TCMD crash after upgrading to Windows 10

May 29, 2008
571
4
Groton, CT
After upgrading to Window 10, when I start TCMD 17.00.77 x64, the TCMD window starts, a TCC session starts in a tab,
then TCMD crashes, and the TCC window remains. I've tried this both elevated and non-elevated, the results are the same.
 

rconn

Administrator
Staff member
May 14, 2008
12,346
150
If the crash is in TCMD, you'll have a "TCMD.GPF" file (in the same directory as your TCMD.INI). Please send that file to support@jpsoft.com.

If you don't have a TCMD.GPF file, then the crash is either in Windows or a third-party dll that is being injected into TCMD. In that case, send the info in the error messagebox that Windows displays. I probably can't fix it in that case, but it might at least point to a workaround.
 
May 29, 2008
571
4
Groton, CT
I narrowed it down to an invocation of %@pset[%_ppid,x]. @PSET (from SYSUTILS) barfed with a 32-bit parent process message, but I suspect that error message is erroneous.

I commented the offending line out of my TCSTART.BAT, and the TCMD did not crash.

Vince, please take note. PSET64.EXE works for this purpose.
 
May 20, 2008
11,404
99
Syracuse, NY, USA
@PSET (or PSET.EXE) definitely won't work between processes of different "bitness" (32 vs. 64, is there a better word?). It starts a remote thread in the target app after injecting code and data which have the same bitness as @PSET itself. Between processes of the same bitness, it should work as long as this succeeds
Code:
OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD |
             PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, dwPid);
That's serious access. there's no doubt that it will fail if the target process is at a higher integrity level.

I updated PSET.EXE recently (IIRC, after a post by you) and then made some changes to @PSET but never updated SYSUTILS. I just updated SYSUTILS on lucky. Maybe that will work better.
 

rconn

Administrator
Staff member
May 14, 2008
12,346
150
Code:
OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_CREATE_THREAD |
             PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, FALSE, dwPid);
That's serious access. there's no doubt that it will fail if the target process is at a higher integrity level.

That will not work on Windows 10 unless you're running elevated (and possibly not even then unless the other process is a child of yours).
 
May 20, 2008
11,404
99
Syracuse, NY, USA
That will not work on Windows 10 unless you're running elevated (and possibly not even then unless the other process is a child of yours).
Not even between two ordinary processes (like a tabbed TCC and its parent TCMD)? What's prohibited?
 

rconn

Administrator
Staff member
May 14, 2008
12,346
150
Not even between two ordinary processes (like a tabbed TCC and its parent TCMD)? What's prohibited?

Not unless you've started the child process with the necessary permissions (i.e., like you were debugging the child). Windows 10 doesn't like these flags unless you're elevated:

PROCESS_ALL_ACCESS
PROCESS_CREATE_PROCESS
PROCESS_CREATE_THREAD
PROCESS_SET_INFORMATION
PROCESS_SET_QUOTA
PROCESS_VM_OPERATION
PROCESS_VM_WRITE


And remember, in Windows 10 you (1) can't completely disable UAC, and (2) administrators do not have all rights.

If you code sign your plugin dll, you are allowed more (but not all) access.
 
May 20, 2008
11,404
99
Syracuse, NY, USA
Not unless you've started the child process with the necessary permissions (i.e., like you were debugging the child). Windows 10 doesn't like these flags unless you're elevated:

PROCESS_ALL_ACCESS
PROCESS_CREATE_PROCESS
PROCESS_CREATE_THREAD
PROCESS_SET_INFORMATION
PROCESS_SET_QUOTA
PROCESS_VM_OPERATION
PROCESS_VM_WRITE


And remember, in Windows 10 you (1) can't completely disable UAC, and (2) administrators do not have all rights.
Dave noted that PSET64.EXE worked. It uses the same technique. It's not specifically meant to be used between parent and child, but between any two "peer" processes (same owner, same desktop, same integrity level, ...). I really doubt Windows would forbid that.
 

rconn

Administrator
Staff member
May 14, 2008
12,346
150
Dave noted that PSET64.EXE worked. It uses the same technique. It's not specifically meant to be used between parent and child, but between any two "peer" processes (same owner, same desktop, same integrity level, ...). I really doubt Windows would forbid that.

Microsoft has a history of disappointing you. :eek:

If the default security didn't block that, it wouldn't be much use.
 
May 20, 2008
11,404
99
Syracuse, NY, USA
Microsoft has a history of disappointing you. :eek:

If the default security didn't block that, it wouldn't be much use.
I'll still be surprised.

Dave, if you're following, (or anyone) please try a couple simple tests on Win10/64, one with PSET64 and one with SYSUTILS's @PSET.

Code:
pset64 %@pid[explorer.exe] path
and
Code:
echo %@pset[%@pid[explorer.exe],path]
 
May 29, 2008
571
4
Groton, CT
I did try. PSET64 seems to work between TCC, elevated or not, and any arbitrary 64-bit process (though I didn't check EVERY 64-bit process I have running).

