Closed epitaphial closed 1 year ago
Yes, I have the same issue for the new version Wechat 3.9.0
Yes, I have the same issue for the new version Wechat 3.9.0
me too.
For those who need to use Wechat, an alternative way is to use the Windows builtin sandbox. It is a little heavy but not terribly heavy.
same here
0:000> !analyze -v
[snip]
CONTEXT: (.ecxr)
eax=00000023 ebx=00eff601 ecx=00000001 edx=00c00012 esi=3d8640f0 edi=63e56cf0
eip=63e37df5 esp=00efeff4 ebp=00eff000 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
mmmojo+0x57df5:
63e37df5 cc int 3
Resetting default scope
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 63e37df5 (mmmojo+0x00057df5)
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 1
Parameter[0]: 00000000
PROCESS_NAME: WeChat.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE_STR: 80000003
EXCEPTION_PARAMETER1: 00000000
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
00eff000 63df1ccd 00000006 00eff010 3d8640f0 mmmojo+0x57df5
00eff044 555b52bd 00000000 00000000 ab072af9 mmmojo+0x11ccd
00eff6c0 0069657e 7659fb80 0069657e 00690000 WeChatWin+0x16152bd
00effd04 0069992a 00690000 00000000 01213a7c WeChat+0x657e
00effd50 765a00f9 00d30000 765a00e0 00effdbc WeChat+0x992a
00effd60 77aa7bbe 00d30000 a0527dbf 00000000 kernel32!BaseThreadInitThunk+0x19
00effdbc 77aa7b8e ffffffff 77ac8d32 00000000 ntdll!__RtlUserThreadStart+0x2f
00effdcc 00000000 006999ae 00d30000 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: ~0s; .ecxr ; kb
SYMBOL_NAME: mmmojo+57df5
MODULE_NAME: mmmojo
IMAGE_NAME: mmmojo.dll
FAILURE_BUCKET_ID: BREAKPOINT_80000003_mmmojo.dll!Unknown
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x86
OSNAME: Windows 10
---------
0:000> lm m mmmojo
Browse full module list
start end module name
63de0000 63ff2000 mmmojo T (no symbols)
I tried taking a look at the crashdump. It seem to be crashing inside mmmojo.dll. The dll file seem to have something to do with chromium's mojo library (perhap a fork by wechat/tencent?) . The function it crashes at look very similar to this function in chromium sandbox.
PS: it looks like there's a similar crash running wechat 3.9.0 on wine. https://bbs.archlinuxcn.org/viewtopic.php?pid=55008
So, a temporary solution is to replace the mmmojo.dll with an older version.
sha256
099a7e89aeb67b2d6a79229392d14dc616c93b4b6469f0f66c09c1befbd84add mmmojo.dll
mmmojo.zip (3.8.1.26)
same here ,message say: WerFault.exe *32 (3908): SBIE2205 未实现该服务: NtSaveKeyEx platform: win10
Since simply replace the dll may cause unknown issue, I think it's better to use an older version instead, like 3.8.0
, and turn off WeChat's automatic updates. In addition, add one line to host:
127.0.0.1 dldir1.qq.com
本issue中文总结, 供搜索引擎索引及英文不是很好的同志参考:
微信3.9.0在Sandboxie中崩溃/无法启动问题的处理方案
原因: mmmojo.dll导致崩溃
解决方案:
A 使用平替: Windows SandBox https://github.com/sandboxie-plus/Sandboxie/issues/2674#issuecomment-1425066343 B 直接替换掉导致崩溃的dll, 大佬提供了旧版dll: https://github.com/sandboxie-plus/Sandboxie/issues/2674#issuecomment-1425317945, 找不到目录可以用Everything搜. 参考路径:
| <--------- 你的沙盒路径 ---------> | C\Program Files (x86)\Tencent\WeChat\[你的微信版本号] |
D:\Sandbox\Hantong\TencentShit\drive\C\Program Files (x86)\Tencent\WeChat\[3.8.0.41]\mmmojo.dll
C 个人意见: 鉴于直接替换dll可能导致未知的问题, (稳妥起见), 我觉得能找得到安装包的话使用旧版本会好一点, 例如3.8.0版本. 然后微信设置里面关掉自动更新, 同时在host文件加上下面这行阻止强制更新:
127.0.0.1 dldir1.qq.com
P.S. 国产软件大多向来在制造垃圾, 微信, QQ, TIM, 腾讯会议这些腾讯系的尤为严重, 腾讯会议崩溃的问题至今也没能较好解决(那个是直接检测到沙盒环境就不让用好像). 综上, 能用就别动, 不必追新版, 除非旧版用不了, 或者新版确实加了自己想要的功能(此论断仅供参考). P.S. 3.8.0版本官网下载的文件HASH, 从第三方下载的建议验证一下HASH, 或者验证数字证书, 防止文件被篡改
C:\Users\Hantong\Downloads\WeChatSetup.exe
Algorithm Hash
--------- ----
MD5 3EFD527EE04C027F401E3B0A460242C2
Algorithm Hash
--------- ----
SHA1 12421DAAEDFE434A7981650FAE836BB0E84A69B5
Algorithm Hash
--------- ----
SHA256 F1D1139498D0E76C5356E1F6542AB9A2CC468F11FB4A88FFC1E826BAEF02CAFC
Algorithm Hash
--------- ----
SHA384 6338ACCA16938E7FD4D9DF042A814729A67BC413F00ACED9DB929AE229B7820DB92C6EFB003A3AE3D912EAF9961C0D57
Algorithm Hash
--------- ----
SHA512 75B0C1A913F9357742405664BC293B9A71D726BA94E0F7AC30CB11C1E7B0EC62F459BA6D1EFA56AFF6A198FECB50068C58491DC12E196FAEA549A1A7CFE276DD
Algorithm Hash
--------- ----
MACTRIPLEDES 785364BB82C9A8AA
Algorithm Hash
--------- ----
RIPEMD160 D9B2F4E67276FB267D91238355634E12DE1C56DE
腾讯会议崩溃的问题至今也没能较好解决(那个是直接检测到沙盒环境就不让用好像)
In fact, Sandboxie can run TencentMeeting installed outside the sandbox directory. Even if it is installed in another Sandbox.
