View Issue Details

IDProjectCategoryView StatusLast Update
0001668SUMoBugpublic2012-08-23 09:39
ReporterbyteheadAssigned ToKyle_Katarn 
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
PlatformIntel x64OSWindows 7OS VersionUltimate x64 SP1
Product Version3.4 
Target VersionFixed in Version3.4.4 
Summary0001668: SUMo gets confused by file system redirector under Win x64
DescriptionWhen scanning, SUMo tries to open some files directly from %WinDir%/system32 folder (e.g. components of FFDShow and Adobe Flash). Being a native 32-bit process, actually it gets served with a %WinDir%/SysWOW64 content under Windows x64 OS. That's why it doesn't report those DLLs in the list as being 64-bit, misleadingly showing as if the files it has probed belong to %WinDir%/system32.

Tech details:
1) http://support.microsoft.com/kb/942589
2) http://msdn.microsoft.com/en-us/library/aa365743.aspx

even more is here:
3) http://msdn.microsoft.com/en-us/library/aa384249%28v=vs.85%29

Part of solution for Delfi 7 (are we on WOW64?):
http://stackoverflow.com/questions/2863931/problems-reading-registry-from-delphi-7-on-windows-7-64-bit

P.S. Registry parsing code for WOW64 case might also need to be changed.
Steps To ReproduceSee attached screenshots for prove:

Case A:
=======

I have parallel 32/64-bit installations of FFDShow (both of v1.2.4461). Their 32/64-bit flavors of ff_vfw.dll component originally live under %WinDir%/SysWOW64 and %WinDir%/system32 respectively.

Screenshot 1:

SUMo lists only one instance of ff_vfw.dll under c:\windows\systems32 and "fails" to recognize it as 64-bit. The item from c:\windows\syswow64 (really 32-bit this time) is considered a full duplicate and therefore gets dropped (a separate issue);

Screenshot 2:

Then I copied these dlls into c:\program files and renamed them to ff_vfw_x32.exe / ff_vfw_x64.exe for SUMo to be able to scan them and me to easily tell them apart. Rescan --> RESULT: both dlls (albeit shown as .exe here) are properly recognized by SUMo as 32/64 bit ones!

Case B:
=======

I also happen to have parallel 32/64-bit installations of Flash (both of v11.3.300.270) for IE and FF.

Screenshots 3 & 4:

As you can see, again only c:\windows\systems32 components are listed and not "recognized" as 64-bit. As in case A, real 32-bit variants get cancelled out as duplicates.

CONCLUSIONS:
============

1) SUMo is not aware of file system redirection under Win x64 and *always* parses 32-bit components from SysWOW64, *thinking* it is from system32 actually;

2) File paths are not taken into account by duplicate items filter in the list, which effectively hides all other copies of the same app/component (another bug report pending).
TagsNo tags attached.

Relationships

parent of 0001662 resolvedKyle_Katarn Adobe Flash Player for IE/FF 64bits not detected 
parent of 0001582 resolvedKyle_Katarn SUMO does not detect 64bit Adobe Flash Player plugins 
parent of 0001584 resolvedKyle_Katarn SUMO does not detect both 32bit + 64bit java instalation - mutualy excluding items 
parent of 0001607 resolvedKyle_Katarn General detection troubles with parallel 32/64bit application, with mutual exclusion 
related to 0001708 resolvedKyle_Katarn Ffdshow incomplete detection on 64bits systems 

Activities

bytehead

2012-08-08 19:58

reporter  

scr1_ff32+64_before.png (57,374 bytes)
scr1_ff32+64_before.png (57,374 bytes)

bytehead

2012-08-08 19:59

reporter  

scr2_ff32+64_after.png (81,659 bytes)
scr2_ff32+64_after.png (81,659 bytes)

bytehead

2012-08-08 20:00

reporter  

scr3_flash32+64.png (56,990 bytes)
scr3_flash32+64.png (56,990 bytes)

bytehead

2012-08-08 20:00

reporter  

scr4_flash32+64.png (55,595 bytes)
scr4_flash32+64.png (55,595 bytes)

bytehead

2012-08-08 20:14

reporter  

SUMo_DB+log.zip (129,726 bytes)

bytehead

2012-08-08 20:15

reporter   ~0001049

Sorry for big screens ;)

poutnikg

2012-08-08 20:38

reporter   ~0001050

Last edited: 2012-08-08 20:40

View 2 revisions

I have expressed in the past such a redirection concern,
as author of Autocompress utility ( conditional NTFS file compression )
addressed the issue by a special compilation flag
for 32bit application to access true system32 folder.

