
00000453 0.05516620 [3116] (
00000454 0.05521060 [3116] OBJ_CASE_INSENSITIVE
00000455 0.05525450 [3116] )
00000456 0.05529690 [3116]
00000457 0.05534470 [3116] Access=00020019
00000458 0.05538810 [3116] (
00000459 0.05543210 [3116] KEY_QUERY_VALUE
00000460 0.05547590 [3116] | KEY_ENUMERATE_SUB_KEYS
00000461 0.05552330 [3116] | KEY_NOTIFY
00000462 0.05556750 [3116] | READ_CONTROL
00000463 0.05561570 [3116] )
00000464 0.05565820 [3116]
00000465 0.05570280 [3116] Result=Expected Failure
00000466 0.05576020 [3116] Status=C0000034 (Object Name not found)
00000467 0.05581610 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000468 0.05599950 [3116] NtOpenKey:
00000469 0.05607140 [3116] Path=
00000470 0.05611800 [3116] PsfLauncher2.exe
00000471 0.05616120 [3116]
00000472 0.05620870 [3116] Root=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
00000473 0.05625520 [3116] Object Attributes=00000240
00000474 0.05629840 [3116] (
00000475 0.05634340 [3116] OBJ_CASE_INSENSITIVE
00000476 0.05638720 [3116] | OBJ_KERNEL_HANDLE
00000477 0.05643020 [3116] )
00000478 0.05647330 [3116]
00000479 0.05652100 [3116] Access=00000009
00000480 0.05656370 [3116] (
00000481 0.05660830 [3116] KEY_QUERY_VALUE
00000482 0.05665230 [3116] | KEY_ENUMERATE_SUB_KEYS
00000483 0.05669650 [3116] )
00000484 0.05674060 [3116]
00000485 0.05678690 [3116] Result=Expected Failure
00000486 0.05684340 [3116] Status=C0000034 (Object Name not found)
00000487 0.05689980 [3116] Calling Module=C:\Windows\SYSTEM32\ntdll.dll
00000488 0.05707230 [3116] NtOpenKey:
00000489 0.05714440 [3116] Path=
00000490 0.05719340 [3116] Software\Policies\Microsoft\Windows NT\Rpc
00000491 0.05723570 [3116]
00000492 0.05728180 [3116] Root=\REGISTRY\MACHINE
00000493 0.05732910 [3116] Object Attributes=00000040
00000494 0.05737290 [3116] (
00000495 0.05741710 [3116] OBJ_CASE_INSENSITIVE
00000496 0.05746030 [3116] )
00000497 0.05750310 [3116]
00000498 0.05755050 [3116] Access=00020019
00000499 0.05759400 [3116] (
00000500 0.05763780 [3116] KEY_QUERY_VALUE
00000501 0.05768420 [3116] | KEY_ENUMERATE_SUB_KEYS
00000502 0.05772930 [3116] | KEY_NOTIFY
00000503 0.05777430 [3116] | READ_CONTROL
00000504 0.05781760 [3116] )
00000505 0.05786060 [3116]
00000506 0.05790590 [3116] Options=00000000
00000507 0.05795040 [3116] (REG_OPTION_NON_VOLATILE)
00000508 0.05799300 [3116]
00000509 0.05803730 [3116] Result=Expected Failure
00000510 0.05809450 [3116] Status=C0000034 (Object Name not found)
00000511 0.05815210 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000512 0.05831390 [3116] NtQueryValueKey:
00000513 0.05836130 [3116] Value Name=
00000514 0.05840690 [3116] IdleTimerWindow
00000515 0.05844970 [3116]
00000516 0.05849460 [3116] Result=Expected Failure
00000517 0.05855180 [3116] Status=C0000034 (Object Name not found)
00000518 0.05860820 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000519 0.05949630 [3116] NtOpenKey:
00000520 0.05957360 [3116] Path=
00000521 0.05962350 [3116] SOFTWARE\Microsoft\SecurityManager\CapAuthz
00000522 0.05966760 [3116]
00000523 0.05971330 [3116] Root=\REGISTRY\MACHINE
00000524 0.05976110 [3116] Object Attributes=00000040
00000525 0.05980500 [3116] (
00000526 0.05984930 [3116] OBJ_CASE_INSENSITIVE
00000527 0.05990190 [3116] )
00000528 0.05994540 [3116]
00000529 0.05999430 [3116] Access=00060009
00000530 0.06003900 [3116] (
00000531 0.06008340 [3116] KEY_QUERY_VALUE
00000532 0.06012750 [3116] | KEY_ENUMERATE_SUB_KEYS
00000533 0.06017230 [3116] | READ_CONTROL
00000534 0.06021590 [3116] | WRITE_DAC
00000535 0.06026160 [3116] )
00000536 0.06030200 [3116]
00000537 0.06034810 [3116] Options=00000000
00000538 0.06039490 [3116] (REG_OPTION_NON_VOLATILE)
00000539 0.06043790 [3116]
00000540 0.06048220 [3116] Result=Failure