Since simply replace the dll may cause unknown issue, I think it's better to use an older version instead, like
3.8.0
, and turn off WeChat's automatic updates. In addition, add one line to host:127.0.0.1 dldir1.qq.com
本issue中文总结, 供搜索引擎索引及英文不是很好的同志参考:
微信3.9.0在Sandboxie中崩溃/无法启动问题的处理方案
原因: mmmojo.dll导致崩溃
解决方案:
A 使用平替: Windows SandBox #2674 (comment) B 直接替换掉导致崩溃的dll, 大佬提供了旧版dll: #2674 (comment), 找不到目录可以用Everything搜. 参考路径:
| <--------- 你的沙盒路径 ---------> | C\Program Files (x86)\Tencent\WeChat\[你的微信版本号] | D:\Sandbox\Hantong\TencentShit\drive\C\Program Files (x86)\Tencent\WeChat\[3.8.0.41]\mmmojo.dll
C 个人意见: 鉴于直接替换dll可能导致未知的问题, (稳妥起见), 我觉得能找得到安装包的话使用旧版本会好一点, 例如3.8.0版本. 然后微信设置里面关掉自动更新, 同时在host文件加上下面这行阻止强制更新:
127.0.0.1 dldir1.qq.com
P.S. 国产软件大多向来在制造垃圾, 微信, QQ, TIM, 腾讯会议这些腾讯系的尤为严重, 腾讯会议崩溃的问题至今也没能较好解决(那个是直接检测到沙盒环境就不让用好像). 综上, 能用就别动, 不必追新版, 除非旧版用不了, 或者新版确实加了自己想要的功能(此论断仅供参考).
确实 我在这里拿的 3.8 还能用 https://www.123pan.com/s/Wno9-Nb3UA
But how to enable the log / trace log / crash log of sandboxie? I mean, currently all I got is SBIE 2224
.
I already try to enable all log options in Access Tracing
and use Dbgview
application to watch logs, but I fail to get any other useful log.
Indeed, the 3.8 I took here still works https://www.123pan.com/s/Wno9-Nb3UA
But how to enable the log / trace log / crash log of sandboxie? I mean, currently all I got is
SBIE 2224
. I already try to enable all log options inAccess Tracing
and useDbgview
application to watch logs, but I fail to get any other useful log.
In my experience, even a resource that needs to be closed could cause issues. It is possible to fix compatibility issues by opening resources or closing them. If a prompt fix is needed, you could try getting in touch with any developer to provide a pull request in this repository.
Describe what you noticed and did
How often did you encounter it so far?
No response
Affected program
Wechat Windows 3.9.0
Download link
https://pc.weixin.qq.com/
Where is the program located?
The program is installed only inside a sandbox (NOT in the real system anyway).
Expected behavior
Launch WeChat properly.
What is your Windows edition and version?
Windows11 workstation pro 22H2
In which Windows account you have this problem?
Not relevant to my request.
Please mention any installed security software
Only Windows Defender
What version of Sandboxie are you running?
1.7.2 64bit
Is it a new installation of Sandboxie?
I recently did a new clean installation.
Is it a regression?
No response
In which sandbox type you have this problem?
In a standard isolation sandbox (yellow sandbox icon).
Can you reproduce this problem on a new empty sandbox?
I can confirm it also on a new empty sandbox.
Did you previously enable some security policy settings outside Sandboxie?
No response
Crash dump
No response
Trace log
No response
Sandboxie.ini configuration