Running Zoom in Sandboxie 5.42 Causes Blue Screen

[DavidBerdik]

After upgrading to Sandboxie 5.42, I am unable to use Zoom in Sandboxie. When I try to open the settings panel to adjust my audio and video input settings, audio will temporarily stop working on my computer, and sometimes, the system will crash with a blue screen. I know this issue originates with Sandboxie because the screen specifically mentions SbieDrv.sys. To work around the issue for now, I have reinstalled Sandboxie 5.41.2.

Steps to reproduce:

1. Install Sandboxie 5.42
2. Install Zoom inside a Sandboxie sandbox
3. Launch Zoom and open the settings panel
4. Navigate to settings for audio and video control

My Windows 10 version is 1909.

[DavidXanatos]

oh thats not good... do you have a memory dump from that crash? they can be found under C:\windows\minidump

[DavidBerdik]

do you have a memory dump from that crash?

Indeed I do! I have two from the two different crashes. Hopefully at least one of them will be helpful. Minidumps.zip

[DavidXanatos]

Unfortunately the dumps did not showed much. And build 5.41.2 works just fine?

could you try to collect an other dump file? Also do this dump file dates correspond o the crash time? You may also have a dmp file directly in C:\Windows

[DavidBerdik]

Yes! I have no problems at all with 5.41.2. The memory dumps I shared with you do correspond to when the crashes happened. I do have a dump file in C:\Windows as well. If this is not useful, I can test reproducing the crash.

I'm sorry about using RAR fragments, but the upload was too big for GitHub. The ".zip" extension is fake so GitHub will allow the files to be uploaded (apparently RAR uploads are prohibited). Please remove it and use WinRAR to extract the dump.

MEMORY.part001.rar.zip MEMORY.part002.rar.zip MEMORY.part003.rar.zip MEMORY.part004.rar.zip MEMORY.part005.rar.zip MEMORY.part006.rar.zip MEMORY.part007.rar.zip MEMORY.part008.rar.zip MEMORY.part009.rar.zip

Edit: Apparently WinRAR is amazing enough that it can extract the file even with the "zip" extension on it. No need to remove all of them. Here is the hash for the MEMORY.DMP file.

MD5: 3f18f4f97d37bbd1ad2e254d3d52751c SHA256: c9f55d381b679cfb1d91865345f272d9ea069001f40028a1656057c437344648

[DavidXanatos]

I tried to reproduce the crash in a 1909 vm but it did not crash zoom version 5.1.27830.612

I changed 2 major things in the driver between these versions. i added the PID to the sbie message log, i don't think that could break anything and i fixed a few bugs that caused the driver to fail the msft driver verifyer, may be one of these fixes is not quite right.

Could you test a bunch of drivers with different changes to pinpoint the issue, in case the next crash dump still does not help?

you could install https://www.microsoft.com/en-us/p/windbg-preview/9pgjgd53tn86?activetab=pivot:overviewtab with it you can open the dumps yourself and check if they would be helpful by clicking on !analyze -v if it than prints something SbieDrv related its helpful if you point the debugger to the symbol file (*.pdb) i attached it should tell you he filename and line number in the sbiedrv source where the issue started. SbieDrv.zip

[DavidXanatos]

The large dump also did not help, hmm... i think trying to reproduce it would be the next thing to do, andif that does not yeald usefull dump than testing multiple driver versions with incremental changes

[DavidXanatos]

here an example of a usefull dmp:

STACK_TEXT:  
ffffc182`bfc9e038 fffff803`0bd826e3 : 00000000`000000c4 00000000`000000f6 00000000`000013c4 ffffdf8a`6aaaf080 : nt+0x1c14e0
ffffc182`bfc9e040 00000000`000000c4 : 00000000`000000f6 00000000`000013c4 ffffdf8a`6aaaf080 fffff801`a3ca8812 : nt+0x96f6e3
ffffc182`bfc9e048 00000000`000000f6 : 00000000`000013c4 ffffdf8a`6aaaf080 fffff801`a3ca8812 ffffad80`48dcadc0 : 0xc4
ffffc182`bfc9e050 00000000`000013c4 : ffffdf8a`6aaaf080 fffff801`a3ca8812 ffffad80`48dcadc0 ffffc182`bfc9e0e0 : 0xf6
ffffc182`bfc9e058 ffffdf8a`6aaaf080 : fffff801`a3ca8812 ffffad80`48dcadc0 ffffc182`bfc9e0e0 fffff803`0bd8b838 : 0x13c4
ffffc182`bfc9e060 fffff801`a3ca8812 : ffffad80`48dcadc0 ffffc182`bfc9e0e0 fffff803`0bd8b838 ffffdf8a`6aaaf080 : 0xffffdf8a`6aaaf080
ffffc182`bfc9e068 ffffc182`bfc9e1d8 : 00000000`000013c4 ffffc182`bfc9e260 00000000`00000000 ffffd58c`4a7dbf62 : SbieDrv!File_Api_Rename+0x452 [c:\projects\sandboxie\sandboxie\core\drv\file.c @ 1848] 
ffffc182`bfc9e178 00000000`000013c4 : ffffc182`bfc9e260 00000000`00000000 ffffd58c`4a7dbf62 fffff803`0b4f5220 : 0xffffc182`bfc9e1d8
ffffc182`bfc9e180 ffffc182`bfc9e260 : 00000000`00000000 ffffd58c`4a7dbf62 fffff803`0b4f5220 00000000`00000003 : 0x13c4
ffffc182`bfc9e188 00000000`00000000 : ffffd58c`4a7dbf62 fffff803`0b4f5220 00000000`00000003 ffffc182`bfc9e390 : 0xffffc182`bfc9e260

here the stack trace points to SbieDrv!File_Api_Rename+0x452 [c:\projects\sandboxie\sandboxie\core\drv\file.c @ 1848] thats just an example its from one of my test crashes with the driver verifyer enabled.

[DavidBerdik]

I haven't been able to cause a blue screen again (all I've been able to do is crash the audio service), but I have tracked down what I have on my computer that's causing the problem. I use a program called "Virtual Audio Cable" for managing sound input, and have one of the my virtual cables set as the default audio input device.

Here is the program's website: https://vac.muzychenko.net/en/

By installing this program in a VM, setting the virtual cable as the default input device, and then following the steps I mentioned in the initial post, I was able to reproduce the service crash.

[DavidBerdik]

It appears that the issue was resolved with the release of Sandboxie 5.42.1 so I am going to close this now.