@PSET causes _whatever_ 64-bit target process you name to crash. I started a TCC from explorer and did
Code:
echo %@pset[%_ppid,x]
and EXPLORER crashed.
The error message was
Code:
TCC: (Sys) Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

@Pset[%_ppid] (no 2nd argument) worked, though.
 
May 20, 2008
11,404
99
Syracuse, NY, USA
I did try. PSET64 seems to work between TCC, elevated or not, and any arbitrary 64-bit process (though I didn't check EVERY 64-bit process I have running).

@PSET causes _whatever_ 64-bit target process you name to crash. I started a TCC from explorer and did
Code:
echo %@pset[%_ppid,x]
and EXPLORER crashed.
The error message was
Code:
TCC: (Sys) Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

@Pset[%_ppid] (no 2nd argument) worked, though.
What did @PSET with no second argument do? Here, I just get an error.
Code:
v:\> echo %@pset[%@pid[explorer.exe]]
@PSET error: syntax: @PSET[pid,var[=[value]]]

Is there an "x" variable?

That's an odd error message, especially since the allocation of remote memory must have worked. All the google hits for that error message mention virtual drives, CDs, DVDs.

I'll look at the code very carefully, but a solution may have to wait until I have Win10/64.
 
May 29, 2008
571
4
Groton, CT
I see you uploaded another SYSUTILS version after the one I downloaded earlier today. I downloaded the new version (7/30/16), but the results are still the same.

With no second argument, @PSET *USED TO* return the command line of the target process. Until the most recent version, that's how it worked. I think you actually documented that at one point. You must have changed the code for that.

Makes no difference whether there is an x variable or not, as far as I can tell. I do recall that when @PSET worked, it used to give some error message if the target variable did not exist. When you get around to fixing it, it would be better (IMAO) if it just returned an empty string.
 
May 29, 2008
571
4
Groton, CT
Okay, maybe I'm remembering it incorrectly. It wouldn't be the first time I've been confused.

FWIW, I have code that looks like this:
Code:
SET NBITS=%@LEFT[2,%@EXEBITS[target.exe]]
PSET%NBITS% %@PID[target.exe] name=value
 
May 20, 2008
11,404
99
Syracuse, NY, USA
I might also be remembering incorrectly. Once upon a time, SYSUTILS may have contained a full-blown PSET. In any event, PSETnn.EXE works and @PSET doesn't. I ought to be able to figure it out, even without an x64 system.
 
May 20, 2008
11,404
99
Syracuse, NY, USA
Hmmm! I haven't found a smoking gun but I made a few minor changes (that I don't expect will help) and added some debug progress reporting.

Dave, if your willing, try ftp://lucky.syr.edu/debug/sysutils64.dll with a target process you don't mind crashing, like another TCC. Please post what you see. Here, I see the likes of this:
Code:
p:\4sysutils\release> echo %@pset[2952,x]
Parameters:
PID: 2952
VarName: x
Equal sign:
Data:

got hKernel32
got address of SEV
got address of GEV
opened process
got target exebits
exebits OK
alloc'd code memory
copied code
alloc'd data memory
copied data
created thread
thread exit: 0
(SYSUTILS) Not in remote environment: "x"
 
May 26, 2008
537
4
And remember, in Windows 10 you (1) can't completely disable UAC, ...

You can, it just requires editing a setting in Group Policy. I would not recommend it though. UAC on workstations really is a good thing and it's better to just get used to it. Plus if you disable UAC completely you won't be able to run metro style apps which now includes things like calc.exe.
 
May 29, 2008
571
4
Groton, CT
Vince, I replaced the .dll as you requested. When TCC starts up, it writes a whole bunch of stuff like you posted above, but the window disappears before I can copy it.
PSET %_PPID TZN
works. I know that variable is defined.
ECHO %@PSET[%_PPID,TZN] crashes the parent process.
 
May 20, 2008
11,404
99
Syracuse, NY, USA
Vince, I replaced the .dll as you requested. When TCC starts up, it writes a whole bunch of stuff like you posted above, but the window disappears before I can copy it.
PSET %_PPID TZN
works. I know that variable is defined.
ECHO %@PSET[%_PPID,TZN] crashes the parent process.
That info should be written in the child process, the process executing the ECHO %@PSET. The two processes should be running in different consoles.
 
May 29, 2008
571
4
Groton, CT
I started two separate TCC processes without TCMD, and looked up the PID of the first.
In both processes, I did PLUGIN /U SYSUTILS and PLUGIN /L (the test version of SYSUTILS64).
In the second process I did ECHO %@PSET[pid,TZN] and got this:
Code:
~\Work> echo %@pset[9804,tzn]
Parameters:
PID: 9804
VarName: tzn
Equal sign:
Data:

got hKernel32
got address of SEV
gor address of GEV
opened process
got target exebits
exebits OK
alloc'd code memory
copied code
alloc'd data memory
copied data
created thread
TCC: (Sys) The wait operation timed out.
Then I got an error window saying
Code:
TCC has stopped working

A problem caused the program to stop working correctly....
 