00000541 0.06054220 [3116] Status=C0000022 (Access Denied)
00000542 0.06059980 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000543 0.06072080 [3116] NtOpenKey:
00000544 0.06079280 [3116] Path=
00000545 0.06084030 [3116] SOFTWARE\Microsoft\SecurityManager\CapAuthz
00000546 0.06088390 [3116]
00000547 0.06093040 [3116] Root=\REGISTRY\MACHINE
00000548 0.06097740 [3116] Object Attributes=00000040
00000549 0.06102040 [3116] (
00000550 0.06106500 [3116] OBJ_CASE_INSENSITIVE
00000551 0.06110800 [3116] )
00000552 0.06115100 [3116]
00000553 0.06119780 [3116] Access=00060000
00000554 0.06124150 [3116] (
00000555 0.06128610 [3116] READ_CONTROL
00000556 0.06133140 [3116] | WRITE_DAC
00000557 0.06137480 [3116] )
00000558 0.06141790 [3116]
00000559 0.06146270 [3116] Options=00000000
00000560 0.06150760 [3116] (REG_OPTION_NON_VOLATILE)
00000561 0.06155040 [3116]
00000562 0.06159480 [3116] Result=Failure
00000563 0.06165240 [3116] Status=C0000022 (Access Denied)
00000564 0.06170860 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000565 0.06188930 [3116] NtOpenKey:
00000566 0.06196790 [3116] Path=
00000567 0.06201580 [3116] Software\Microsoft\SecurityManager\CapAuthz\HasRepaired
00000568 0.06205920 [3116]
00000569 0.06210440 [3116] Root=\REGISTRY\MACHINE
00000570 0.06215100 [3116] Object Attributes=00000040
00000571 0.06219410 [3116] (
00000572 0.06223790 [3116] OBJ_CASE_INSENSITIVE
00000573 0.06228130 [3116] )
00000574 0.06232630 [3116]
00000575 0.06237470 [3116] Access=00010000
00000576 0.06241900 [3116] (
00000577 0.06246340 [3116] DELETE
00000578 0.06250700 [3116] )
00000579 0.06254990 [3116]
00000580 0.06259370 [3116] Result=Failure
00000581 0.06265210 [3116] Status=C0000022 (Access Denied)
00000582 0.06270890 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000583 0.06301840 [3116] NtOpenKey:
00000584 0.06309570 [3116] Path=
00000585 0.06314370 [3116] Software\Microsoft\SecurityManager\CapDBRedirect
00000586 0.06318760 [3116]
00000587 0.06323380 [3116] Root=\REGISTRY\MACHINE
00000588 0.06328090 [3116] Object Attributes=00000040
00000589 0.06332460 [3116] (
00000590 0.06336990 [3116] OBJ_CASE_INSENSITIVE
00000591 0.06341260 [3116] )
00000592 0.06345650 [3116]
00000593 0.06350370 [3116] Access=00020019
00000594 0.06354780 [3116] (
00000595 0.06359180 [3116] KEY_QUERY_VALUE
00000596 0.06363600 [3116] | KEY_ENUMERATE_SUB_KEYS
00000597 0.06368030 [3116] | KEY_NOTIFY
00000598 0.06372490 [3116] | READ_CONTROL
00000599 0.06376830 [3116] )
00000600 0.06381120 [3116]
00000601 0.06385770 [3116] Options=00000000
00000602 0.06390300 [3116] (REG_OPTION_NON_VOLATILE)
00000603 0.06394640 [3116]
00000604 0.06399090 [3116] Result=Expected Failure
00000605 0.06404870 [3116] Status=C0000034 (Object Name not found)
00000606 0.06410510 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000607 0.06425590 [3116] NtQueryValueKey:
00000608 0.06430350 [3116] Value Name=
00000609 0.06434890 [3116] AppPackageType
00000610 0.06439340 [3116]
00000611 0.06443800 [3116] Result=Expected Failure
00000612 0.06449630 [3116] Status=80000005 (Buffer Overflow)
00000613 0.06454320 [3116] Required Length=16
00000614 0.06459990 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000615 0.06467450 [3116] NtQueryValueKey:
00000616 0.06472000 [3116] Value Name=
00000617 0.06476460 [3116] PackageSid
00000618 0.06480780 [3116]
00000619 0.06485320 [3116] Result=Expected Failure
00000620 0.06498810 [3116] Status=80000005 (Buffer Overflow)
00000621 0.06507240 [3116] Required Length=182
00000622 0.06510120 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000623 0.06519040 [3116] NtQueryValueKey:
00000624 0.06523700 [3116] Value Name=
00000625 0.06528130 [3116] PackageSid
00000626 0.06532440 [3116]
00000627 0.06536910 [3116] Result=Expected Failure