But as non programmer, I could not tell any details.

http://www.kcsoftwares.com/forum/viewtopic.php?f=11&t=129

bytehead

2012-08-08 20:55

reporter   ~0001051

That flag make sense only for modern MS Visual Studio compilers, not ancient 32-bit only Delfi 7 (which SUMo is built on, afaik).

Kyle_Katarn

2012-08-08 21:45

administrator   ~0001056

You're right.
SUMo already uses
"Wow64EnableWow64FsRedirection" & "Wow64DisaableWow64FsRedirection" API to work on 64Bits OS but it seems to be not so efficient.

I also have some automatic path rewriting procedures (see "fix" lines in log after a scan in verbose mode) but this is an ugly workaround.

I'll probably send you a test build soon.

bytehead

2012-08-08 22:23

reporter   ~0001058

From the MSDN article:

1) about Wow64DisableWow64FsRedirection:

>> The Wow64DisableWow64FsRedirection / Wow64RevertWow64FsRedirection function pairing is a *replacement* for the functionality of the Wow64EnableWow64FsRedirection function.

>> Minimum supported client:
        Windows Vista, *Windows XP Professional x64 Edition*;
>> Minimum supported server:
        Windows Server 2008, Windows Server 2003 with SP1.

2) about Wow64EnableWow64FsRedirection

>> Minimum supported client:
    Windows Vista;
>> Minimum supported server:
    Windows Server 2003.

Does this mean Wow64EnableWow64FsRedirection is not supported under Win XP x64?

Kyle_Katarn

2012-08-08 22:39

administrator   ~0001060

I should use Wow64DisableWow64FsRedirection & Wow64RevertWow64FsRedirection instead

bytehead

2012-08-09 18:30

reporter  

loading on start-up.png (43,147 bytes)
loading on start-up.png (43,147 bytes)

bytehead

2012-08-09 18:31

reporter  

scanning.png (46,396 bytes)
scanning.png (46,396 bytes)

bytehead

2012-08-09 18:31

reporter  

loading_after_scan.png (43,370 bytes)
loading_after_scan.png (43,370 bytes)

bytehead

2012-08-09 18:33

reporter  

checking.png (44,625 bytes)
checking.png (44,625 bytes)

bytehead

2012-08-09 18:47

reporter   ~0001071

Last edited: 2012-08-09 18:49

View 2 revisions

>> SUMo already uses "Wow64EnableWow64FsRedirection" & "Wow64DisaableWow64FsRedirection" API to work on 64Bits OS but it seems to be not so efficient.

According to MSDN:
"Disabling file system redirection affects only operations made by the current thread. Some functions, such as CreateProcessAsUser, do their work on another thread, which is not affected by the state of file system redirection in the calling thread."

I noticed SUMo uses an extra thread (its own, apart from attached system dlls) when scanning or loading (checking uses only 1 own thread). Could it be that redirection API is used on the wrong one which makes it "inefficient"?

P.S. added screenshots from Process Hacker.

bytehead

2012-08-09 19:10

reporter   ~0001072

AFAII, one can simply use %windir%\Sysnative instead of %windir%\System32 under WOW64 on Vista and later. So, redirection API is needed only on Windows Server 2003 x64 and Windows XP x64. Am I correct?

Kyle_Katarn

2012-08-09 23:55

administrator   ~0001076

You're right. To be tested.

bytehead

2012-08-15 14:11

reporter   ~0001116

any news?

