trying your VM in VirtualBox, getting this error

[oighen]

Failed to open a session for the virtual machine Merlin 1.01 Drill Workshop.

The virtual machine 'Merlin 1.01 Drill Workshop' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\xxx\VirtualBox VMs\Merlin 1.01 Drill Workshop\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}

anything very simple that I am missing?

[cgivre]

A few things to check:

1. Are you running the latest version of VirtualBox?
2. Do you have enough memory? I think the VM is configured for 8GB. It will work with 4GB, but 8 is better when you start using Drill with other tools.

If not, could you post the contents of the VBoxHardening.log file?

[oighen]

1. Yes, downloaded the latest.
2. Yes, on this laptop I have 32GB, allocated 16GB for the VM.

Log attached.

Many thanks!

--eugen Amat victoria curam

On Wed, Jun 14, 2017 at 5:12 AM, Charles S. Givre notifications@github.com wrote:

A few things to check:

1. Are you running the latest version of VirtualBox?
2. Do you have enough memory? I think the VM is configured for 8GB. It will work with 4GB, but 8 is better when you start using Drill with other tools.

If not, could you post the contents of the VBoxHardening.log file?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache-drill/issues/1#issuecomment-308400105, or mute the thread https://github.com/notifications/unsubscribe-auth/ADwGAGRiqKAftk2ohWi_PFORsRfYAAhjks5sD8AHgaJpZM4N5VuR .

[cgivre]

Hi @oighen, I didn't get the log file in your email. I've been looking online and a lot of the advice about this type of error seems to suggest uninstalling/reinstalling VirtualBox. If you can attach the log in github, or paste the contents I'll do some more digging. What OS and version are you using?

[oighen]

Un-installed/re-installed VirtualBox, same error.

Failed to open a session for the virtual machine Merlin 1.01 Drill Workshop.

The virtual machine 'Merlin 1.01 Drill Workshop' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\Eugen\VirtualBox VMs\Merlin 1.01 Drill Workshop\Logs\VBoxHardening.log'. Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0} Now, the log is dumped below:

fbc.77d4: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000e4 g_uNtVerCombined=0xa0383900 fbc.77d4: \SystemRoot\System32\ntdll.dll: fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x1cc888 fbc.77d4: NT Headers: 0xd8 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x1d1000 (1904640) fbc.77d4: Resource Dir: 0x168000 LB 0x67988 fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.479 fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025) fbc.77d4: FileDescription: NT Layer DLL fbc.77d4: \SystemRoot\System32\kernel32.dll: fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0xab208 fbc.77d4: NT Headers: 0xf0 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0xac000 (704512) fbc.77d4: Resource Dir: 0xaa000 LB 0x530 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1198 fbc.77d4: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\KernelBase.dll: fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x21c780 fbc.77d4: NT Headers: 0xf8 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x21d000 (2215936) fbc.77d4: Resource Dir: 0x201000 LB 0x550 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1358 fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\apisetschema.dll: fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x18960 fbc.77d4: NT Headers: 0xc8 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x19000 (102400) fbc.77d4: Resource Dir: 0x18000 LB 0x400 fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.0 fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616) fbc.77d4: FileDescription: ApiSet Schema DLL fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 fbc.77d4: supR3HardenedWinFindAdversaries: 0x0 fbc.77d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' fbc.77d4: Calling main() fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 fbc.77d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' fbc.77d4: SUPR3HardenedMain: Respawn #1 fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32 fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS fbc.77d4: KnownDllPath: C:\Windows\System32 fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) fbc.77d4: supR3HardNtEnableThreadCreation: fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff94af9fa0 pvNtTerminateThread=00007fff94b26b20 fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564 [kernel32]. fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress=0000000000a93000 cbPeb=0x388 fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff94a80000 uNtDllChildAddr=00007fff94a80000 fbc.77d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff94af9fa0 fbc.77d4: supR3HardenedWinSetupChildInit: Start child. fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 15 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-0000000000c00fff 0x0040/0x0040 0x0020000 !! fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000) fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000] fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0 rp=0x00000000000001 fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports fbc.77d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000 fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526 ms, 33 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes (loop #1). 73a0.8564: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900 73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000 g_uNtVerCombined=0xa0383900 73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS) 73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1904640 allocation) fbc.77d4: supR3HardNtEnableThreadCreation: 73a0.8564: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32 73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 73a0.8564: KnownDllPath: C:\Windows\System32 73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub... 73a0.8564: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 73a0.8564: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 73a0.8564: Registered Dll notification callback with NTDLL. 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll 73a0.8564: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff913e0000 LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff92360000 LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL' 73a0.8564: supR3HardenedDllNotificationCallback: load 00007ff63e250000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 73a0.8564: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms, CloseEvents);

Many thanks!

--eugen Amat victoria curam

On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre notifications@github.com wrote:

Hi @oighen https://github.com/oighen, I didn't get the log file in your email. I've been looking online and a lot of the advice about this type of error seems to suggest uninstalling/reinstalling VirtualBox. If you can attach the log in github, or paste the contents I'll do some more digging. What OS and version are you using?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache-drill/issues/1#issuecomment-310794840, or mute the thread https://github.com/notifications/unsubscribe-auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR .

[oighen]

OS: Windows 10.

--eugen Amat victoria curam

On Sat, Jun 24, 2017 at 12:36 PM, Eugen Chirila eugenc@gmail.com wrote:

Un-installed/re-installed VirtualBox, same error.

Failed to open a session for the virtual machine Merlin 1.01 Drill Workshop.