00000628 0.06542860 [3116] Status=80000005 (Buffer Overflow)
00000629 0.06547510 [3116] Required Length=182
00000630 0.06553480 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000631 0.06561180 [3116] NtQueryValueKey:
00000632 0.06565700 [3116] Value Name=
00000633 0.06570160 [3116] CapSids
00000634 0.06574490 [3116]
00000635 0.06578880 [3116] Result=Expected Failure
00000636 0.06584570 [3116] Status=80000005 (Buffer Overflow)
00000637 0.06589290 [3116] Required Length=192
00000638 0.06594850 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000639 0.06601250 [3116] NtQueryValueKey:
00000640 0.06605790 [3116] Value Name=
00000641 0.06610190 [3116] CapSids
00000642 0.06614460 [3116]
00000643 0.06618860 [3116] Result=Expected Failure
00000644 0.06624460 [3116] Status=80000005 (Buffer Overflow)
00000645 0.06629060 [3116] Required Length=192
00000646 0.06634650 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000647 0.06642620 [3116] NtQueryValueKey:
00000648 0.06647230 [3116] Value Name=
00000649 0.06651700 [3116] DeviceCapSids
00000650 0.06656030 [3116]
00000651 0.06660460 [3116] Result=Expected Failure
00000652 0.06666220 [3116] Status=C0000034 (Object Name not found)
00000653 0.06671760 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000654 0.06678210 [3116] NtQueryValueKey:
00000655 0.06682770 [3116] Value Name=
00000656 0.06687240 [3116] CustomCapSids
00000657 0.06691530 [3116]
00000658 0.06695920 [3116] Result=Expected Failure
00000659 0.06701740 [3116] Status=C0000034 (Object Name not found)
00000660 0.06707270 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000661 0.06713690 [3116] NtQueryValueKey:
00000662 0.06718260 [3116] Value Name=
00000663 0.06722790 [3116] ApplicationFlags
00000664 0.06727170 [3116]
00000665 0.06731560 [3116] Result=Expected Failure
00000666 0.06737130 [3116] Status=80000005 (Buffer Overflow)
00000667 0.06741720 [3116] Required Length=16
00000668 0.06747210 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000669 0.06764080 [3116] NtOpenKey:
00000670 0.06771570 [3116] Path=
00000671 0.06776570 [3116] Software\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList\test_1.0.23.0_x64__fg0t8wag126gc
00000672 0.06780990 [3116]
00000673 0.06785640 [3116] Root=\REGISTRY\MACHINE
00000674 0.06790330 [3116] Object Attributes=00000040
00000675 0.06794680 [3116] (
00000676 0.06799060 [3116] OBJ_CASE_INSENSITIVE
00000677 0.06803350 [3116] )
00000678 0.06807670 [3116]
00000679 0.06812350 [3116] Access=00020119
00000680 0.06816680 [3116] (
00000681 0.06821080 [3116] KEY_QUERY_VALUE
00000682 0.06825650 [3116] | KEY_ENUMERATE_SUB_KEYS
00000683 0.06830000 [3116] | KEY_NOTIFY
00000684 0.06834440 [3116] | READ_CONTROL
00000685 0.06838760 [3116] )
00000686 0.06843060 [3116]
00000687 0.06847570 [3116] Options=00000000
00000688 0.06852080 [3116] (REG_OPTION_NON_VOLATILE)
00000689 0.06856590 [3116]
00000690 0.06860820 [3116] Result=Expected Failure
00000691 0.06866630 [3116] Status=C0000034 (Object Name not found)
00000692 0.06872240 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000693 0.06886050 [3116] NtQueryValueKey:
00000694 0.06890740 [3116] Value Name=
00000695 0.06895270 [3116] PackageRepositoryRoot
00000696 0.06899560 [3116]
00000697 0.06904070 [3116] Result=Expected Failure
00000698 0.06909780 [3116] Status=80000005 (Buffer Overflow)
00000699 0.06914480 [3116] Required Length=106
00000700 0.06920240 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000701 0.06931720 [3116] NtQueryValueKey:
00000702 0.06936660 [3116] Value Name=
00000703 0.06941230 [3116] PackageRepositoryRoot
00000704 0.06945550 [3116]
00000705 0.06950000 [3116] Result=Expected Failure
00000706 0.06955680 [3116] Status=80000005 (Buffer Overflow)
00000707 0.06960270 [3116] Required Length=106
00000708 0.06965830 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000709 0.07010510 [3116] NtOpenKey:
00000710 0.07017160 [3116] Path=
00000711 0.07022970 [3116] cmd.exe
00000712 0.07026020 [3116]
00000713 0.07031820 [3116] Root=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
00000714 0.07035990 [3116] Object Attributes=00000240
00000715 0.07040180 [3116] (
00000716 0.07044500 [3116] OBJ_CASE_INSENSITIVE
00000717 0.07048830 [3116] | OBJ_KERNEL_HANDLE
00000718 0.07053100 [3116] )
00000719 0.07057290 [3116]
00000720 0.07061920 [3116] Access=00000009
00000721 0.07066270 [3116] (
00000722 0.07071130 [3116] KEY_QUERY_VALUE
00000723 0.07074930 [3116] | KEY_ENUMERATE_SUB_KEYS
00000724 0.07079300 [3116] )
00000725 0.07083460 [3116]
00000726 0.07088310 [3116] Result=Expected Failure
00000727 0.07094030 [3116] Status=C0000034 (Object Name not found)
00000728 0.07099630 [3116] Calling Module=C:\Windows\SYSTEM32\ntdll.dll
00000729 0.07108200 [3116] NtOpenKey:
00000730 0.07112970 [3116] Path=
00000731 0.07117560 [3116] \Registry\Machine\Software\Microsoft\Wow64\x86\xtajit
00000732 0.07121860 [3116]
00000733 0.07126430 [3116] Object Attributes=00000640
00000734 0.07130760 [3116] (
00000735 0.07135290 [3116] OBJ_CASE_INSENSITIVE
00000736 0.07139770 [3116] | OBJ_KERNEL_HANDLE
00000737 0.07144130 [3116] | OBJ_FORCE_ACCESS_CHECK
00000738 0.07148440 [3116] )
00000739 0.07152710 [3116]
00000740 0.07157360 [3116] Access=00000101
00000741 0.07161640 [3116] (
00000742 0.07166070 [3116] KEY_QUERY_VALUE
00000743 0.07170400 [3116] )
00000744 0.07174760 [3116]
00000745 0.07179180 [3116] Result=Expected Failure
00000746 0.07184850 [3116] Status=C0000034 (Object Name not found)
00000747 0.07190470 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000748 0.09038900 [3116] NtOpenKey:
00000749 0.09046750 [3116] Path=
00000750 0.09053490 [3116] \Registry\MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls
00000751 0.09059430 [3116]
00000752 0.09065670 [3116] Object Attributes=00000040
00000753 0.09071520 [3116] (
00000754 0.09077350 [3116] OBJ_CASE_INSENSITIVE
00000755 0.09082990 [3116] )
00000756 0.09088600 [3116]
00000757 0.09094980 [3116] Access=00000001
00000758 0.09100690 [3116] (
00000759 0.09106410 [3116] KEY_QUERY_VALUE
00000760 0.09112200 [3116] )
00000761 0.09117820 [3116]
00000762 0.09123630 [3116] Result=Expected Failure
00000763 0.09131000 [3116] Status=C0000034 (Object Name not found)
00000764 0.09138100 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL
00000765 0.09149520 [3116] NtOpenKey:
00000766 0.09155750 [3116] Path=
00000767 0.09161800 [3116] \Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
00000768 0.09167430 [3116]
00000769 0.09173420 [3116] Object Attributes=00000040
00000770 0.09179100 [3116] (
00000771 0.09184800 [3116] OBJ_CASE_INSENSITIVE
00000772 0.09190480 [3116] )
00000773 0.09196080 [3116]
00000774 0.09202160 [3116] Access=00000003
00000775 0.09207850 [3116] (
00000776 0.09213580 [3116] KEY_QUERY_VALUE
00000777 0.09219610 [3116] | KEY_SET_VALUE
00000778 0.09226830 [3116] )
00000779 0.09230030 [3116]
00000780 0.09236820 [3116] Result=Expected Failure
00000781 0.09242290 [3116] Status=C0000034 (Object Name not found)
00000782 0.09247960 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL
00000783 0.09260190 [3116] NtQueryValueKey:
00000784 0.09264830 [3116] Value Name=
00000785 0.09269320 [3116] TransparentEnabled
00000786 0.09273590 [3116]
00000787 0.09278030 [3116] Result=Expected Failure
00000788 0.09283590 [3116] Status=C0000034 (Object Name not found)
00000789 0.09289130 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL
00000790 0.09299190 [3116] NtOpenKey:
00000791 0.09303840 [3116] Path=
