Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

OVALDI crashing on windows 7 x64

Help
Anton
2013-12-03
2013-12-13
  • Anton
    Anton
    2013-12-03

    Hi, I'm new to OVALDI, so may be i'm doing something wrong.
    I have Win7 x64
    cmd: ovaldi -m -o def/inventory/oval.xml (http://oval.mitre.org/rep-data/5.10/org.mitre.oval/i/oval.xml)
    After minute or two when ovaldi is "gathering data for OVAL definations" i get this Error(google translated):

    Collecting object: oval:org.mitre.oval:obj:24163
    Unhandled exception: System.AccessViolationException: Attempted to read or write protected memory. This often indicates that the other memory is corrupt.
    в std.basic_string<char,std::char_traits<char>,std::allocator<char> >.assign(basic_string<char\\,std::char_traits<char>\,std::allocator<char> > , basic_string<char\\,std::char_traits<char>\,std::allocator<char> > _Right, UInt64 _Roff, UInt64 _Count)
    в ItemFieldEntityValue.GetName(ItemFieldEntityValue , basic_string<char\\,std::char_traits<char>\,std::allocator<char> > )
    в ItemEntity.UniqueString(ItemEntity , basic_string<char\\,std::char_traits<char>\,std::allocator<char> > )
    в Item.UniqueString(Item , basic_string<char\\,std::char_traits<char>\,std::allocator<char> > )
    в AbsProbe.CacheAllItems(AbsProbe , vector<Item \*\\,std::allocator<Item="" \*="">> items)
    в AbsProbe.Run(AbsProbe , Object object)
    в AbsObjectCollector.ProcessObject(AbsObjectCollector , Object object)
    в AbsObjectCollector.Process(AbsObjectCollector , AbsObject absObject)
    в AbsObjectCollector.Run(AbsObjectCollector , basic_string<char\\,std::char_traits<char>\,std::allocator<char> > objectId)
    в AbsDataCollector.Run(AbsDataCollector )
    в main(Int32 argc, SByte
    * argv)
    в mainCRTStartup()

    And this in windows:

    Problem signature :
    Problem Event Name : CLR20r3
    Problem signature 01 : ovaldi.exe
    Problem signature 02 : 0.0.0.0
    Problem signature 03 : 516f00df
    Problem signature 04 : ovaldi
    Problem signature 05 : 0.0.0.0
    Problem signature 06 : 516f00df
    Problem signature 07 : 5c
    Problem signature 08 : c5
    Problem signature 09 : System.AccessViolationException
    OS Version: 6.1.7601.2.1.0.256.48
    Language Code: 1049
    Additional Information 1 : 385c
    2 For more information : 385c924a2bf6f8cb396c4d8a8220a274
    Additional Information 3 : 6f22
    Additional Information 4 : 6f227dadce7e4c56d4d4f4428ca1cb3c

    Read our privacy statement online :
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0419

    If the privacy statement on the Internet is not available , check with his local version :
    C: \ Windows \ system32 \ ru-RU \ erofflps.txt

    This error happens in both x64 and x86 versions of program.
    When I use a smaller XML's - all works fine

     
  • Since you say it only happens with large XML files, it may be related to an out-of-memory condition. Anyway, Item::UniqueString() no longer exists in trunk; that part of the code has been redone. So this problem may already be resolved. If not, the error would be in a different place; it would have a different stacktrace than that.

    Andy

     
    • Anton
      Anton
      2013-12-05

      Thanks for reply,
      So, Do I need to compile latest code?
      I downloaded latest [r1683] but having troubles with compilation (i'm newbie)
      I'm getting a lot of errors when trying to build solution in VS 2010 about missing files, where can i get it?

       

      Related

      Commit: [r1683]

      • Preeti
        Preeti
        2013-12-05

        Anton,

        We have built OVALDI on Windows 64 bit machine using Visual Studio 2010

        Set up:

        VC++ Directories(under configuration properties)
        Include directories: C:\Program Files %28x86%29\GnuWin32\include;C:\libgcrypt\gpg-w32-dev-20100713\include;C:\xerces-c-windows_2000-msvc_60\include;C:\Xalan-C_1_10_0-win32-msvc_60\include;$(IncludePath)
        Libraries directories: C:\Perl\lib;C:\Program Files %28x86%29\GnuWin32\lib;C:\libgcrypt\gpg-w32-dev-20100713\lib;C:\xerces-c-windows_2000-msvc_60\lib;C:\Xalan-C_1_10_0-win32-msvc_60\lib;$(LibraryPath)

        Linker > Input > Additional dependencies:
        Wuguid.lib
        Wbemuuid.lib
        pcre.lib
        xerces-c_2.lib
        Xalan-C_1.lib

        Delay Loaded Dlls: Advapi32.dll;Authz.dll;%(DelayLoadDLLs)

        You can set paths that are similar to this. Hope these settings will solve your compilation errors.