The virtual machine 'Merlin 1.01 Drill Workshop' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\Eugen\VirtualBox VMs\Merlin 1.01 Drill Workshop\Logs\VBoxHardening.log'. Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0} Now, the log is dumped below:

fbc.77d4: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000e4 g_uNtVerCombined=0xa0383900 fbc.77d4: \SystemRoot\System32\ntdll.dll: fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x1cc888 fbc.77d4: NT Headers: 0xd8 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x1d1000 (1904640) fbc.77d4: Resource Dir: 0x168000 LB 0x67988 fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.479 fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025) fbc.77d4: FileDescription: NT Layer DLL fbc.77d4: \SystemRoot\System32\kernel32.dll: fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0xab208 fbc.77d4: NT Headers: 0xf0 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0xac000 (704512) fbc.77d4: Resource Dir: 0xaa000 LB 0x530 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1198 fbc.77d4: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\KernelBase.dll: fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x21c780 fbc.77d4: NT Headers: 0xf8 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x21d000 (2215936) fbc.77d4: Resource Dir: 0x201000 LB 0x550 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1358 fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\apisetschema.dll: fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x18960 fbc.77d4: NT Headers: 0xc8 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x19000 (102400) fbc.77d4: Resource Dir: 0x18000 LB 0x400 fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.0 fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616) fbc.77d4: FileDescription: ApiSet Schema DLL fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 fbc.77d4: supR3HardenedWinFindAdversaries: 0x0 fbc.77d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' fbc.77d4: Calling main() fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 fbc.77d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' fbc.77d4: SUPR3HardenedMain: Respawn #1 fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32 fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS fbc.77d4: KnownDllPath: C:\Windows\System32 fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) fbc.77d4: supR3HardNtEnableThreadCreation: fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff94af9fa0 pvNtTerminateThread=00007fff94b26b20 fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564 [kernel32]. fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress=0000000000a93000 cbPeb=0x388 fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff94a80000 uNtDllChildAddr=00007fff94a80000 fbc.77d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff94af9fa0 fbc.77d4: supR3HardenedWinSetupChildInit: Start child. fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 15 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-0000000000c00fff 0x0040/0x0040 0x0020000 !! fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000) fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000] fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0 rp=0x00000000000001 fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports fbc.77d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000 fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526 ms, 33 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes (loop #1). 73a0.8564: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900 73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000 g_uNtVerCombined=0xa0383900 73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS) 73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1904640 allocation) fbc.77d4: supR3HardNtEnableThreadCreation: 73a0.8564: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32 73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 73a0.8564: KnownDllPath: C:\Windows\System32 73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub... 73a0.8564: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 73a0.8564: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 73a0.8564: Registered Dll notification callback with NTDLL. 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Windows\System32\kernel32.dll 73a0.8564: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff913e0000 LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Windows\System32\KernelBase.dll 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff92360000 LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL' 73a0.8564: supR3HardenedDllNotificationCallback: load 00007ff63e250000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 73a0.8564: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms, CloseEvents);

Many thanks!

--eugen Amat victoria curam

On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre < notifications@github.com> wrote:

Hi @oighen https://github.com/oighen, I didn't get the log file in your email. I've been looking online and a lot of the advice about this type of error seems to suggest uninstalling/reinstalling VirtualBox. If you can attach the log in github, or paste the contents I'll do some more digging. What OS and version are you using?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache-drill/issues/1#issuecomment-310794840, or mute the thread https://github.com/notifications/unsubscribe-auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR .

[cgivre]

Hi Eugen, It looks to me from reading some articles on stackoverflow that one of the VirtualMachine disk files might be corrupted. The last article in the list recommends a procedure where you discard the saved state of the VM. Were you ever able to get it started?

https://askubuntu.com/questions/846492/failed-to-open-a-session-for-the-virtual-machine-win-7 https://askubuntu.com/questions/846492/failed-to-open-a-session-for-the-virtual-machine-win-7 https://stackoverflow.com/questions/20608310/virtualbox-error-failed-to-open-a-session-for-the-virtual-machine https://stackoverflow.com/questions/20608310/virtualbox-error-failed-to-open-a-session-for-the-virtual-machine https://www.simplehelp.net/2015/10/25/how-to-fix-the-failed-to-open-a-session-error-in-virtualbox/ https://www.simplehelp.net/2015/10/25/how-to-fix-the-failed-to-open-a-session-error-in-virtualbox/

Regardless, I’d recommend downloading the latest version of the VM which is available here and has a lot more useful tools on it. https://github.com/gtkcyber/griffon-vm https://github.com/gtkcyber/griffon-vm.

Thanks, — C

On Jun 24, 2017, at 15:03, oighen notifications@github.com wrote:

OS: Windows 10.

--eugen Amat victoria curam

On Sat, Jun 24, 2017 at 12:36 PM, Eugen Chirila eugenc@gmail.com wrote:

Un-installed/re-installed VirtualBox, same error.

Failed to open a session for the virtual machine Merlin 1.01 Drill Workshop.

The virtual machine 'Merlin 1.01 Drill Workshop' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\Eugen\VirtualBox VMs\Merlin 1.01 Drill Workshop\Logs\VBoxHardening.log'. Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0} Now, the log is dumped below:

