PDA

View Full Version : New WinXPx64 update breaks Daemon 4.03x64!



AllUltima
13.06.2006, 21:36
I have had Daemon up and running ever since i had WinXP x64 installed. However, upon installing the newly released
- "Update for Windows XP x64 Edition (KB914784)"
which boasts
-"improved Kernel patch protection" Daemon seems to be unable to successfully initialize upon starting the OS.
This update was released today, June 13, 2006.

I forgot the exact text of the initialization error, but upon booting it says that Daemon tools failed to initialize and that daemon requires Win2k+ and not to use a kernel debugger.

The obvious solution now, which i have already done, is not install this update. However, it would be greatly appreciated if you could update Daemon to work around this new security.

Thanks, AllUltima

Daantje
13.06.2006, 21:53
I had the same problem after the recent update of microsoft patches i did (windowsupdate.microsoft.com).

It seems the problem on my system is caused by a patch by Microsoft which causes problems with SPTD. It seems this part of the software has problems with the kernel update.

For my system (windows xp x64) the problem is caused by patch :
http://support.microsoft.com/kb/914784

Update for Windows XP x64 Edition (KB914784)
Date last published: 6/13/2006
Install this update to improve Kernel Patch Protection. Kernel patch protection in versions of Windows for x64-based systems protects code and critical structures in the Windows kernel from modification by unknown code or data. After you install this item, you may have to restart your computer.

You can uninstall this patch in c:\windows\$NtUninstallKB914784$\spuninst and run spuninst.exe

I must warn you that it might a security risk to downgrade but hey i want to have my daemon tools running ;)

After rebooting my problem went away.

If someone can find the windows xp version, please reply and try to uninstall that patch and tell us if it does the trick. O it might be handy to look in the uninstalldir of the patch, it should have a ntoskrnl.exe file in it.

To really solve this issue, people need to fix the SPTD to work with the new ntoskrnl.exe.

Daantje
13.06.2006, 22:01
I agree AllUtlima, i just post the same info on this forum too.
After a bunch of updates i figured out which patch caused it.

I have more info on how to install this patch on the x64 platform :

http://www.daemon-tools.cc/dtcc/showthread.php?t=6863&page=4&highlight=debugger

absinth
13.06.2006, 22:10
Yep, This just happened to me too. Hopefully it's a easy fix for daemon tool devs.

Dr.InfernO
13.06.2006, 23:22
Hey I also got XP x64 and have the same Error message.
Before I patched x64 everything worked fine. So it's definitly the new micro$oft patch.

LocutusofBorg
13.06.2006, 23:24
we are aware of this bullshit already. As soon as we can say
more about it, I will reply here. Until then, please keep this
thread clean as good as it gets. Do only post here when
you have new vital information!

LocutusofBorg
13.06.2006, 23:38
all affected users:

what exactly is written in your syslog? (SPTD-related)

MoiZie
13.06.2006, 23:45
all affected users:

what exactly is written in your syslog? (SPTD-related)
event viewer --> system:


0000: 00000000 00520001 00000000 c0040004
0010: 00000007 0000001d 00000000 00000000
0020: 00000000 00000000
Dunno if that is what you are looking for.. I'll try and deinstall that update, cauz i already installed :( (Then deinstalled DT4, and when trying to reinstall, no go :( )

edit: ok, i deinstalled the update, reinstalled DT4 and awxDTools, everything runs smoothly now... so it really is that update :)

LocutusofBorg
13.06.2006, 23:47
what does your syslog report - at least SPTD-driver should
mention something

ChaosTheory
14.06.2006, 00:06
thx, we already found issue. It requires alot of work, therefore
we can't safely determine when fix is available. For sure SPTD
needs update -> work is already in progress. I hope we can
provide a hotfix soon.

LocutusofBorg
14.06.2006, 00:33
seems Microsoft do alot of shit and I bet not only DT is
affected. For now, all we can suggest is to not install that
patch if you need DaemonTools functionality. This is nothing
that can be fixed in 1-2 days.

Also I can not say how to NOT install that patch affects
system-security.

