Hi,
our company uses Sophos Intercept X Exploit Prevention Systems (Hitman Engine version as of 16th January is 3.6.14.616). My desktop system is Windows 10 Enterprise 1703 (x64).
We are developing software with VisualStudio 2013-2017 in C++ and C#. After getting some "strange" crashes in one of my C++ solutions during debugging I've tried to debug with MicroSoft's App Verifier enabled.
The problems got even worse. As soon as even something simple like a "hello world" program is loaded into the debugger it crashes. The call stack does not even contain a single line of my program but references hmpalert.dll that is part of hitman pro.
This is a typical example:
> vrfcore.dll!_VerifierStopMessageEx() Unknown Symbols loaded.
vfbasics.dll!_AVrfpSanityCheckAddressRange@12() Unknown Symbols loaded.
vfbasics.dll!_AVrfpRtlEnterCriticalSection@4() Unknown Symbols loaded.
hmpalert.dll!738e2288() Unknown No symbols loaded.
[Frames below may be incorrect and/or missing, no symbols loaded for hmpalert.dll] Annotated Frame
hmpalert.dll!738def70() Unknown No symbols loaded.
ntdll.dll!LdrpPrepareImportAddressTableForSnap() Unknown Symbols loaded.
The console ouput contains just:
Invalid parameter passed to C runtime function.
It's impossible to continue from this point on.
Getting back to the "strange" crashes in my real world application. The program I develop is rather mature. It's in use for many years and runs perfectly fine outside of the debugger. Attaching the VS debugger to it, it crashes sooner or later with read or write access violations. These exceptions happen typically at trivial lines like "int i = 1;" Sometime the crashes happen within minutes, sometimes they did not happen for hours. My system was checked without finding any problems. A colleague run into the same kind of problems debugging a totally different program.
Anyone here having the same kind of problems?
How to use an essential tool like App Verifier and the VisualStudio debugger together with Sophos/Hitman Pro?
Cheers,
Kai
This thread was automatically locked due to age.