fbc.77d4: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000e4 g_uNtVerCombined=0xa0383900 fbc.77d4: \SystemRoot\System32\ntdll.dll: fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x1cc888 fbc.77d4: NT Headers: 0xd8 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x1d1000 (1904640) fbc.77d4: Resource Dir: 0x168000 LB 0x67988 fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.479 fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025) fbc.77d4: FileDescription: NT Layer DLL fbc.77d4: \SystemRoot\System32\kernel32.dll: fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0xab208 fbc.77d4: NT Headers: 0xf0 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0xac000 (704512) fbc.77d4: Resource Dir: 0xaa000 LB 0x530 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1198 fbc.77d4: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\KernelBase.dll: fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x21c780 fbc.77d4: NT Headers: 0xf8 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x21d000 (2215936) fbc.77d4: Resource Dir: 0x201000 LB 0x550 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1358 fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\apisetschema.dll: fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x18960 fbc.77d4: NT Headers: 0xc8 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x19000 (102400) fbc.77d4: Resource Dir: 0x18000 LB 0x400 fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.0 fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616) fbc.77d4: FileDescription: ApiSet Schema DLL fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 fbc.77d4: supR3HardenedWinFindAdversaries: 0x0 fbc.77d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' fbc.77d4: Calling main() fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 fbc.77d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' fbc.77d4: SUPR3HardenedMain: Respawn #1 fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32 fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS fbc.77d4: KnownDllPath: C:\Windows\System32 fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) fbc.77d4: supR3HardNtEnableThreadCreation: fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff94af9fa0 pvNtTerminateThread=00007fff94b26b20 fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564 [kernel32]. fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress=0000000000a93000 cbPeb=0x388 fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff94a80000 uNtDllChildAddr=00007fff94a80000 fbc.77d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff94af9fa0 fbc.77d4: supR3HardenedWinSetupChildInit: Start child. fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 15 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-0000000000c00fff 0x0040/0x0040 0x0020000 !! fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000) fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000] fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0 rp=0x00000000000001 fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports fbc.77d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000 fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526 ms, 33 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes (loop #1). 73a0.8564: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900 73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000 g_uNtVerCombined=0xa0383900 73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS) 73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1904640 allocation) fbc.77d4: supR3HardNtEnableThreadCreation: 73a0.8564: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32 73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 73a0.8564: KnownDllPath: C:\Windows\System32 73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub... 73a0.8564: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 73a0.8564: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 73a0.8564: Registered Dll notification callback with NTDLL. 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Windows\System32\kernel32.dll 73a0.8564: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff913e0000 LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Windows\System32\KernelBase.dll 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff92360000 LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL' 73a0.8564: supR3HardenedDllNotificationCallback: load 00007ff63e250000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 73a0.8564: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms, CloseEvents);

Many thanks!

--eugen Amat victoria curam

On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre < notifications@github.com> wrote:

Hi @oighen https://github.com/oighen, I didn't get the log file in your email. I've been looking online and a lot of the advice about this type of error seems to suggest uninstalling/reinstalling VirtualBox. If you can attach the log in github, or paste the contents I'll do some more digging. What OS and version are you using?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache-drill/issues/1#issuecomment-310794840, or mute the thread https://github.com/notifications/unsubscribe-auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR .

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache-drill/issues/1#issuecomment-310859661, or mute the thread https://github.com/notifications/unsubscribe-auth/AFQfvrTDkYr5SdSHQ0MsMDIT-nmX0S-Iks5sHV2DgaJpZM4N5VuR.

[oighen]

Charles, Griffon it's working very well in Ubuntu + VirtualBox --> that means is something wrong with my Windows10 machine (cannot run Merlin or Griffon). So I will focus on cleaning my Windoze.

Thanks for all the effort and replies. See you at the course, on July 22.

Regards,

--eugen Amat victoria curam

On Sun, Jun 25, 2017 at 8:26 AM, Charles S. Givre notifications@github.com wrote:

Hi Eugen, It looks to me from reading some articles on stackoverflow that one of the VirtualMachine disk files might be corrupted. The last article in the list recommends a procedure where you discard the saved state of the VM. Were you ever able to get it started?

https://askubuntu.com/questions/846492/failed-to-open-a-session-for-the- virtual-machine-win-7 https://askubuntu.com/questions/846492/failed-to- open-a-session-for-the-virtual-machine-win-7 https://stackoverflow.com/questions/20608310/virtualbox- error-failed-to-open-a-session-for-the-virtual-machine < https://stackoverflow.com/questions/20608310/virtualbox- error-failed-to-open-a-session-for-the-virtual-machine> https://www.simplehelp.net/2015/10/25/how-to-fix-the- failed-to-open-a-session-error-in-virtualbox/ https://www.simplehelp.net/ 2015/10/25/how-to-fix-the-failed-to-open-a-session-error-in-virtualbox/

Regardless, I’d recommend downloading the latest version of the VM which is available here and has a lot more useful tools on it. https://github.com/gtkcyber/griffon-vm https://github.com/gtkcyber/ griffon-vm.

Thanks, — C

On Jun 24, 2017, at 15:03, oighen notifications@github.com wrote:

OS: Windows 10.

--eugen Amat victoria curam

On Sat, Jun 24, 2017 at 12:36 PM, Eugen Chirila eugenc@gmail.com wrote:

Un-installed/re-installed VirtualBox, same error.

Failed to open a session for the virtual machine Merlin 1.01 Drill Workshop.

The virtual machine 'Merlin 1.01 Drill Workshop' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\Eugen\VirtualBox VMs\Merlin 1.01 Drill Workshop\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0} Now, the log is dumped below:

