Jump to content

Supermium

Dibya
 Share

Recommended Posts

Karla Sleutel

Karla Sleutel

Posted
Posted
18 hours ago, D.Draker said:

I know a lot of people that don't. I observed my ex-girlfriend literally ate tonnes of wedding dresses and parties ads at her insta,

That's probably due to the things people dream of, or simply want to see in their life. Yes, I too like to be Captain Obvious.:hello:

I'm starting to notice later versions of uBlock let some ads to slip through in Supermium, is it the old engine?

Or I need to downgrade the UBO?

2

UCyborg

UCyborg

Posted
Posted
1 hour ago, j7n said:

Could this be a side-effect of 32-bit program running on 64-bit Windows?

No.

How important is it nowadays to ensure that all my DLLs have non-conflicting base addresses?

ASLR mentioned in the article was introduced in Windows Vista.

33 minutes ago, Karla Sleutel said:

Isn't Supermium supposed to be already "rebased", as it officially supports XP?

It is, but manual rebasing is a lottery, address chosen by developer obviously doesn't work for @j7n's system.

1
Karla Sleutel

Karla Sleutel

Posted
Posted
14 hours ago, UCyborg said:

It is, but manual rebasing is a lottery, address chosen by developer obviously doesn't work for @j7n's system.

Thanks for the explanation, I'd rather thought win32 took that into account.

3
Karla Sleutel

Karla Sleutel

Posted
Posted
12 hours ago, VistaLover said:

... However, the image uploaded by him isn't from an XP system: 

2QckzU2.png

(bcryptprimitives.dll first appeared in NT 6.1), so why does ASLR not work in his case? :dubbio:

Could he just catch a virus?

Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries

An Ongoing Investigation into Emergent Cryptolocking Ransomware Strain

updated on November 28, 2024

Association to documented CVEs and similar malware family

WannaCry.

BlackByte ransomware.

LockBit Green ransomware.

Ranzy Locker ransomware.

Conti ransomware.

bcryptprimitives.dll

3
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted (edited)

I kind of doubt that it is any virus.

He's running a sound card (ASIOhost64.exe) at realtime priority.  What addresses are those dependencies loaded into?

He's watching a "Black_M..." video on a (we have to assume) SERVER OS. 

He is file-sharing (ApexDC.exe) and who knows how many files are being transferred in the background.

He has way too many PROCESSES running.

Some times, we bring upon our own pain.

 

image.thumb.png.0d907e37ad2c1a2ea9982191f2a1d01d.png

 

Edited by NotHereToPlayGames
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted

Oh, and he has a New Moon / Pale Moon web browser also running.  So he is running two web browsers at the same time.  How many tabs are open in the New Moon / Pale Moon's Disable ... window?  Is the xul.dll for that browser also not properly REBASED?

Sure, his Supermium ran out of memory.  But his New Moon / Pale Moon / "Black_M..." / file-sharing is using a TON of memory before even launching Supermium (the second to last tab in the toolbar where Task Manager is the highlighted last tab).

D.Draker

D.Draker

Posted
Posted
11 hours ago, NotHereToPlayGames said:

I kind of doubt that it is any virus.

He's running a sound card (ASIOhost64.exe) at realtime priority.  What addresses are those dependencies loaded into?

He's watching a "Black_M..." video on a (we have to assume) SERVER OS. 

He is file-sharing (ApexDC.exe) and who knows how many files are being transferred in the background.

He has way too many PROCESSES running.

Some times, we bring upon our own pain.

 

image.thumb.png.0d907e37ad2c1a2ea9982191f2a1d01d.png

 

I don't think that video with black males takes up too much RAM, unless it's in 4K. 

He's running a sound card (ASIOhost64.exe) at realtime priority, that's weird, oh wait, probably it's because he has also foobar opened.

In foobar v2 x64 bit asio is supported.

But why? Is he recording the audio from black males' video in realtime (capturing?). That would of course take a good amount of RAM.

 

3
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted

Why Black Males?  Sounds racist to me.  Can't it be Black Monkeys?  Black Molasses?  Black Molecules?  Black Melanite?  Black Mulberries?  Black Mamba?  Black Moths?  Black Mold?  Black Mud?  Black Meteorites?  Black Mirrors?  Black Material?

I'm going to go with Black Mold and that he/she in in the middle of a bathroom remodel or kitchen sink issue.

j7n

j7n

Posted
Posted

Your imagination is running wild. It is "Black Mesa," and has nothing to do with the topic at hand. Foobar2000 is playing the BBC. Realtime priority makes sure there are no interruptions. It works well. What do you think BBC is?:roll1:

Of course there are too many processes with 27 chromes. Without chrome, memory use was about 30%.

Lots of experimentation to do. Using libase.exe didn't improve the situation. All child processes of chrome.dll are still put at 0x15360000 and the root process has it at 0x16840000. My value of "MoveImages" is 0. "MitigationOptions" doesn't seem to be a valid setting in Windows 2008 R2. I ran a full text search and found no references.

NotHereToPlayGames

NotHereToPlayGames

Posted
Posted

One variable is that you have four tabs open (one Chrome Web Store, two Tampermonkey, one Greasy Fork).

At work at the moment, will check my memory load and chrome processes upon return home.

Second variable that is kind of important - how many extensions are you running?

Because yeah, 27 chromes is not normal.  Something within your profile is causing that.

 

Oh, and I would still verify if your New Moon / Pale Moon also has a rebase issue (xul.dll).

1
j7n

j7n

Posted
Posted

Xul.dll is shown as relocated. Maybe there is a security setting that does it. There is only one copy of New Moon anyway. Those websites seemed to be a bit heavy, but that's how they are today.

I have only one extension TamperMonkey. If I find that it starts a new process, I will remove it and have autoplay back because 170 MB for autoplay is silly.

Shareable working set for Chrome.exe is about 12-14 MB.

I will check later on other computer.

NotHereToPlayGames

NotHereToPlayGames

Posted
Posted
12 minutes ago, j7n said:

There is only one copy of New Moon anyway.

Doesn't really say much.  My "one process" of Serpent with only TWO tabs hovers between 650 MB all the way up to about 1.2 GB (at which point it gets "terminated" and started over [UXP browers have HUGE memory leaks!]).

I grabbed a copy of Server 2008 SP2 from work.  I'll install into a VM and see what Supermium does here.

UCyborg

UCyborg

Posted
Posted
28 minutes ago, j7n said:

My value of "MoveImages" is 0.

Bingo! Normally, it shouldn't exist. Both browsers should go back to normal if you delete the value and restart Windows.

Otherwise, you're forcing ASLR off and having old relocation logic in effect, which duplicates DLLs in memory/page file when multiple processes use them. You'd have to find a different value of base address manually then for chrome.dll to avoid collision with another DLL.

19 minutes ago, j7n said:

I have only one extension TamperMonkey. If I find that it starts a new process, I will remove it and have autoplay back because 170 MB for autoplay is silly.

Each extension is its own process in Chromium.

2

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...