FordGT90Concept
14.06.2006, 01:13
I installed a battery of updates for Windows XP Professional x64 Edition and after it came back up from restart, Daemon Tools threw the kernal debugger error. I tried reinstalling but everytime I restart, the SPTD messages comes up telling me to restart again. Daemon-Tools worked fine up until I installed those updates so I'm not sure what's going on.

I do have Visual Studio 6, 7.1, and 8 installed but they did not cause any problems prior to the updates.

http://rac.freepgs.com/updates.png

FordGT90Concept
14.06.2006, 01:19
I have x64 Edition and installed the these patches (http://rac.freepgs.com/updates.png) and now Daemon-Tools 4.03 fails to run and reinstall because of the SPTD.

Here's what the Event Viewer had to say about it:

Event Type: Error
Event Source: sptd
Event Category: None
Event ID: 4
Date: 6/13/2006
Time: 6:31:29 PM
User: N/A
Computer: BY-2005
Description:
Driver detected an internal error in its data structures for .

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 52 00 ......R.
0008: 00 00 00 00 04 00 04 c0 .......А
0010: 07 00 00 00 1d 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

LocutusofBorg
14.06.2006, 01:59
as stated above: you need to deinstall either Daemon Tools
OR the patch which is mentioned above.

Atm, DT can't run together with that patch installed.

This patch adds some "benefit" to kernel-protection, however,
it does NOT fix ANY security-holes. It is some kind of
"precaution" - if someone would name it. Fact is: it is not
needed and this is what really is strange. A fix for something
that isn't broken.... Maybe this was no coincidence - go
figure

LocutusofBorg
14.06.2006, 02:15
good, all vital info is already forwarded to responsible kernel-
developers.

For the moment, it seems you can safely uninstall the patch
which is responsible as it does NOT serve as a security-fix.
Even Microsoft state that this patch doesn't solve anything
at all. One day we have some Windows that control YOU
instead that you control your Windows. And that day is only
around the corner. Well just my 2cent.

Frankly spoken, seems more to me that this was issued only
to produce more work for us :D I do not see any good reason
for all this crap

3donovan3
14.06.2006, 03:16
I just installed the latest (10) XP64 updates and had this error pop up. Sorry I don't have any answers other than the probable cause. :confused:

Gonna try to uninstall and reinstall...


3donovan3
3bean3.com (IE Only... for now)

---
amd x2 4400
abit an8sli :mad:
bfg7800gtoc
2gb ocz 2.3.2.5

sp00kz
14.06.2006, 04:46
To remove the HotFix and enable daemon tools svc again, the hotfix may be removed by browsing to the folder:
C:\WINDOWS\$NtUninstallKB914784$\spuninst

If you used windows update to install the HotFix, or you installed multiple HotFixes at once, you MUST remove them in the order in which they were installed.

When running the spuninst.exe file, it will pop-up and tell you:
Setup detected the following programs on your computer:
Security Update for Windows XP (KBXXXXXX)

everything that it lists in the dialogue was installed at the same time the HotFix was installed. The hotfixes MUST be removed in the order they were installed.

For instance, I used windows update to install the HotFix and had to remove the following HotFixes in order:

KB917953
KB916281
KB918439
KB911280
KB917344

... before I could remove the KB914784 HotFix that caused the problem.

Good luck, hope this helps

FordGT90Concept
14.06.2006, 05:00
Frankly spoken, seems more to me that this was issued only
to produce more work for us :D I do not see any good reason
for all this crap
That's what I was afraid of. :(


I tried uninstalling KB914784 (http://support.microsoft.com/kb/914784) and it worked like a charm. :)

Daantje
14.06.2006, 05:55
I checked my eventlog, i have the same error in it about sptd.sys

Event Type: Error
Event Source: sptd
Event Category: None
Event ID: 4
Date: 13-6-2006
Time: 22:41:02
User: N/A
Computer: DAAN3
Description:
Driver detected an internal error in its data structures for .