fbc.77d4: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000e4 g_uNtVerCombined=0xa0383900 fbc.77d4: \SystemRoot\System32\ntdll.dll: fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x1cc888 fbc.77d4: NT Headers: 0xd8 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x1d1000 (1904640) fbc.77d4: Resource Dir: 0x168000 LB 0x67988 fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.479 fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025) fbc.77d4: FileDescription: NT Layer DLL fbc.77d4: \SystemRoot\System32\kernel32.dll: fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0xab208 fbc.77d4: NT Headers: 0xf0 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0xac000 (704512) fbc.77d4: Resource Dir: 0xaa000 LB 0x530 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1198 fbc.77d4: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\KernelBase.dll: fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x21c780 fbc.77d4: NT Headers: 0xf8 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x21d000 (2215936) fbc.77d4: Resource Dir: 0x201000 LB 0x550 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1358 fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\apisetschema.dll: fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x18960 fbc.77d4: NT Headers: 0xc8 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x19000 (102400) fbc.77d4: Resource Dir: 0x18000 LB 0x400 fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.0 fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616) fbc.77d4: FileDescription: ApiSet Schema DLL fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 fbc.77d4: supR3HardenedWinFindAdversaries: 0x0 fbc.77d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox' fbc.77d4: Calling main() fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 fbc.77d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox' fbc.77d4: SUPR3HardenedMain: Respawn #1 fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32 fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS fbc.77d4: KnownDllPath: C:\Windows\System32 fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe' has no imports fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe) fbc.77d4: supR3HardNtEnableThreadCreation: fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk= 00007fff94af9fa0 pvNtTerminateThread=00007fff94b26b20 fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564 [kernel32]. fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress=0000000000a93000 cbPeb=0x388 fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff94a80000 uNtDllChildAddr=00007fff94a80000 fbc.77d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff94af9fa0 fbc.77d4: supR3HardenedWinSetupChildInit: Start child. fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 15 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-0000000000c00fff 0x0040/0x0040 0x0020000 !! fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000) fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000] fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0 rp=0x00000000000001 fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe' has no imports fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports fbc.77d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000 fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526 ms, 33 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes (loop

1).

73a0.8564: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900 73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000 g_uNtVerCombined=0xa0383900 73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS) 73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1904640 allocation) fbc.77d4: supR3HardNtEnableThreadCreation: 73a0.8564: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox' 73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32 73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 73a0.8564: KnownDllPath: C:\Windows\System32 73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub... 73a0.8564: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 73a0.8564: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 73a0.8564: Registered Dll notification callback with NTDLL. 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Windows\System32\kernel32.dll 73a0.8564: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff913e0000 LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Windows\System32\KernelBase.dll 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff92360000 LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL' 73a0.8564: supR3HardenedDllNotificationCallback: load 00007ff63e250000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 73a0.8564: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe' has no imports 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms, CloseEvents);

Many thanks!

--eugen Amat victoria curam

On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre < notifications@github.com> wrote:

Hi @oighen https://github.com/oighen, I didn't get the log file in your email. I've been looking online and a lot of the advice about this type of error seems to suggest uninstalling/reinstalling VirtualBox. If you can attach the log in github, or paste the contents I'll do some more digging. What OS and version are you using?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache- drill/issues/1#issuecomment-310794840, or mute the thread https://github.com/notifications/unsubscribe- auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR .

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub < https://github.com/cgivre/data-exploration-with-apache- drill/issues/1#issuecomment-310859661>, or mute the thread < https://github.com/notifications/unsubscribe- auth/AFQfvrTDkYr5SdSHQ0MsMDIT-nmX0S-Iks5sHV2DgaJpZM4N5VuR>.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache-drill/issues/1#issuecomment-310905699, or mute the thread https://github.com/notifications/unsubscribe-auth/ADwGAPQK655OFFmzu0_hsGggZ9uWrUrrks5sHm4ogaJpZM4N5VuR .

[cgivre]

Glad to hear you got it working. We've had some issues with windows 10 but I've not been able to replicate them consistently. Which class of mine are you taking?

Sent from my iPhone

On Jun 26, 2017, at 15:25, oighen notifications@github.com wrote:

Charles, Griffon it's working very well in Ubuntu + VirtualBox --> that means is something wrong with my Windows10 machine (cannot run Merlin or Griffon). So I will focus on cleaning my Windoze.

Thanks for all the effort and replies. See you at the course, on July 22.

Regards,

--eugen Amat victoria curam

On Sun, Jun 25, 2017 at 8:26 AM, Charles S. Givre notifications@github.com wrote:

Hi Eugen, It looks to me from reading some articles on stackoverflow that one of the VirtualMachine disk files might be corrupted. The last article in the list recommends a procedure where you discard the saved state of the VM. Were you ever able to get it started?

https://askubuntu.com/questions/846492/failed-to-open-a-session-for-the- virtual-machine-win-7 https://askubuntu.com/questions/846492/failed-to- open-a-session-for-the-virtual-machine-win-7 https://stackoverflow.com/questions/20608310/virtualbox- error-failed-to-open-a-session-for-the-virtual-machine < https://stackoverflow.com/questions/20608310/virtualbox- error-failed-to-open-a-session-for-the-virtual-machine> https://www.simplehelp.net/2015/10/25/how-to-fix-the- failed-to-open-a-session-error-in-virtualbox/ https://www.simplehelp.net/ 2015/10/25/how-to-fix-the-failed-to-open-a-session-error-in-virtualbox/

Regardless, I’d recommend downloading the latest version of the VM which is available here and has a lot more useful tools on it. https://github.com/gtkcyber/griffon-vm https://github.com/gtkcyber/ griffon-vm.

Thanks, — C

On Jun 24, 2017, at 15:03, oighen notifications@github.com wrote:

OS: Windows 10.

--eugen Amat victoria curam

On Sat, Jun 24, 2017 at 12:36 PM, Eugen Chirila eugenc@gmail.com wrote:

Un-installed/re-installed VirtualBox, same error.

Failed to open a session for the virtual machine Merlin 1.01 Drill Workshop.

