Jump to content

Buffer Overflow (boep) -> 1603 / 1722 MSI Install Error


Recommended Posts

This releates to the error identified here http://paintdotnet.forumer.com/viewtopic.php?f=10&t=21585&p=122008 and here http://paintdotnet.forumer.com/viewtopic.php?f=10&t=22228&st=0&sk=t&sd=a.

No solution has been posted on either of those topics, but I've done some more debugging to identify the cause.

The security program that I have installed (Proventia) is blocking the install due to a "Buffer Overflow Exploit Attempt" by SetupNgen.exe. Here is the exact security log which is blocking SetupNgen.exe from completing (which results in the 1603 / 1733 error people are seeing).

ProcessID=5452|5568

SystemCall=NtCreateFile

Blocked=YES

Killed=NO

ExeFile=C:\Program+Files\Paint.NET\SetupNgen.exe

User=SYSTEM

Domain=NT+AUTHORITY

SecChkID=15954

AlertName=boep~setupngen

ReturnAddr=0091ad33, 2

Foxyshadis seems to have pulled out a debug version of Paint.Net and posted the stack trace of the exception:

System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
  at PaintDotNet.SetupNgen.SHGetFolderPathW(IntPtr hwndOwner, Int32 nFolder, IntPtr hToken, UInt32 dwFlags, IntPtr pszPath)
  at PaintDotNet.SetupNgen.SHGetFolderPath(Int32 nFolder)
  at PaintDotNet.SetupNgen.MainImpl(String[] args)
  at PaintDotNet.SetupNgen.Main(String[] args)

The MSI log reports

Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action _577D73A5_8502_4A32_A3DC_26C3DEF80357, location: C:\Program Files\Paint.NET\SetupNgen.exe, command: /install DESKTOPSHORTCUT=1 PDNUPDATING=0 SKIPCLEANUP=1 "PROGRAMSGROUP=" QUEUENGEN=1

The consensis is that this problem was introduced after v3.10. v3.10 does not throw this exception when installing but all subsequent versions do.

Link to comment
Share on other sites

Do to the lack of acknowledgment from the Paint.Net team I figured I'd track down the bug myself. I downloaded the source and after filling in some junk strings I built and ran everything just fine. Maybe I will just have to build it myself from now on.

The installer is not included as part of the the source - so I can't track down the bug.

It is annoying me to no end that every computer at the corporation I work at can not install Paint.Net because our security software is blocking a buffer overflow bug in the installer.

Link to comment
Share on other sites

I'm sorry that you haven't received a reply yet, but there is no Paint.NET team, per se - there's just Rick. Since he's the only developer that's active on the project, he may have missed this one first time around. He should probably see it this time around, though.

Not trying to make excuses - just provide an explanation. He has a real life, too. :-)

 

The Doctor: There was a goblin, or a trickster, or a warrior... A nameless, terrible thing, soaked in the blood of a billion galaxies. The most feared being in all the cosmos. And nothing could stop it, or hold it, or reason with it. One day it would just drop out of the sky and tear down your world.
Amy: But how did it end up in there?
The Doctor: You know fairy tales. A good wizard tricked it.
River Song: I hate good wizards in fairy tales; they always turn out to be him.

Link to comment
Share on other sites

Do to the lack of acknowledgment from the Paint.Net team I figured I'd track down the bug myself. I downloaded the source and after filling in some junk strings I built and ran everything just fine. Maybe I will just have to build it myself from now on.

The installer is not included as part of the the source - so I can't track down the bug.

It is annoying me to no end that every computer at the corporation I work at can not install Paint.Net because our security software is blocking a buffer overflow bug in the installer.

There is no "buffer overflow" bug; that is just the name for the error code that Windows returns when there is an insufficient buffer. Your security software is being over zealous. Please see this blog entry by Raymond Chen, who is a senior engineer at Microsoft: http://blogs.msdn.com/oldnewthing/archi ... 55308.aspx .

The issue is most likely caused by having your Desktop or Documents folders assigned to a "bizarre" location. Is the path very very long? I'm guessing it's on a network or something?

Honestly, I'd recommend you not use that security software, or at least reconfigure it not to incorrectly step in on buffer overflow "errors".

That said, there are some issues that have cropped up recently concerning our error handling for calls to SHGetFolderPathW, which are being fixed for the 3.32 release. I have no way of knowing if your security software will still try and block it though; it looks like its jumping in with fists and knives even before the error code gets passed back to my code.

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html

forumSig_bmwE60.jpg

Link to comment
Share on other sites

I agree that the security software blows and should be dumped - unfortunately the IT gestapo has a strangle hold on us. I do have admin on my system but they are good at making it difficult to bypass (I can't just stop the service or kill the process). I heard a rumor that someone has a registry script that disables it. I need that script.

Sorry for being hasty - I'm just frustrated because I like Paint.Net quite a bit but haven't been able to install it lately.

Link to comment
Share on other sites

You can run an install on a computer that allows it, copy it from the install directory onto a flash drive, and then copy it to the hard drive directly. You'll lose printing functionality (just use MSPaint or MSWord for that) and Explorer thumbnails for PDN files (which is not too necessary anyway), but you should be able to run everything (including plugins) perfectly well.

This assumes that the destination computer already has the .NET framework, of course. :-)

 

The Doctor: There was a goblin, or a trickster, or a warrior... A nameless, terrible thing, soaked in the blood of a billion galaxies. The most feared being in all the cosmos. And nothing could stop it, or hold it, or reason with it. One day it would just drop out of the sky and tear down your world.
Amy: But how did it end up in there?
The Doctor: You know fairy tales. A good wizard tricked it.
River Song: I hate good wizards in fairy tales; they always turn out to be him.

Link to comment
Share on other sites

You'll lose printing functionality

Wow I did not know that. never even came to my mind to test it when I 1st did the tutorial for boot cds. I will have to look into this sometime and add that note to the tutorial. Who knows I may be the reason some people have printing problems :?.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...