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 52 00 ......R.
0008: 00 00 00 00 04 00 04 c0 .......А
0010: 07 00 00 00 1d 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

DisabledTrucker
14.06.2006, 08:22
Or if you did like me and just created a simple "restore point" prior to doing the updates, you can just "roll back" the installs and reinstall the ones you needed... Glad I wasn't the only one which noticed the foul-up from Microsoft, I figured they break something with all the patches they released today...As usual! Unfortunately it was Daemon that I seem to have a problem with, I'm using x64 edition if that matters, don't have access to my x32 edition to see if it occured on it as well or not.

IlyaZ
14.06.2006, 10:11
How do I know in which order I installed the updates?
Is the Auto Update feature of windows classed as Windows Update too?

washington_irving
14.06.2006, 10:33
I found this error only recently, and it hasn't just affected daemon tools. I'm finding it has caused problems with a range of applications. My NOD32 x64 program refused to open at startup, and a few other icons are missing from my taskbar.

Couple of hours later, most problems are solved.

But no D-tools. My error is slightly different to the ones found by others. I have completely lost the contents of my daemon tools directory. Everything is gone, the binaries, all gone, and the only thing left is the directory structure.

So, I try to reinstall D-tools, and because the installation requires the SCSI pass-through before installing, the installation fails, and constantly loads at startup. Because it cannot proceed, it won't install.

My suggestion is as follows, is it possible to make future versions capable of running without the SCSI pass-through? Similar to V3.47. Basically, make it so that if the SCSI pass-through fails on startup, it defaults to using a method from V3.47?

Also a final question, will V3.47 install on x64?

ficba
14.06.2006, 12:02
...to install DT too. I've just posted a thread explaining the problem I was having just thrying to install a fresh copy. It hasn't appeared yet so I can't give you the link.

I uninstalled the "Update for Windows XP x64 Edition (KB914784)" and now it installed fine, first time!

Great post, thanks.

J.

tutu
14.06.2006, 12:43
I have the same problem but I'd rather uninstall Deamon Tools as I don't need it at the moment.

But I when I try to uninstall Deamon Tools - the uninstaller says "Setup is unable to validate installation".

vbrtrmn
14.06.2006, 13:02
XP x64 here, as well, uninstalled the windows "patch", and DT works fine now. I'm pretty sick of XP patches that make other stuff break, the last one I uninstalled made QuickTime break :confused:

Thanks!

Visno
14.06.2006, 13:34
I can verify that it is one of the eight patches released by Microsoft on 6/13/06. I'm using windows 64-bit also.

HaZe303
14.06.2006, 14:12
You are absolutely right!!? I also have this problem after updating my x64 windows xp. If you un-install the: WindowsServer2003.WindowsXP-KB914784-x64-ENU, daemon tools will work again. Or atleast it did for me, this update has something to do with kernel debugger security issue, so i assume they have made it impossible to have dt installed at the same time as KB914784??? Hopefully DT-team are working on how to fix this. Coz i love my DT4, but i would like to have a secure windows as well... :)

By the way, this is my first post on this forum. Hello everybody!!! :)

HaZe303
14.06.2006, 14:15
I can confirm that un-installing the KB914784 update will fix the problem. This works on x64 too, so no difference in bits... :)

linflas
14.06.2006, 14:41
No need to unistall daemon tools

Just go to add/remove programs, ccheck the box at the top that says show updates, find the offending update, click remove, windows will show a dialog box saying some updates won't work, click "who gives a shit" and unistall it

then restart go to windows update page, will see the only thing in their is the update you just removed, just unclick it and click the box that says hide this update.

And never use auto update again, lol

And a big Fuck you to Billy and his vole's up there at M$ for bringing us this piece of shit

XibaD
14.06.2006, 15:42
Yeah, me too. Also using x64 edition, and when updated these days, daemon tools couldn't be run. Also can't uninstall or install SPTD (keeps me asking to install it).

Which exact patch is the one is causing trouble?

XibaD
14.06.2006, 15:56
I can verify that it is one of the eight patches released by Microsoft on 6/13/06. I'm using windows 64-bit also.