The virtual machine 'Merlin 1.01 Drill Workshop' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\Eugen\VirtualBox VMs\Merlin 1.01 Drill Workshop\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0} Now, the log is dumped below:

fbc.77d4: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000e4 g_uNtVerCombined=0xa0383900 fbc.77d4: \SystemRoot\System32\ntdll.dll: fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x1cc888 fbc.77d4: NT Headers: 0xd8 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x1d1000 (1904640) fbc.77d4: Resource Dir: 0x168000 LB 0x67988 fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.479 fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025) fbc.77d4: FileDescription: NT Layer DLL fbc.77d4: \SystemRoot\System32\kernel32.dll: fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0xab208 fbc.77d4: NT Headers: 0xf0 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0xac000 (704512) fbc.77d4: Resource Dir: 0xaa000 LB 0x530 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1198 fbc.77d4: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\KernelBase.dll: fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x21c780 fbc.77d4: NT Headers: 0xf8 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x21d000 (2215936) fbc.77d4: Resource Dir: 0x201000 LB 0x550 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1358 fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\apisetschema.dll: fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x18960 fbc.77d4: NT Headers: 0xc8 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x19000 (102400) fbc.77d4: Resource Dir: 0x18000 LB 0x400 fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.0 fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616) fbc.77d4: FileDescription: ApiSet Schema DLL fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 fbc.77d4: supR3HardenedWinFindAdversaries: 0x0 fbc.77d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox' fbc.77d4: Calling main() fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 fbc.77d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox' fbc.77d4: SUPR3HardenedMain: Respawn #1 fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32 fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS fbc.77d4: KnownDllPath: C:\Windows\System32 fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe' has no imports fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe) fbc.77d4: supR3HardNtEnableThreadCreation: fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk= 00007fff94af9fa0 pvNtTerminateThread=00007fff94b26b20 fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564 [kernel32]. fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress=0000000000a93000 cbPeb=0x388 fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff94a80000 uNtDllChildAddr=00007fff94a80000 fbc.77d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff94af9fa0 fbc.77d4: supR3HardenedWinSetupChildInit: Start child. fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 15 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-0000000000c00fff 0x0040/0x0040 0x0020000 !! fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000) fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000] fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0 rp=0x00000000000001 fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe' has no imports fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports fbc.77d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000 fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526 ms, 33 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes (loop

1).

73a0.8564: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900 73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000 g_uNtVerCombined=0xa0383900 73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS) 73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1904640 allocation) fbc.77d4: supR3HardNtEnableThreadCreation: 73a0.8564: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox' 73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32 73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 73a0.8564: KnownDllPath: C:\Windows\System32 73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub... 73a0.8564: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 73a0.8564: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 73a0.8564: Registered Dll notification callback with NTDLL. 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Windows\System32\kernel32.dll 73a0.8564: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff913e0000 LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Windows\System32\KernelBase.dll 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff92360000 LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL' 73a0.8564: supR3HardenedDllNotificationCallback: load 00007ff63e250000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 73a0.8564: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe' has no imports 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms, CloseEvents);

Many thanks!

--eugen Amat victoria curam

On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre < notifications@github.com> wrote:

Hi @oighen https://github.com/oighen, I didn't get the log file in your email. I've been looking online and a lot of the advice about this type of error seems to suggest uninstalling/reinstalling VirtualBox. If you can attach the log in github, or paste the contents I'll do some more digging. What OS and version are you using?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache- drill/issues/1#issuecomment-310794840, or mute the thread https://github.com/notifications/unsubscribe- auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR .

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub < https://github.com/cgivre/data-exploration-with-apache- drill/issues/1#issuecomment-310859661>, or mute the thread < https://github.com/notifications/unsubscribe- auth/AFQfvrTDkYr5SdSHQ0MsMDIT-nmX0S-Iks5sHV2DgaJpZM4N5VuR>.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache-drill/issues/1#issuecomment-310905699, or mute the thread https://github.com/notifications/unsubscribe-auth/ADwGAPQK655OFFmzu0_hsGggZ9uWrUrrks5sHm4ogaJpZM4N5VuR .

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

[oighen]

The Data Science for Security Professionals. July 22-23.

--eugen Amat victoria curam

On Mon, Jun 26, 2017 at 1:36 PM, Charles S. Givre notifications@github.com wrote:

Glad to hear you got it working. We've had some issues with windows 10 but I've not been able to replicate them consistently. Which class of mine are you taking?

Sent from my iPhone

On Jun 26, 2017, at 15:25, oighen notifications@github.com wrote:

Charles, Griffon it's working very well in Ubuntu + VirtualBox --> that means is something wrong with my Windows10 machine (cannot run Merlin or Griffon). So I will focus on cleaning my Windoze.

Thanks for all the effort and replies. See you at the course, on July 22.

Regards,

--eugen Amat victoria curam

On Sun, Jun 25, 2017 at 8:26 AM, Charles S. Givre < notifications@github.com> wrote:

Hi Eugen, It looks to me from reading some articles on stackoverflow that one of the VirtualMachine disk files might be corrupted. The last article in the list recommends a procedure where you discard the saved state of the VM. Were you ever able to get it started?

https://askubuntu.com/questions/846492/failed-to- open-a-session-for-the- virtual-machine-win-7 https://askubuntu.com/ questions/846492/failed-to- open-a-session-for-the-virtual-machine-win-7 https://stackoverflow.com/questions/20608310/virtualbox- error-failed-to-open-a-session-for-the-virtual-machine < https://stackoverflow.com/questions/20608310/virtualbox- error-failed-to-open-a-session-for-the-virtual-machine> https://www.simplehelp.net/2015/10/25/how-to-fix-the- failed-to-open-a-session-error-in-virtualbox/ < https://www.simplehelp.net/ 2015/10/25/how-to-fix-the-failed-to-open-a-session- error-in-virtualbox/>

Regardless, I’d recommend downloading the latest version of the VM which is available here and has a lot more useful tools on it. https://github.com/gtkcyber/griffon-vm https://github.com/gtkcyber/ griffon-vm.

Thanks, — C

On Jun 24, 2017, at 15:03, oighen notifications@github.com wrote:

OS: Windows 10.

--eugen Amat victoria curam

On Sat, Jun 24, 2017 at 12:36 PM, Eugen Chirila eugenc@gmail.com wrote:

Un-installed/re-installed VirtualBox, same error.