May 20, 2008
11,404
99
Syracuse, NY, USA
Thanks, Dave.

I gather your second snippet came from the other TCC, the target, the one that crashed ... yes/no?

Anyway, apparently, everything went as planned, but the remote thread didn't terminate (after 5 seconds). Hmmm! The code for starting and waiting for the thread is exactly the same in @PSET as in PSET64. In fact, PSET64, which you say works, has a much more elaborate remote thread. I'll look further, but without x64, I can't do any testing.
 
May 29, 2008
571
4
Groton, CT
Yes, the error box was generated from the target process. After releasing the error box, that process terminated.

Take as long as you need. I appreciate the fact that you're providing support (and for the fact that you supplied the programs to begin with).
I can use PSET64 and PSET32 for now.
 
May 20, 2008
11,404
99
Syracuse, NY, USA
Yes, the error box was generated from the target process. After releasing the error box, that process terminated.

Take as long as you need. I appreciate the fact that you're providing support (and for the fact that you supplied the programs to begin with).
I can use PSET64 and PSET32 for now.
And I appreciate your help.
 
Similar threads
Thread starter Title Forum Replies Date
G TCMD crash when copy Support 3
D Occasional TCMD 17 crash when starting additional TCC Support 4
cgunhouse Button Cause TCMD V17 to Crash Support 3
Mordachai Fixed Closing TCMD while IDE + Help Open = Crash Support 7
rfaquino TCMD 14.0 IDE Crash Support 7
vefatica TCMD crash in Win7 Support 7
M Unexplained TCMD/TCC crash... Support 9
M Another TCMD "crash" situation... Support 2
S "List" decoding problem And TCMD crash. Support 0
S "List" decoding problem And TCMD crash. Support 6
Juanma Barranquero Windows crash on suspend/hibernate with TCMD active Support 10
Juanma Barranquero Several nitpicks and a crash in TCMD 11 x64 / Windows 7 Support 17
Juanma Barranquero TCMD V10 beta: crash with "dirhistory /g" Support 1
MickeyF equivalent to TCSTART.btm for TCMD? Support 4
D Bug TCMD /X option Support 6
vefatica TCMD hides itself! Support 3
vefatica Tray min'd TCMD and ACTIVATE Support 6
C How to? starting TCC/TCMD v25 Support 2
CWBillow TCC and TCMD in Powershell Support 6
kb6ojs How to? "Specified Account Already Exists" error installing TCMD v27 Support 12
CWBillow TCMD Colors Support 8
Jay Sage Issues With TCMD File Explorer Support 0
C Last TCMD that supports win 7? Support 5
gentzel TCMD background color confusion Support 6
R Upgrade TCMD 19 to TCC 26 Support 1
Alpengreis Remaining TCMD background process (v26) ... Support 19
S Windows Server version not being detected correctly in TCMD 26RC2 Support 9
Joe Caverly DrawVLine results different in TCMD tab and detached TCC Support 11
Alpengreis [TCMD v25.00.24] Small space problem with the DE translation in Prefs-GUI Support 1
Alpengreis [TCMD v25.00.24] Problem with copy and paste and the # char via mouse in TCC Support 6
Jay Sage TCMD Crashes with "tctoolbar /c /r file" Support 5
nikbackm TCMD 25 - Unregister older TCMD version Support 2
G Documentation on TCMD.INI Support 9
R New Clear Buffer in TCMD Home Menu Support 2
CWBillow Back up TCMD tabs Support 2
CWBillow Upgrade Windows 10's effect on TCMD and TCC Support 3
DrusTheAxe TCMD 24.02.49 x64 crashed due to DivideByZero :-( Support 4
A After update to 24.02.49, helpfile tcmd.chm hangs when opened Support 0
David McClelland TCMD 24 & Perl - perl thinks it's own executable is ...\TCMD24\TCC.EXE??? Support 3
dcantor How to? Can 32-bit TCC be run on a system with 64-bit TCMD and TCC installed? Support 6
W pdir returns diff results between tcc and tcmd - one is an error msg Support 5
vefatica What's TCMD's problem with ^e[0m? Support 13
CWBillow TCMD PowerShell Tab elevated Support 6
A How to? Copy+Paste in TCMD tabs with Ctrl-Shift-Ins? Support 5
vefatica TCMD output invisible on Win10 Support 22
J Moving from TCC v22 to TCMD v24 issues Support 3
RChrismon How to? Copy TCMD.INI to New Version Support 7
rps TCMD OPTIONS dialog Support 2
rps TCMD Tabs priority option setting Support 0
D Can we fix the scaling for TCmd? Support 14

Similar threads