        --
        Preeti Subramanian
        SecPod Technologies
        www.secpod.com

        Try Saner for Free!
        Vulnerability Mitigation Solution

         
      • Preeti
        Preeti
        2013-12-05

        Anton,

        We have built OVALDI on Windows 64 bit machine using Visual Studio 2010

        Set up:

        VC++ Directories(under configuration properties)
        Include directories: C:\Program Files
        %28x86%29\GnuWin32\include;C:\libgcrypt\gpg-w32-dev-20100713\include;C:\xerces-c-windows_2000-msvc_60\include;C:\Xalan-C_1_10_0-win32-msvc_60\include;$(IncludePath)
        Libraries directories: C:\Perl\lib;C:\Program Files
        %28x86%29\GnuWin32\lib;C:\libgcrypt\gpg-w32-dev-20100713\lib;C:\xerces-c-windows_2000-msvc_60\lib;C:\Xalan-C_1_10_0-win32-msvc_60\lib;$(LibraryPath)

        Linker > Input > Additional dependencies:
        Wuguid.lib
        Wbemuuid.lib
        pcre.lib
        xerces-c_2.lib
        Xalan-C_1.lib

        Delay Loaded Dlls: Advapi32.dll;Authz.dll;%(DelayLoadDLLs)

        You can set paths that are similar to this. Hope these settings will
        solve your compilation errors.

        --
        Preeti Subramanian
        SecPod Technologies
        www.secpod.com

        Try Saner for Free!
        Vulnerability Mitigation Solution

        On Thursday 05 December 2013 01:53 PM, Anton wrote:

        Thanks for reply,
        So, Do I need to compile latest code?
        I downloaded latest [r1683]
        http://sourceforge.net/p/ovaldi/code/1683/ but having troubles with
        compilation (i'm newbie)
        I'm getting a lot of errors when trying to build solution in VS 2010
        about missing files, where can i get it?


        OVALDI crashing on windows 7 x64
        https://sourceforge.net/p/ovaldi/discussion/776940/thread/66df8c17/?limit=25#d094/7c7c


        Sent from sourceforge.net because you indicated interest in
        https://sourceforge.net/p/ovaldi/discussion/776940/

        To unsubscribe from further messages, please visit
        https://sourceforge.net/auth/subscriptions/

         

        Related

        Commit: [r1683]

  • Anton
    Anton
    2013-12-05

    Well, finaly successfully compiled ovaldi, but now when i trying to use it getting error 0xc000007b
    How to solve it?

    solved it. I used old dlls from downloaded ovaldi.

     
    Last edit: Anton 2013-12-05
  • Preeti
    Preeti
    2013-12-06

    msvcp100.dll might be missing which causes this error. Can you copy this dll in the same directory as .exe and try again?

    --
    Preeti Subramanian
    SecPod Technologies
    www.secpod.com

    Try Saner for Free!
    Vulnerability Mitigation Solution

     
  • Anton
    Anton
    2013-12-06

    Now, when ovaldi seems to be working properly, I faced with another problem:

    scan of the system takes too much time.

    I read in another topic that it may be caused due to problems with "schematron validation". I found that scaning is skipping that action, so i executed ovaldi with
    ovaldiD -m -o def/windows.xml -c,
    and got this:
    2013-12-06T20:01:30 : DEBUG : The directives file does not exist! directives.xml
    2013-12-06T20:01:31 : DEBUG : Unable to load directives configuration file. Using default directives.
    ** running Schematron validation on def/windows.xml

    2013-12-06T21:09:22 : FATAL : ERROR: Schematron validation failed with the following errors:
    DEPRECATED TEST: wmi_test ID: oval:org.mitre.oval:tst:4190