Failed to open a session for the virtual machine Merlin 1.01 Drill Workshop.

The virtual machine 'Merlin 1.01 Drill Workshop' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\Eugen\VirtualBox VMs\Merlin 1.01 Drill Workshop\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0} Now, the log is dumped below:

fbc.77d4: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000e4 g_uNtVerCombined=0xa0383900 fbc.77d4: \SystemRoot\System32\ntdll.dll: fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x1cc888 fbc.77d4: NT Headers: 0xd8 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x1d1000 (1904640) fbc.77d4: Resource Dir: 0x168000 LB 0x67988 fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.479 fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025) fbc.77d4: FileDescription: NT Layer DLL fbc.77d4: \SystemRoot\System32\kernel32.dll: fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0xab208 fbc.77d4: NT Headers: 0xf0 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0xac000 (704512) fbc.77d4: Resource Dir: 0xaa000 LB 0x530 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1198 fbc.77d4: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\KernelBase.dll: fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x21c780 fbc.77d4: NT Headers: 0xf8 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x21d000 (2215936) fbc.77d4: Resource Dir: 0x201000 LB 0x550 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1358 fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\apisetschema.dll: fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x18960 fbc.77d4: NT Headers: 0xc8 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x19000 (102400) fbc.77d4: Resource Dir: 0x18000 LB 0x400 fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.0 fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616) fbc.77d4: FileDescription: ApiSet Schema DLL fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 fbc.77d4: supR3HardenedWinFindAdversaries: 0x0 fbc.77d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox' fbc.77d4: Calling main() fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 fbc.77d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox' fbc.77d4: SUPR3HardenedMain: Respawn #1 fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32 fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS fbc.77d4: KnownDllPath: C:\Windows\System32 fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe' has no imports fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe) fbc.77d4: supR3HardNtEnableThreadCreation: fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk= 00007fff94af9fa0 pvNtTerminateThread=00007fff94b26b20 fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564 [kernel32]. fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress= 0000000000a93000 cbPeb=0x388 fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr= 00007fff94a80000 uNtDllChildAddr=00007fff94a80000 fbc.77d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff94af9fa0 fbc.77d4: supR3HardenedWinSetupChildInit: Start child. fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 15 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-0000000000c00fff 0x0040/0x0040 0x0020000 !! fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000) fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt

1

succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000] fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0 rp=0x00000000000001 fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe' has no imports fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports fbc.77d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000 fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526 ms, 33 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes (loop

1).

73a0.8564: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900 73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000 g_uNtVerCombined=0xa0383900 73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS) 73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1904640 allocation) fbc.77d4: supR3HardNtEnableThreadCreation: 73a0.8564: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox' 73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32 73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 73a0.8564: KnownDllPath: C:\Windows\System32 73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub... 73a0.8564: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 73a0.8564: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 73a0.8564: Registered Dll notification callback with NTDLL. 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Windows\System32\kernel32.dll 73a0.8564: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff913e0000 LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Windows\System32\KernelBase.dll 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff92360000 LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL' 73a0.8564: supR3HardenedDllNotificationCallback: load 00007ff63e250000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 73a0.8564: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe' has no imports 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms, CloseEvents);

Many thanks!

--eugen Amat victoria curam

On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre < notifications@github.com> wrote:

Hi @oighen https://github.com/oighen, I didn't get the log file in your email. I've been looking online and a lot of the advice about this type of error seems to suggest uninstalling/reinstalling VirtualBox. If you can attach the log in github, or paste the contents I'll do some more digging. What OS and version are you using?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache- drill/issues/1#issuecomment-310794840, or mute the thread https://github.com/notifications/unsubscribe- auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR .

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub < https://github.com/cgivre/data-exploration-with-apache- drill/issues/1#issuecomment-310859661>, or mute the thread < https://github.com/notifications/unsubscribe- auth/AFQfvrTDkYr5SdSHQ0MsMDIT-nmX0S-Iks5sHV2DgaJpZM4N5VuR>.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache- drill/issues/1#issuecomment-310905699, or mute the thread https://github.com/notifications/unsubscribe-auth/ADwGAPQK655OFFmzu0_ hsGggZ9uWrUrrks5sHm4ogaJpZM4N5VuR .

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache-drill/issues/1#issuecomment-311159691, or mute the thread https://github.com/notifications/unsubscribe-auth/ADwGANU0ELC9U5Gl9wQfI4WjxivQ-2s8ks5sIAgkgaJpZM4N5VuR .

[cgivre]

Cool! I’m looking forward to meeting you. BTW, I’ll be uploading the final version of Griffon probably by the end of the week. It isn’t a drastic change, but just FYSA. — C

On Jun 26, 2017, at 15:48, oighen notifications@github.com wrote:

The Data Science for Security Professionals. July 22-23.

--eugen Amat victoria curam

On Mon, Jun 26, 2017 at 1:36 PM, Charles S. Givre notifications@github.com wrote:

Glad to hear you got it working. We've had some issues with windows 10 but I've not been able to replicate them consistently. Which class of mine are you taking?

Sent from my iPhone

On Jun 26, 2017, at 15:25, oighen notifications@github.com wrote:

Charles, Griffon it's working very well in Ubuntu + VirtualBox --> that means is something wrong with my Windows10 machine (cannot run Merlin or Griffon). So I will focus on cleaning my Windoze.

Thanks for all the effort and replies. See you at the course, on July 22.