Yeah, confirmed it's KB914784 update. Remove it and Daemon Tools will work again.

waldo
14.06.2006, 16:13
I can also confirm...I installed, had problems...uninstalled, and all problems were removed.

WIth that patch I couldn't uninstall, install, or make changes to daemon tools

LocutusofBorg
14.06.2006, 16:19
Coz i love my DT4, but i would like to have a secure windows as well... :)

By the way, this is my first post on this forum. Hello everybody!!! :)

Hello to you, too! ;)

What concerns the quoted post from you:

This update does NOT FIX any holes!! Your windows is
secure even without that update. They patched the kernel
and this is deadly behaviour on a productive OS that is
sold as retail. Its unbelievable, really.

Seems they also broke some Virus-Scanners for X64 and
other drivers. Only god knows who had that crap idea.

volklman05
14.06.2006, 18:50
I am a 64 bit Windows user. Last night Windows had some updates and installed them. when I woke up my pc had restarted and I had this Daemon tools error on my screen
Initialization Error
This program requires at least Windows 2000 with SPTD 1.24 or higher. Kernel debugger must be deactivated.

What caused this and what can be done to fix it?

ADMINISTRATION: MOVED TO PROPER THREAD - NEXT TIME PLEASE USE THE SEARCH-FUNCTION
TO CHECK IF PROPER THREAD ALREADY EXISTS. You save alot of time and us alot of unneccassary
work! Thank you!

Yce
14.06.2006, 22:50
LoL this error same as in windows vista. but in vista i cant uninstall that patch :D Well... i think m1cro$oft is trying to kill all illegal cd/dvd copies with these actions :\

Dpak0n
15.06.2006, 00:09
You're really need to uninstall this "fix" and all would be ok.
Thanks to all - My DT working now!!!:rolleyes:

Best
15.06.2006, 09:13
Hope the DT team will release a patch for this, because i think many will not uninstall the fixes that microsoft releases a few days ago.
A patch is the best solution. Maybe standalone or in the next ver. of DT.

FakeMoth
15.06.2006, 19:07
It's clearly have something to do with the updates for windows. Just uninstall Update for Windows XP (KB914784) (check in Ad/Remove programs "Show Updates") and restart. It works people, I tell you! :D Do not try anything else because:

1. This program will install SCSI Pass Through Direct (SPTD) layer on your computer. WARNING - SPTD is not compatible with kernel mode debuggers (SoftICE, WinDBG etc.)! Please cancel setup if you plan to use kernel debugger on this machine... at the installation of Daemon Tools

and

2. Microsoft Security Advisory (914784) Update to Improve Kernel Patch Protection activates kernel debugging

so... it's kind of contradicting...

[Administration]: This forum is moderated, so please do NOT
double- and triple-post. All posts are reviewed and that takes some time. Thank you!

Jito463
15.06.2006, 19:40
They don't have to uninstall all the updates, just the one that breaks things. It's not even necessary, so there's not really a problem with removing it imo.

LocutusofBorg
15.06.2006, 19:48
LoL this error same as in windows vista. but in vista i cant uninstall that patch :D Well... i think m1cro$oft is trying to kill all illegal cd/dvd copies with these actions :\

I doubt it. Apart from the fact that they also "killed" LEGAL
DVD-emulation, they also break other apps that are not
involved in emulation at all, f.e. Anti-Virus, Monitor-drivers
/Printer-Drivers etc. etc.

And especially I do not see where they "killed" the cracks/
hacks. They simple added unwanted content to their systems
and what is even more a problem: this caused a huge distrust
not only at our side against Microsoft. Changing a productive
system THAT way is... (insert your favorite swearword here)

AlexSGV
15.06.2006, 20:11
I just got the problem after installing the latest batch of critical updates for Windows XP x64, and the kernel security patch was among them... DT and alcohol drivers disappeared from the SCSI and RAID controllers group under Device manager, and both would not work. Thanks to you all though, I can get my DT to work again!

Thanks again, and I hope a "more proper" solution becomes available soon (though I don't expect MS to withdraw or post a corrected version of their frivolous kernel security patch :mad:).