00000792 0.09308710 [3116] \REGISTRY\USER\S-1-5-21-2396449878-2845259392-2342097501-10863\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
00000793 0.09312960 [3116]
00000794 0.09317640 [3116] Object Attributes=00000040
00000795 0.09322040 [3116] (
00000796 0.09326790 [3116] OBJ_CASE_INSENSITIVE
00000797 0.09331190 [3116] )
00000798 0.09335910 [3116]
00000799 0.09340460 [3116] Access=00000001
00000800 0.09344790 [3116] (
00000801 0.09349170 [3116] KEY_QUERY_VALUE
00000802 0.09353540 [3116] )
00000803 0.09357800 [3116]
00000804 0.09362220 [3116] Result=Expected Failure
00000805 0.09367940 [3116] Status=C0000034 (Object Name not found)
00000806 0.09373550 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL
00000807 0.09446210 [3116] NtQueryValueKey:
00000808 0.09450920 [3116] Value Name=
00000809 0.09455710 [3116] PackageRepositoryRoot
00000810 0.09460180 [3116]
00000811 0.09464700 [3116] Result=Expected Failure
00000812 0.09470650 [3116] Status=80000005 (Buffer Overflow)
00000813 0.09475310 [3116] Required Length=106
00000814 0.09481040 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000815 0.09494300 [3116] NtQueryValueKey:
00000816 0.09499060 [3116] Value Name=
00000817 0.09503690 [3116] PackageRepositoryRoot
00000818 0.09508010 [3116]
00000819 0.09512490 [3116] Result=Expected Failure
00000820 0.09518300 [3116] Status=80000005 (Buffer Overflow)
00000821 0.09522930 [3116] Required Length=106
00000822 0.09528450 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll
00000823 0.09564110 [3116] NtQueryValueKey:
00000824 0.09569150 [3116] Value Name=
00000825 0.09573740 [3116] PreferExternalManifest
00000826 0.09578030 [3116]
00000827 0.09582500 [3116] Result=Expected Failure
00000828 0.09588420 [3116] Status=C0000034 (Object Name not found)
00000829 0.09594130 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL
00000830 0.09645590 [3116] Possible injection to process C:\Windows\SysWOW64\cmd.exe 9864.
00000831 5.21323824 [3116] Process Launch Ready to run any end scripts.
00000832 5.21331358 [3116] EndingScript commandString=
00000833 5.21336651 [3116] EndingScript currentDirectory=
00000834 5.21341705 [3116] Process Launch complete.
Maybe above makes sense to you and could point me to the mistake i made or the fix that is required.
Thanks.
Oct 04 2021 06:11 AM - edited Oct 04 2021 06:13 AM
I am teaching a class, so I don't have time to look into this in detail right now, but quickly I see the following:
1 - The Trace fixup is not compatible with the other fixups, It should be removed.
2 - The executable parameter of the application is incorrect (Applications 1 and 2). Since the file is not native and is part of your package, that reference should be a relative one; a form similar to how you specified the working directory.
3 - On an x64 system, the cmd.exe will be a 64-bit process, so the 64bit versions of dlls would be needed. 32bit dlls were attempted because the reference to the cmd was no good.
Oct 04 2021 10:25 AM - edited Oct 04 2021 10:36 AM
@TIMOTHY MANGAN I made the modifications but still it does not work. Maybe it is related to my Windows 10 version 20H2. Or should support for envVar be available in there as well?
1. I did remove the TraceFixup but that does not make any difference. So I enabled it since I like the feature of seeing what is going on during the test.
2. I change the path to a relative one. Makes no difference :(
3. I forced the 64 bit versions of all DLLs and see in the debugview that those 64bit versions are loaded succesfull now.
Additionally from PowerShell I also tried: $env:APPHOME and [System.Environment]::GetEnvironmentVariable('APPHOME'). Both did not work.
Happy continuing teaching the class. Hope to see you in November in Culemborg in The Netherlands.