Regards,

--eugen Amat victoria curam

On Sun, Jun 25, 2017 at 8:26 AM, Charles S. Givre < notifications@github.com> wrote:

Hi Eugen, It looks to me from reading some articles on stackoverflow that one of the VirtualMachine disk files might be corrupted. The last article in the list recommends a procedure where you discard the saved state of the VM. Were you ever able to get it started?

https://askubuntu.com/questions/846492/failed-to- open-a-session-for-the- virtual-machine-win-7 https://askubuntu.com/ questions/846492/failed-to- open-a-session-for-the-virtual-machine-win-7 https://stackoverflow.com/questions/20608310/virtualbox- error-failed-to-open-a-session-for-the-virtual-machine < https://stackoverflow.com/questions/20608310/virtualbox- error-failed-to-open-a-session-for-the-virtual-machine> https://www.simplehelp.net/2015/10/25/how-to-fix-the- failed-to-open-a-session-error-in-virtualbox/ < https://www.simplehelp.net/ 2015/10/25/how-to-fix-the-failed-to-open-a-session- error-in-virtualbox/>

Regardless, I’d recommend downloading the latest version of the VM which is available here and has a lot more useful tools on it. https://github.com/gtkcyber/griffon-vm https://github.com/gtkcyber/ griffon-vm.

Thanks, — C

On Jun 24, 2017, at 15:03, oighen notifications@github.com wrote:

OS: Windows 10.

--eugen Amat victoria curam

On Sat, Jun 24, 2017 at 12:36 PM, Eugen Chirila eugenc@gmail.com wrote:

Un-installed/re-installed VirtualBox, same error.

Failed to open a session for the virtual machine Merlin 1.01 Drill Workshop.

The virtual machine 'Merlin 1.01 Drill Workshop' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005). More details may be available in 'C:\Users\Eugen\VirtualBox VMs\Merlin 1.01 Drill Workshop\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0} Now, the log is dumped below:

fbc.77d4: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000e4 g_uNtVerCombined=0xa0383900 fbc.77d4: \SystemRoot\System32\ntdll.dll: fbc.77d4: CreationTime: 2017-01-27T19:39:40.085139400Z fbc.77d4: LastWriteTime: 2016-11-11T10:13:03.409595100Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.743974000Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x1cc888 fbc.77d4: NT Headers: 0xd8 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x5825887f fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x1d1000 (1904640) fbc.77d4: Resource Dir: 0x168000 LB 0x67988 fbc.77d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x1680f0 LB 0x388, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.479 fbc.77d4: FileVersion: 10.0.14393.479 (rs1_release.161110-2025) fbc.77d4: FileDescription: NT Layer DLL fbc.77d4: \SystemRoot\System32\kernel32.dll: fbc.77d4: CreationTime: 2017-05-10T13:09:29.370271800Z fbc.77d4: LastWriteTime: 2017-04-28T00:49:43.332433600Z fbc.77d4: ChangeTime: 2017-06-14T03:46:48.359260300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0xab208 fbc.77d4: NT Headers: 0xf0 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59028368 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0xac000 (704512) fbc.77d4: Resource Dir: 0xaa000 LB 0x530 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1198 fbc.77d4: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\KernelBase.dll: fbc.77d4: CreationTime: 2017-06-14T03:42:31.079625600Z fbc.77d4: LastWriteTime: 2017-06-03T10:09:08.071687200Z fbc.77d4: ChangeTime: 2017-06-14T05:00:58.513710300Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x21c780 fbc.77d4: NT Headers: 0xf8 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x59327897 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x21d000 (2215936) fbc.77d4: Resource Dir: 0x201000 LB 0x550 fbc.77d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x2010b0 LB 0x3c4, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.1358 fbc.77d4: FileVersion: 10.0.14393.1358 (rs1_release.170602-2252) fbc.77d4: FileDescription: Windows NT BASE API Client DLL fbc.77d4: \SystemRoot\System32\apisetschema.dll: fbc.77d4: CreationTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: LastWriteTime: 2016-07-16T11:42:21.577586000Z fbc.77d4: ChangeTime: 2017-01-15T11:59:41.129941800Z fbc.77d4: FileAttributes: 0x20 fbc.77d4: Size: 0x18960 fbc.77d4: NT Headers: 0xc8 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Machine: 0x8664 - amd64 fbc.77d4: Timestamp: 0x57899bd2 fbc.77d4: Image Version: 10.0 fbc.77d4: SizeOfImage: 0x19000 (102400) fbc.77d4: Resource Dir: 0x18000 LB 0x400 fbc.77d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] fbc.77d4: [Raw version resource data: 0x18060 LB 0x3a0, codepage 0x0 (reserved 0x0)] fbc.77d4: ProductName: Microsoft® Windows® Operating System fbc.77d4: ProductVersion: 10.0.14393.0 fbc.77d4: FileVersion: 10.0.14393.0 (rs1_release.160715-1616) fbc.77d4: FileDescription: ApiSet Schema DLL fbc.77d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 fbc.77d4: supR3HardenedWinFindAdversaries: 0x0 fbc.77d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox' fbc.77d4: Calling main() fbc.77d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 fbc.77d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox' fbc.77d4: SUPR3HardenedMain: Respawn #1 fbc.77d4: System32: \Device\HarddiskVolume5\Windows\System32 fbc.77d4: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS fbc.77d4: KnownDllPath: C:\Windows\System32 fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe' has no imports fbc.77d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe) fbc.77d4: supR3HardNtEnableThreadCreation: fbc.77d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk= 00007fff94af9fa0 pvNtTerminateThread=00007fff94b26b20 fbc.77d4: supR3HardenedWinDoReSpawn(1): New child 73a0.8564 [kernel32]. fbc.77d4: supR3HardNtChildGatherData: PebBaseAddress= 0000000000a93000 cbPeb=0x388 fbc.77d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr= 00007fff94a80000 uNtDllChildAddr=00007fff94a80000 fbc.77d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff94af9fa0 fbc.77d4: supR3HardenedWinSetupChildInit: Start child. fbc.77d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 15 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-0000000000c00fff 0x0040/0x0040 0x0020000 !! fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000c00000 (LB 0x1000, 0000000000c00000 LB 0x1000) fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt

1

succeeded: 0x0 [0000000000c00000/0000000000c00000 LB 0/0x1000] fbc.77d4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000c00000 LB 0x7f3e0000 s=0x10000 ap=0x0 rp=0x00000000000001 fbc.77d4: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e307fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e308000-00007ff63e308fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e309000-00007ff63e30dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e30e000-00007ff63e30efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e30f000-00007ff63e30ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e310000-00007ff63e313fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bd4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) fbc.77d4: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe' has no imports fbc.77d4: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports fbc.77d4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000 fbc.77d4: supR3HardNtChildPurify: Startup delay kludge #1/1: 526 ms, 33 sleeps fbc.77d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION fbc.77d4: 0000000000000000-000000000089ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008a0000-00000000008bffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000008c0000-00000000008d5fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000008d6000-00000000008dffff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000008e0000-00000000009dafff 0x0000/0x0004 0x0020000 fbc.77d4: 00000000009db000-00000000009ddfff 0x0104/0x0004 0x0020000 fbc.77d4: 00000000009de000-00000000009dffff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000 fbc.77d4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000 fbc.77d4: 00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000 fbc.77d4: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000 fbc.77d4: 0000000000a00000-0000000000a92fff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000a93000-0000000000a95fff 0x0004/0x0004 0x0020000 fbc.77d4: 0000000000a96000-0000000000bfffff 0x0000/0x0004 0x0020000 fbc.77d4: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000 fbc.77d4: 000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 fbc.77d4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 fbc.77d4: 000000007fff0000-00007ff63e02ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e030000-00007ff63e052fff 0x0002/0x0002 0x0040000 fbc.77d4: 00007ff63e053000-00007ff63e24ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007ff63e250000-00007ff63e250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e251000-00007ff63e2c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e2c1000-00007ff63e2c1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e2c2000-00007ff63e306fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e307000-00007ff63e313fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e314000-00007ff63e35bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe fbc.77d4: 00007ff63e35c000-00007fff94a7ffff 0x0001/0x0000 0x0000000 fbc.77d4: 00007fff94a80000-00007fff94a80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94a81000-00007fff94b87fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94b88000-00007fff94bcbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bcc000-00007fff94bcffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd0000-00007fff94bd4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94bd5000-00007fff94be2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be3000-00007fff94be3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be4000-00007fff94be6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94be7000-00007fff94c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll fbc.77d4: 00007fff94c51000-00007ffffffdffff 0x0001/0x0000 0x0000000 fbc.77d4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 fbc.77d4: supR3HardNtChildPurify: Done after 820 ms and 1 fixes (loop

1).

73a0.8564: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900 73a0.8564: supR3HardenedVmProcessInit: uNtDllAddr=00007fff94a80000 g_uNtVerCombined=0xa0383900 73a0.8564: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS) 73a0.8564: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1904640 allocation) fbc.77d4: supR3HardNtEnableThreadCreation: 73a0.8564: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox' 73a0.8564: System32: \Device\HarddiskVolume5\Windows\System32 73a0.8564: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 73a0.8564: KnownDllPath: C:\Windows\System32 73a0.8564: supR3HardenedVmProcessInit: Opening vboxdrv stub... 73a0.8564: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 73a0.8564: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 73a0.8564: Registered Dll notification callback with NTDLL. 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Windows\System32\kernel32.dll 73a0.8564: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff913e0000 LB 0x0021d000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Windows\System32\KernelBase.dll 73a0.8564: supR3HardenedDllNotificationCallback: load 00007fff92360000 LB 0x000ac000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 73a0.8564: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 73a0.8564: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff92360000 'C:\Windows\System32\KERNEL32.DLL' 73a0.8564: supR3HardenedDllNotificationCallback: load 00007ff63e250000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 73a0.8564: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe' has no imports 73a0.8564: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\ VirtualBox.exe) 73a0.8564: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ Program Files\Oracle\VirtualBox\VirtualBox.exe fbc.77d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 82 ms, CloseEvents);

Many thanks!

--eugen Amat victoria curam

On Fri, Jun 23, 2017 at 5:32 PM, Charles S. Givre < notifications@github.com> wrote:

Hi @oighen https://github.com/oighen, I didn't get the log file in your email. I've been looking online and a lot of the advice about this type of error seems to suggest uninstalling/reinstalling VirtualBox. If you can attach the log in github, or paste the contents I'll do some more digging. What OS and version are you using?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache- drill/issues/1#issuecomment-310794840, or mute the thread https://github.com/notifications/unsubscribe- auth/ADwGALoXPWNJuALw2ZADLXf6-HGy-ucHks5sHEshgaJpZM4N5VuR .

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub < https://github.com/cgivre/data-exploration-with-apache- drill/issues/1#issuecomment-310859661>, or mute the thread < https://github.com/notifications/unsubscribe- auth/AFQfvrTDkYr5SdSHQ0MsMDIT-nmX0S-Iks5sHV2DgaJpZM4N5VuR>.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache- drill/issues/1#issuecomment-310905699, or mute the thread https://github.com/notifications/unsubscribe-auth/ADwGAPQK655OFFmzu0_ hsGggZ9uWrUrrks5sHm4ogaJpZM4N5VuR .

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache-drill/issues/1#issuecomment-311159691, or mute the thread https://github.com/notifications/unsubscribe-auth/ADwGANU0ELC9U5Gl9wQfI4WjxivQ-2s8ks5sIAgkgaJpZM4N5VuR .

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/cgivre/data-exploration-with-apache-drill/issues/1#issuecomment-311162606, or mute the thread https://github.com/notifications/unsubscribe-auth/AFQfvhcYsXIVKgtfoHU3pbMi9FQ-NM8Zks5sIAr_gaJpZM4N5VuR.