Kyle_Katarn

2012-08-15 14:33

administrator   ~0001117

Not tested so far (i was focused on 3.4.2 issues)

Kyle_Katarn

2012-08-20 23:23

administrator   ~0001158

Would you please download test build 171 ( http://www.kcsoftwares.com/beta/sumo_sysnative.exe ) and tell me if it improved the situation ?

bytehead

2012-08-21 03:50

reporter   ~0001160

Last edited: 2012-08-21 03:58

View 3 revisions

Yes, it did improve, but there's a mess with usage of sysnative / system32 /sysWOW64 strings in the proper context (see my test screenshots and error log).

"Sysnative" should not be exposed to end user as a real folder.

Flash 32/64 is shown as 3 diff. items instead of 2.

bytehead

2012-08-21 03:53

reporter  

errlst_TEST.txt (62,699 bytes)
errlst_TEST.txt (62,699 bytes)

bytehead

2012-08-21 03:53

reporter  

SUMo_test1.png (61,192 bytes)
SUMo_test1.png (61,192 bytes)

bytehead

2012-08-21 03:53

reporter  

SUMo_test2.png (50,230 bytes)
SUMo_test2.png (50,230 bytes)

Kyle_Katarn

2012-08-21 09:22

administrator   ~0001161

That's a good news. I'll post a news test build after fixing these glitches

Kyle_Katarn

2012-08-21 23:12

administrator   ~0001162

Would you please download it again (build 172) and tell me if it is now better ?

bytehead

2012-08-21 23:21

reporter   ~0001163

Beta download link doesn't seem to work for me.

Kyle_Katarn

2012-08-21 23:25

administrator   ~0001164

Problem with uploading... please retry in 5 minutes.

Kyle_Katarn

2012-08-21 23:31

administrator   ~0001165

Try this one : ftp://ftp2.kcsoftwares.com/kcsoftwa/beta/sumo_test.exe

bytehead

2012-08-21 23:36

reporter   ~0001166

Got it! Testing...

Kyle_Katarn

2012-08-21 23:44

administrator   ~0001167

Great!

bytehead

2012-08-22 00:24

reporter  

b172_issues.png (19,244 bytes)
b172_issues.png (19,244 bytes)

bytehead

2012-08-22 00:44

reporter   ~0001168

1) There's still an issues with SysNative strings being exposed and as a consequence double entries for Flash 64. Same problem for FFDShow.

All SysNative paths meant to be exposed (in GUI and logs) should be substituted with their System32 equivalents. I think internally there should be 2 parallel objects for storing paths, one for actual parsing, another one for presentation purposes, if that make sense.

2) Build 172 now always crashes after scan ("List index out of bounds"?) -- see screenshot.

bytehead

2012-08-22 00:44

reporter  

b172_crash_scr1.png (114,233 bytes)
b172_crash_scr1.png (114,233 bytes)

bytehead

2012-08-22 00:45

reporter  

b172_crash_scr2.png (126,019 bytes)
b172_crash_scr2.png (126,019 bytes)

Kyle_Katarn

2012-08-22 00:46

administrator   ~0001169

Thanks !

Duplcate probably come from build 171.
Please delete (but NO ignore) the sysnative lines and re-scan.

Is everything OK after that ?

bytehead

2012-08-22 00:52

reporter   ~0001170

Nope, it crashes immediately after scan is over. I deleted all 3 entries with sysnative (only from the list).

Kyle_Katarn

2012-08-22 00:56

administrator   ~0001171

Please attach SUMo log after crash

bytehead

2012-08-22 01:03

reporter   ~0001172

Here you go.

Kyle_Katarn

2012-08-22 01:04

administrator   ~0001173

Thanks

Kyle_Katarn

2012-08-22 01:15

administrator   ~0001174

Please post log with b173 : http://www.kcsoftwares.com/beta/sumo_test.exe

Won't fix bug but will give me clues.

bytehead

2012-08-22 01:22

reporter   ~0001175

Last edited: 2012-08-22 01:28

View 3 revisions

done.

P.S. I started out with an almost empty profile this time -- renamed "SUMo.skipped", "SUMo.cache" and "db.sumo" so that wizard came up. Still crashes on rescan.

bytehead

2012-08-22 01:33

reporter  

bytehead

2012-08-22 01:39

reporter   ~0001176

To go around this crash I've tried to check on a blank profile (without scanning at all) -- see attachment. How come only 64-bit variant of FFDshow is listed now? I would rather expect a SysWOW64 line there if only for a single entry.

Kyle_Katarn

2012-08-22 10:02

administrator   ~0001177

IT is now cristal clear ! I'm "internal" changing system32 to sysnative and then i look for the "new" name in the table of "old" names with the assumption that it is listed (no out of bound protection).

Concerning FFDShow 64bits only with blank profile : Please open a NEW issue for that (nice catch)

Kyle_Katarn

2012-08-22 10:52

administrator   ~0001178

Build 174 is ready : http://www.kcsoftwares.com/beta/sumo_test.exe

Please tell me if crash is fixed (if not, post log again)

Thank you !

bytehead

2012-08-22 15:07

reporter   ~0001179

Still crashes on a blank profile :( Exactly the same error. Log attached.

Kyle_Katarn

2012-08-22 16:05

administrator   ~0001180

Sorry, my mistake, fix was coded the bad way.

build 175 uploaded, fix and additionnal instrumentation.
Ready for test.
http://www.kcsoftwares.com/beta/sumo_test.exe

bytehead

2012-08-22 17:14

reporter   ~0001181

Seems OK to me -- no crashes, no sysnative strings, no doubled Flash components, JRE 32/64 is fine, too. Well, except for missing FFDShow 32 bit. Will open another bug report later.

Looks like the issue is resolved now. Was really a bitchy one! ;)

Kyle_Katarn

2012-08-22 17:42

administrator   ~0001182

Woohoo ! So happy to tag it "resolved".
Thank you for you help !

Kyle_Katarn

2012-08-23 09:39

administrator   ~0001183

Issue 1708 opened (FFDShow)

Issue History

Date Modified Username Field Change
2012-08-08 19:58 bytehead New Issue
2012-08-08 19:58 bytehead File Added: scr1_ff32+64_before.png
2012-08-08 19:59 bytehead File Added: scr2_ff32+64_after.png
2012-08-08 20:00 bytehead File Added: scr3_flash32+64.png
2012-08-08 20:00 bytehead File Added: scr4_flash32+64.png
2012-08-08 20:02 bytehead Steps to Reproduce Updated View Revisions
2012-08-08 20:03 bytehead Relationship added parent of 0001662
2012-08-08 20:04 bytehead Relationship added parent of 0001582
2012-08-08 20:05 bytehead Relationship added parent of 0001584
2012-08-08 20:14 bytehead File Added: SUMo_DB+log.zip
2012-08-08 20:15 bytehead Note Added: 0001049
2012-08-08 20:16 bytehead Steps to Reproduce Updated View Revisions
2012-08-08 20:38 poutnikg Note Added: 0001050
2012-08-08 20:40 poutnikg Note Edited: 0001050 View Revisions
2012-08-08 20:55 bytehead Note Added: 0001051
2012-08-08 20:57 bytehead Steps to Reproduce Updated View Revisions
2012-08-08 20:57 bytehead Steps to Reproduce Updated View Revisions
2012-08-08 20:58 bytehead Description Updated View Revisions
2012-08-08 21:45 Kyle_Katarn Note Added: 0001056
2012-08-08 21:45 Kyle_Katarn Assigned To => Kyle_Katarn
2012-08-08 21:45 Kyle_Katarn Status new => acknowledged
2012-08-08 22:23 bytehead Note Added: 0001058
2012-08-08 22:39 Kyle_Katarn Note Added: 0001060
2012-08-08 23:49 bytehead Relationship added parent of 0001650
2012-08-08 23:49 bytehead Relationship added parent of 0001607
2012-08-09 14:36 bytehead Relationship deleted parent of 0001650
2012-08-09 18:30 bytehead File Added: loading on start-up.png
2012-08-09 18:31 bytehead File Added: scanning.png
2012-08-09 18:31 bytehead File Added: loading_after_scan.png
2012-08-09 18:33 bytehead File Added: checking.png
2012-08-09 18:41 bytehead Description Updated View Revisions
2012-08-09 18:41 bytehead Steps to Reproduce Updated View Revisions
2012-08-09 18:47 bytehead Note Added: 0001071
2012-08-09 18:49 bytehead Note Edited: 0001071 View Revisions
2012-08-09 19:10 bytehead Note Added: 0001072
2012-08-09 23:55 Kyle_Katarn Note Added: 0001076
2012-08-15 14:11 bytehead Note Added: 0001116
2012-08-15 14:33 Kyle_Katarn Note Added: 0001117
2012-08-20 23:23 Kyle_Katarn Note Added: 0001158
2012-08-21 03:50 bytehead Note Added: 0001160
2012-08-21 03:53 bytehead File Added: errlst_TEST.txt
2012-08-21 03:53 bytehead File Added: SUMo_test1.png
2012-08-21 03:53 bytehead File Added: SUMo_test2.png
2012-08-21 03:56 bytehead Note Edited: 0001160 View Revisions
2012-08-21 03:58 bytehead Note Edited: 0001160 View Revisions
2012-08-21 09:22 Kyle_Katarn Note Added: 0001161
2012-08-21 23:12 Kyle_Katarn Note Added: 0001162
2012-08-21 23:21 bytehead Note Added: 0001163
2012-08-21 23:25 Kyle_Katarn Note Added: 0001164
2012-08-21 23:31 Kyle_Katarn Note Added: 0001165
2012-08-21 23:36 bytehead Note Added: 0001166
2012-08-21 23:44 Kyle_Katarn Note Added: 0001167
2012-08-22 00:24 bytehead File Added: b172_issues.png
2012-08-22 00:44 bytehead Note Added: 0001168
2012-08-22 00:44 bytehead File Added: b172_crash_scr1.png
2012-08-22 00:45 bytehead File Added: b172_crash_scr2.png
2012-08-22 00:46 Kyle_Katarn Note Added: 0001169
2012-08-22 00:52 bytehead Note Added: 0001170
2012-08-22 00:56 Kyle_Katarn Note Added: 0001171
2012-08-22 01:02 bytehead File Added: SUMo_b172.log
2012-08-22 01:03 bytehead Note Added: 0001172
2012-08-22 01:04 Kyle_Katarn Note Added: 0001173
2012-08-22 01:15 Kyle_Katarn Note Added: 0001174
2012-08-22 01:22 bytehead File Added: SUMo_b173.log
2012-08-22 01:22 bytehead Note Added: 0001175
2012-08-22 01:27 bytehead Note Edited: 0001175 View Revisions
2012-08-22 01:28 bytehead Note Edited: 0001175 View Revisions
2012-08-22 01:33 bytehead File Added: b173_check_with_blank_profile (no_scan).png
2012-08-22 01:39 bytehead Note Added: 0001176
2012-08-22 10:02 Kyle_Katarn Note Added: 0001177
2012-08-22 10:52 Kyle_Katarn Note Added: 0001178
2012-08-22 15:05 bytehead File Added: SUMo_b174.log
2012-08-22 15:07 bytehead Note Added: 0001179
2012-08-22 16:05 Kyle_Katarn Note Added: 0001180
2012-08-22 17:14 bytehead Note Added: 0001181
2012-08-22 17:42 Kyle_Katarn Note Added: 0001182
2012-08-22 17:42 Kyle_Katarn Status acknowledged => resolved
2012-08-22 17:42 Kyle_Katarn Fixed in Version => 3.4.4
2012-08-22 17:42 Kyle_Katarn Resolution open => fixed
2012-08-23 09:38 Kyle_Katarn Relationship added related to 0001708
2012-08-23 09:39 Kyle_Katarn Note Added: 0001183