    DEPRECATED TEST: wmi_test ID: oval:org.mitre.oval:tst:42877

    DEPRECATED TEST: wmi_test ID: oval:org.mitre.oval:tst:42850

    DEPRECATED TEST: wmi_test ID: oval:org.mitre.oval:tst:43509

    DEPRECATED TEST: wmi_test ID: oval:org.mitre.oval:tst:43780

    DEPRECATED TEST: wmi_test ID: oval:org.mitre.oval:tst:43506

    DEPRECATED TEST: wmi_test ID: oval:org.mitre.oval:tst:78039

    DEPRECATED TEST: wmi_test ID: oval:org.mitre.oval:tst:10634

    DEPRECATED TEST: wmi_test ID: oval:org.mitre.oval:tst:10696

    DEPRECATED TEST: wmi_test ID: oval:org.mitre.oval:tst:9160

    DEPRECATED TEST: wmi_test ID: oval:org.mitre.oval:tst:9106

    DEPRECATED OBJECT: wmi_object ID: oval:org.mitre.oval:obj:2255

    DEPRECATED OBJECT: wmi_object ID: oval:org.mitre.oval:obj:16068

    DEPRECATED OBJECT: wmi_object ID: oval:org.mitre.oval:obj:15243

    DEPRECATED OBJECT: wmi_object ID: oval:org.mitre.oval:obj:15761

    DEPRECATED OBJECT: wmi_object ID: oval:org.mitre.oval:obj:16054

    DEPRECATED OBJECT: wmi_object ID: oval:org.mitre.oval:obj:23189

    DEPRECATED OBJECT: wmi_object ID: oval:org.mitre.oval:obj:6451

    DEPRECATED STATE: wmi_state ID: oval:org.mitre.oval:ste:12725

    DEPRECATED STATE: wmi_state ID: oval:org.mitre.oval:ste:12640

    DEPRECATED STATE: wmi_state ID: oval:org.mitre.oval:ste:12641

    DEPRECATED STATE: wmi_state ID: oval:org.mitre.oval:ste:13002

    DEPRECATED STATE: wmi_state ID: oval:org.mitre.oval:ste:12943

    DEPRECATED STATE: wmi_state ID: oval:org.mitre.oval:ste:18228

    DEPRECATED STATE: wmi_state ID: oval:org.mitre.oval:ste:5672

    DEPRECATED STATE: wmi_state ID: oval:org.mitre.oval:ste:5371

    DEPRECATED STATE: wmi_state ID: oval:org.mitre.oval:ste:4256

    DEPRECATED STATE: wmi_state ID: oval:org.mitre.oval:ste:4374

    Am I doing everything correct?

     
    • Preeti
      Preeti
      2013-12-10

      -c option performs schematron validation and takes time :( If you do not wish to perform schematron validation, you may choose not to provide -c option.

      2013-12-06T20:01:30 : DEBUG : The directives file does not exist! directives.xml

      OVAL Interpreter is not able to find directives XML file.

      Some background:
      OVAL directives: a set of content that can be provided to an OVAL Definition Evaluator that includes both an OVAL Definition Document to be evaluated and this new set of directives to control the contents of the resulting OVAL Results Document. A tool that supports this input directives format will simply copy the supplied directives into any corresponding OVAL Results document that it outputs. Of course, corresponding OVAL Results will then have to be compliant with the supplied directives.

      In Windows,

      you need to set PATH variable(Computer > Properties > Environment Variables) by clicking on Edit. You need to append path to your ovaldi directory.

      or in UNIX flavors,

      copy the content of <your-ovaldi-path>/xml to /usr/share/ovaldi

      Also, it looks like your OVAL definitions XML file contains deprecated tests, objects and states. You can replace those tests, objects and states with new ones, or if you still wish to use them, you can ignore by not using -c option.

      --
      Preeti Subramanian
      SecPod Technologies
      www.secpod.com

      Try Saner for Free!
      Vulnerability Mitigation Solution

       
      Last edit: Preeti 2013-12-10
      • Anton
        Anton
        2013-12-10

        Scan of my system takes more than 2 hours(Standart vulnerabilities windows definitions file ~37 Mb) How can i speed up scanning?

         
  • Anton
    Anton
    2013-12-12

    Is it possible to collect System-Characteristics.xml on one machine and perform analysis on another one?

     
  • Preeti
    Preeti
    2013-12-12

    Yes it is possible. Once you collect system characteristics file. Try -i option on your other machine i.e. try -i [your system characteristics file path]
    Example:
    ovaldiD -m -o def/windows.xml -i system-characteristics.xml

    --
    Preeti Subramanian
    SecPod Technologies
    www.secpod.com

    Try Saner for Free!
    Vulnerability Mitigation Solution

     
    • Anton
      Anton
      2013-12-12

      Thank you!
      But how to perform only collection of system-scharacteristics without scanning?
      (Sorry if it realy easy to find in manual, but i can't)

       
      • Preeti
        Preeti
        2013-12-13

        You need a scanner to get system characteristics, because system characteristics file gets created based on the OVAL definitions file you scan. If you have some other similar scanner, you could try...

        -
        Preeti Subramanian
        SecPod Technologies
        www.secpod.com

        Try Saner for Free!
        Vulnerability Mitigation Solution

         
  • I would like to expand on this answer a bit. If I may point you towards the list of OVAL Capabilities (http://oval.mitre.org/adoption/usecasesguide.html#capabilities), you will notice that there exists 5 defined. By examining the OVAL Adoption Product List (http://oval.mitre.org/adoption/productlist.html) you will see which tools are available by which vendor, and the specific capabilities they support. OVALDI supports the two capabilities of "Definition Evaluator", as well as "System Characteristics Producer".

    The Systems Characteristics file is generated through collecting the specified OVAL Objects by scanning the system directly, or querying a collection of properties that may have been exported from the system. Think of this second model as a system that publishes its configurations to a central database as an example.

    In the following guide, you may replace OVALDI with any tool that accomplishes the similar capabilities. Running OVALDI with no parameters displays the options available. This will show you which flag represents optional functionality. To identify common uses:

    -Run OVALDI with a given input that contains Definitions, Tests, Objects, States, and possibly Variables. This results in a generated Systems Characteristics file, and analyzed to generate the OVAL Results file.

    -Run OVALDI with a given input that contains Objects and possibly Variables. This results in a generated Systems Characteristics file, and an OVAL Results file with no analysis performed.

    -Run OVALDI with a given input that contains Definitions, Tests, Objects, States, and possibly Variables, as well as a Systems Characteristics file that already maps the collected Objects to the Items. This will not collect anything from the system and instead only be analyzed to generate the OVAL Results file.

    I hope this helps, but please follow up if any part has been unclear.

    Thanks,
    David Rothenberg