Jito463
16.06.2006, 01:37
This was posted by ZombieKil in the Alcohol forums. Probably nothing new to the devs as I'm sure they're already aware of this, but it's interesting info for the rest of us.


Some info on the kernel patch update that caused the problem!!

The x64-based versions of Microsoft Windows Server 2003 , Windows XP Professional x64 Edition, and later versions of Windows for x64-based systems do not allow the kernel to be patched except through authorized Microsoft-originated hot patches. (In this article, "x64" refers to the 64-bit architecture that is used in AMD64 and Intel Extended Memory 64 Technology systems.) Kernel-mode drivers that extend or replace kernel services through undocumented means (such as hooking the system service tables) can interfere with other software and affect the stability of the operating system. For x86-based systems, Microsoft discourages such practices but does not prevent them programmatically because doing so would break compatibility for a significant amount of released software. A similar base of released software does not yet exist for x64-based systems, so it is possible to add this level of protection to the kernel with less impact on compatibility.

Many system structures are protected on x64-based systems, including the system service dispatch tables, the interrupt descriptor table (IDT), and the global descriptor table (GDT). The operating system also does not allow third-party software to allocate memory "on the side" and use it as a kernel stack. If the operating system detects one of these modifications or any other unauthorized patch, it will generate a bug check and shut down the system.

For compatibility with Windows for x64-based systems, drivers must avoid the following practices:

• Modifying system service tables, for example, by hooking KeServiceDescriptorTable

• Modifying the interrupt descriptor table (IDT)

• Modifying the global descriptor table (GDT)

• Using kernel stacks that are not allocated by the kernel

• Patching any part of the kernel (detected only on AMD64-based systems)


Drivers for other platforms should avoid these practices, to help ensure stability and reliability of the operating system and a better experience for customers.

If your driver must perform a task that you think cannot be accomplished without patching the kernel, contact Microsoft Product Support Services or your Microsoft representative to help determine if a documented alternative exists. If no documented alternative exists for the functionality you want to implement, then the functionality will not be supported on any Windows operating system that includes patch protection support.

madman332
16.06.2006, 01:50
I too can confirm that the update caused this. I hope we can get an updated DT version that will work. I'm not saying that to blame DT, but I just imagine it will be much, much harder to convince Microsoft to fix this...

JoelEllison
16.06.2006, 02:57
General info like Jito463 posted:

http://www.microsoft.com/whdc/driver/kernel/64bitpatch_FAQ.mspx

ZombieKil's text was taken from

http://www.microsoft.com/whdc/driver/kernel/64bitpatching.mspx

FakeMoth
16.06.2006, 12:08
I too can confirm that the update caused this. I hope we can get an updated DT version that will work. I'm not saying that to blame DT, but I just imagine it will be much, much harder to convince Microsoft to fix this...
I don't think we should blame someone (though I'm not a Micro$oft fan). Those are just some requirements/dependencies like many others in IT - a common situation in another words... Just ignore the update or uninstall it (XP x64 I think it's very secure; sometimes I even "forget" to install an AV...) and as Locutus said: no holes are patched!

Daantje
16.06.2006, 18:24
Thanks again, and I hope a "more proper" solution becomes available soon (though I don't expect MS to withdraw or post a corrected version of their frivolous kernel security patch :mad:).

Well don't bet on that. The only way is to make it workin the future, is for the SPTD driver to be compatible with the latest x64 kernel update.

Vaginarian
16.06.2006, 19:50
After uninstalling that update it lists like 5 more that "may not work" after uninstalling.....
Looks good so far though, KUDOS to Daantje who discovered this....

Kyllsaph
17.06.2006, 08:54
I totally agree. Kudos is definately in order! Three cheers for Daantje!

As for worrying about the consequences of removing this patch the official FAQ on http://www.microsoft.com/technet/security/advisory/914784.mspx says:



"Is this a security vulnerability that requires Microsoft to issue an update?
No. While this updates adds additional checks to Kernel patch protection system, it does not involve a security vulnerability. Known methods that allow the kernel to be patched on systems where Kernel patch protection is enabled require a system to already be compromised by an attacker."


