[tor-bugs] #4956 [Tor Client]: TBB for Windows plus Kaspersky 2012 equals BSOD
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu May 24 16:01:21 UTC 2012
#4956: TBB for Windows plus Kaspersky 2012 equals BSOD
---------------------------+------------------------------------------------
Reporter: runa | Owner: sebastian
Type: defect | Status: reopened
Priority: major | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
---------------------------+------------------------------------------------
Comment(by marshray):
I got someone who knows a lot more about kernel debugging than I do to
help me look at the crash dump from
http://bayfiles.com/file/a3cf/07Lr8P/myMEMORY3.zip . Here are the
findings, they may be useful to Kaspersky:
* The address 4c0748 is in the tor.exe process and is the address of the
next instruction for Tor.exe to run. This code has been paged out. When
the OS goes to execute the instruction it causes a page fault, which is
normal. But when the OS tries to load it from the pagefile the kernel
encounters a corrupted PTE (page table entry). This creates a double-fault
situation which results in a bluescreen.
* The PTE for address 4c0748 is damaged. It should have a prototype PTE
one of its Base Pte/Pts In Subsect ranges, but it doesn't. This looks like
a good article on these structures
http://www.codemachine.com/article_protopte.html
* Tor has no drivers or any other code in the kernel.
* There is nothing Tor.exe is doing wrong with mapped files that could
this. The 'mapping' that triggers the crash is the tor.exe image itself.
The PTEs were corrupted at some point before that.
* There is no reason to think that changing Tor to not use a mapped file
would be a real fix for the problem, although it may mask it for a while.
* The problem is most likely Kaspersky's kernel code.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4956#comment:45>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list