Jump to content

XP SP3 Crash with FineCrypt Encryption Program...


Recommended Posts

Hey fellow MSFN Brothers :hello:

I've had a persistent problem with FineCrypt v.10.1 (latest version) on my Windows XP SP3 (fully patched) laptop. I get random windows errors when I try to encrypt files into a FineCrypt Archive File (.fca). I'm attaching the Dr. Watson Log and my user.dmp files on here inside of a WinRAR file (FineCrypt Error.rar) and I would be SO appreciative if someone could tell me how to band-aid this problem (as I've contacted the maker and they don't care because apparently I'm the only one this happens too).

Anyways, would someone kindly look these files over and tell me what exactly is happening here and suggest a possible fix?

Thank you all in advance. :hello:


Edited by neowillendit
Link to comment
Share on other sites

Well, it looks like the FineCrypt .dll file is passing a bad heap value to the C runtime when a file is being accessed, causing an access violation and a crash:

// You can see that ecx+50h results in 00000050, which is going to be invalid:
0:020> ~19s
eax=0367aef4 ebx=0367ae68 ecx=00000000 edx=782bca1c esi=0367adf4 edi=00000085
eip=7822a761 esp=0367adac ebp=0367add4 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
7822a761 83795000 cmp dword ptr [ecx+50h],0 ds:0023:00000050=????????

// The stack - FCShell.dll is likely responsible for ecx:
0:019> k
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0367add4 02843202 mfc80+0x5a761
0367af68 7e41882a FCShell+0x3202
7e41885a ff8b9090 user32!UserCallWinProcCheckWow+0x116
7e41887e 8d000002 0xff8b9090
7e418882 8e3b0448 0x8d000002
7e418886 00000000 0x8e3b0448

0:019> uf 0367af68
0367af6a 67032a add ebp,dword ptr [bp+si]
0367af6d 88417e mov byte ptr [ecx+7Eh],al
0367af70 80eb09 sub bl,9
0367af73 006003 add byte ptr [eax+3],ah
0367af76 15008830b2 adc eax,0B2308800h
0367af7b 011400 add dword ptr [eax+eax],edx
0367af7e 0000 add byte ptr [eax],al
0367af80 0100 add dword ptr [eax],eax
0367af82 0000 add byte ptr [eax],al
0367af84 3857b4 cmp byte ptr [edi-4Ch],dl
0367af87 0180eb090000 add dword ptr [eax+9EBh],eax
0367af8d 0000 add byte ptr [eax],al
0367af8f 0000 add byte ptr [eax],al
0367af91 0000 add byte ptr [eax],al
0367af93 0000 add byte ptr [eax],al
0367af95 b067 mov al,67h
0367af97 0301 add eax,dword ptr [ecx]
0367af99 0000 add byte ptr [eax],al
0367af9b 0000 add byte ptr [eax],al
0367af9d 0000 add byte ptr [eax],al
0367af9f 0001 add byte ptr [ecx],al
0367afa1 0000 add byte ptr [eax],al
0367afa3 0070af add byte ptr [eax-51h],dh
0367afa6 670300 add eax,dword ptr [bx+si]
0367afa9 0000 add byte ptr [eax],al
0367afab 0000 add byte ptr [eax],al
0367afad b067 mov al,67h
0367afaf 038f04447e30 add ecx,dword ptr [edi+307E4404h]
0367afb5 88417e mov byte ptr [ecx+7Eh],al

// The thread doing the lookup, which actually is throwing the exception:
0:020> kb
ChildEBP RetAddr Args to Child
03d2ffb4 7c80b713 00000000 0367de60 0367de60 ntdll!KiFastSystemCallRet
03d2ffec 00000000 7c910230 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

0:020> ub 7c80b713
7c90e4da e829000000 call ntdll!RtlRaiseException (7c90e508)
7c90e4df 8b0424 mov eax,[esp]
7c90e4e2 8be5 mov esp,ebp
7c90e4e4 5d pop ebp
7c90e4e5 c3 ret
7c90e4e6 8da42400000000 lea esp,[esp]
7c90e4ed 8d4900 lea ecx,[ecx]
7c90e4f0 8bd4 mov edx,esp
7c90e4f2 0f34 sysenter
7c90e4f4 c3 ret
7c90e4f5 8da42400000000 lea esp,[esp]
7c90e4fc 8d642400 lea esp,[esp]
7c90e500 8d542408 lea edx,[esp+0x8]
7c90e504 cd2e int 2e
7c90e506 c3 ret
7c90e507 90 nop
7c90e508 55 push ebp
7c90e509 8bec mov ebp,esp

// The likely culprit:
0:020> lmvm FCShell
start end module name
02840000 02945000 FCShell T (no symbols)
Loaded symbol image file: FCShell.dll
Image path: C:\Program Files\FineCrypt\FCShell.dll
Image name: FCShell.dll
Timestamp: Tue Jan 08 15:10:18 2008 (4783D8AA)
CheckSum: 0010F362
ImageSize: 00105000
File version:
Product version:
File flags: 0 (Mask 3F)
File OS: 4 Unknown Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0

Link to comment
Share on other sites

Is there anything I can do to alleviate this error (besides not using FineCrypt) and do you think any of my security software is causing this? Also, is the software coded wrong, or is it possible I could disable something in this program to cure this?

Link to comment
Share on other sites

Well i know you don't want to change, but TrueCrypt is free and is the leading open source encryption program. I love it, i use a keyfile on a usb stick instead of a password. So when i leave my laptop, i take out the USB - which also doubles as readyboost in vista, so nobody can access my files if my laptop is stolen.

Link to comment
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...