So I'm not going to loose any sleep over it!

frozensun
18.06.2006, 16:54
I have narrowed the problem down to one of the following updates:

kb916281
kb911280
kb914389
kb917344
kb917334
kb917953
kb918439
kb914784

As soon as I uninstalled these everything started working again. (dtools and alcohol now both run emulation fine).

I will post again once i have narrowed down to the exact patch. Maybe things will be fixed by next patch tuesday (July 13th)

Saihtam
18.06.2006, 23:53
The security update "kb914784" is probably the problem, as posted before. Here's a link to a M$ page were they say that it fixes the kernel debugger (http://support.microsoft.com/?kbid=914784)
BTW: I only registered just now to post this:) Hope it's useful to someone

muzy
19.06.2006, 00:02
its not just deamon, the latest version of Alcohol also uses sptdv1.24

and it tried to access the kernal, but the patch does not allow it to.

hopfully a future version/ fix is coming.

Jito463
19.06.2006, 00:04
As has been stated in numerous posts by numerous people, it's kb914784.

nishant_nms
19.06.2006, 05:03
I am one of the person who will choose to keep the MS update. And will request DT or duplex secure to come up with the update. I am missing DT dearly

Saihtam
19.06.2006, 11:56
Just so you know, after I uninstalled the update "kb914784". DT works perfect:D

Jito463
19.06.2006, 12:26
They are working on it, of course. But has been stated before, it will take time for an update which is why they suggested you uninstall the patch.

Zipsco
19.06.2006, 13:34
I have the problem you've all been having. Anyway mine came from a totally fresh installation with no starforce or antivirus... When it started to happen at first i was told to get a reg fixer, which i did... This totally screwed up my computer to the point it couldn't open in safe mode, anyway i reinstalled (using x64 as before) Then i reinstalled the basic system programs and some user programs like: "Spybot Search & Destroy" aswell as "Lavasoft adaware", i couldn't log into my network to get NAV yet, so i waited with the AV. Anyway, after having used DT while rebooting, it suddently after a no-install session came with the same error as you guys. Now i believe there were some update to windows, might that be what you guys are talking about (the windows hotfix problem, which will evt. be fixed) or is it the problem we have had the in this post? Iam pretty lost here.

t00py
19.06.2006, 16:59
Normally I would not sign up for a forum, but I just had to in this case. I have narrowed the problem with the kernel debugger error message down to a Windows Update :mad: ... don't know which yet, but I am working on it. Check back here for updates! I am trying to figure it out atm.


Hi guys, I received this error after installing Windows update KB914784. After I have uninstall it, everything was back in normal, and Deamon runs ok.
I think we need to wait for some update from Daemon.

MS info bout the update :
Install this update to improve Kernel Patch Protection. Kernel patch protection in versions of Windows for x64-based systems protects code and critical structures in the Windows kernel from modification by unknown code or data. After you install this item, you may have to restart your computer.

More information for this update can be found at http://go.microsoft.com/fwlink/?LinkId=67071

ENJOY DAEMON 4ever

snapgg
19.06.2006, 18:00
Sorry, but there is a possibility to make it to work if I have already deleted the hotfix unistallers with ccleaner and without restore point?
sorry for my english

Daantje
19.06.2006, 18:16
Sorry, but there is a possibility to make it to work if I have already deleted the hotfix unistallers with ccleaner and without restore point?
sorry for my english
There is a way, you have to get the files this patch replaces from your original installation files (extract them from the install cds cab-files).

mastahmeth
19.06.2006, 19:54
I think it has to do with the new windows security patches that came out... they do some stuff to the kernel that may either reactivate a debugger (hence the error message) or otherwise incompatible with d-tool's detection software.

I'm looking into now and will let you know if I see any solution.

LocutusofBorg
20.06.2006, 00:00
Well, this thread is closed now as all answers are
already there and further discussion isn't needed.

Wait until new release of sptd-driver or uninstall the
patch that cause the trouble.