VirtualBox VMs can't start while Windhawk is running #25
Comments
|
Thanks for the report. An option for an exclusion list will be added in the next version.
Not for simplicity, but to be able to hijack process creation. See a more detailed explanation here: #21 (comment) Edit: For future visitors, it's enough to add the VirtualBox installation path to the exclusion list in Windhawk's settings. The installation path is ususally: Exclude-VirtualBox-in-Windhawk.mp4 |
|
With Windhawk v1.0, it's now possible to exclude processes in Windhawk. Please try it and let me know whether it helps. |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
OS: Windows Professional 11 Version 22H2 22621.900 x64
Reproduction Steps:
Expected:
VM starts and runs as expected.
Actual:
If Windhawk is running and you attempt to start a VirtualBox 7.0.2 or 7.0.4 (and possibly other versions) VM, you receive an error message:
VirtualBox - Error In supR3HardNtChildPurify
supHardenedWinVerifyProcess failed with VERR_SUP_VP_NT_QI_VIRTUAL_MEMORY_ERROR: (rc=-5637)Please try reinstalling VirtualBox.
where: supR3HardNtChildPurify what: 5 VERR_SUP_VP_NT_QI_VIRTUAL_MEMORY_ERROR (-5637) - Process Verification Failure: Error query virtual memory information. --------------------------- OK ---------------------------
The corresponding VirtualBox log file which contains more detailed information on the failure including memory addresses that failed to validate: VBoxHardening.log
My research suggests this failure is due to unsigned code injection being detected in the VM host process, so VirtualBox refuses to start the VM. This system is called "VM hardening" in VirtualBox.
https://forums.virtualbox.org/viewtopic.php?f=25&t=82106
Workaround:
Quitting Windhawk and restarting VirtualBox, and then starting VMs while Windhawk is not running resolves this error. Windhawk can be started while VMs are running with no effect to them in my testing.
Suggested Fix:
Windhawk should not inject into a process unless a plugin specifically requests it (or requests all processes, but then an exclusion list would be required as I said above). Right now it seems Windhawk injects into all processes, presumably to simplify the coding. This would resolve the issue as long as no plugins attempt specifically to inject into VirtualBox VMs.
If it is possible for a plugin to inject into ALL processes, an exclusion list would need to be maintained. This list could also optionally be exposed to the user in settings to allow the user to add new entries to this list for the purpose of resolving other compatibility problems.
Alternatively, the current method of injection could be kept with just the exclusion list.
The text was updated successfully, but these errors were encountered: