Author Topic: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive  (Read 23091 times)

0 Members and 1 Guest are viewing this topic.

borhani

  • Guest
This case is VERY similar to mine, but it occurs in Win Server 2003; I'm running Win XP: http://forum.avast.com/index.php?topic=113581.msg887363#msg887363
  • If Avast Antivirus is installed, although the RDP session initiates OK, and I'm OK doing things that don't involve copy/paste, as soon as I attempt to access a shared (i.e, RDP client) drive, immediate BSOD on the Win XP server. Bluescreen minidmp file indicates rdpdr.sys as the culprit. 100% reproducible.
  • After completely uninstalling Avast & rebooting, the problem goes away, i.e., I can RDP into the Win XP server, and copy & paste files or text or whatever back & forth, without any issues.
XP clean install, SP3, all updates. I cannot follow the recommended Win Server 2003 solution:

Please check the KB article in the link provided below:
http://support.microsoft.com/kb/960652
The issue is confirmed by Microsoft as theirs.
Just install the patch and everything will be okay.


because those versions of rdpdr.sys are for Win Server 2003, not XP. (If anyone  knows whether they can be used in XP, please let me know!)
My current (XP) rdpdr.sys is dated 4-SEP-2009, 12:43:46, version 5.1.2600.5875 (xpsp_sp3_qfe.090904-1906).

Is there a fix for Win XP? I've been tearing my hair out over this for a month, have reinstalled XP, and nothing works. I don't not want to use Avast, but several people have said it's a problem with Avast, and I should be using AVG (which I found to be slow).

Please help!
Thanks
« Last Edit: May 05, 2013, 12:00:33 AM by borhani »

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1793
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #1 on: May 06, 2013, 01:33:44 PM »
Please upload your minidump(s) here: ftp://ftp.avast.com/incoming/
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

borhani

  • Guest
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #2 on: May 13, 2013, 03:37:18 PM »
Uploaded two representative dmp files:
borhani_Mini041213-01.dmp
borhani_Mini041213-02.dmp

Other have reported that, like me, uninstalling Avast! and installing AVG works---no BSOD's. See thany1's second post here: http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/97c547a7-b234-4e1d-b089-0e7876c3a55b

  I like Avast! much better than AVG. I really hope the excellent coders at Avast! and in the Avast! community can figure out what is wrong here!

Thanks

borhani

  • Guest
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #3 on: May 13, 2013, 03:42:32 PM »
Also, my slow reply is not because I am not interested in sorting this out --- I really want to get it fixed! I just didn't realize I had to turn on "notify", so I didn't see your upload request.
Thanks

lm713

  • Guest
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #4 on: May 14, 2013, 01:14:51 PM »
Same problem here: Windows Vista -> Windows XP SP3. Remote Windows XP crashes on copy when clipboard is shared (if you have this and drive sharing turned off in the RDP terminal client settings you are OK).

Not sure if it's possible to just install the Windows Server 2003 Hotfix on Windows XP? Would be a shame to blow up the machine with such an attempt. Has anyone been brave enough to try?

I too like AVAST over AVG (though haven't tried AVG in a while), but if there is no solution I might just go for the light-weight WSE.

What a weird problem huh!? Took 1 day + a morning to get to the root of this problem (after fixing some driver issues, which I understood to be a possible culprit - should have persisted with a more direct root!). Thank you borhani and Peresmeshnik for identifying the cause: 1 day + a morning doesn't seem so bad compared to what you went through, but still a royal waste of time. Still these things happen.

borhani

  • Guest
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #5 on: May 14, 2013, 03:28:27 PM »
Hi Avast! developers,

Could you please try to sort out what is wrong here? Could it be a program update that occurred sometime around April 7, 2013??  I had run Avast! & RDP for ~1 year prior to this April, without any issues; it suddenly went bad on April 7 ---- worked on night of April 6, failed on morning of April 7!

Thanks!

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #6 on: May 15, 2013, 11:14:05 AM »
Hi,
we change one part in filesystem driver which queries for file paths. Unfortunately, in RDP session (under XP/2003) it can lead to BSOD if you mapped harddisk drives and you access them. This bug is in XP and it was fixed in Vista+. I would suggest you to apply that KB fix (http://support.microsoft.com/kb/960652). It should work on XP as well (please confirm it, so we can use it as official answer until we release new program version).

Thanks,
Petr

lm713

  • Guest
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #7 on: May 15, 2013, 11:24:33 AM »
Hi PK,

Thank you for getting back to us. I read somewhere else also that XP and Windows Server 2003 are close cousins, but is it safe to assume that applying this hotfix won't corrupt the system (I rely on it quite a bit)?

Thank you.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #8 on: May 15, 2013, 11:28:03 AM »
It depends, we also use one driver for XP/2003/Vista+ OSes. There're small changes between XP/2k3, but I think it should be ok. Please backup your original Rdpdr.sys file (\windows\system32\drivers). If KB refuses to install, let me know and I'll send you rdpdr.sys from this KB package (so you can update it manually). Thanks.

lm713

  • Guest
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #9 on: May 15, 2013, 11:51:39 AM »
Hi again,

I was getting muddled up with the different hotfixes I have been reading about and didn't realise this one is just for the rdp driver, so I guess it should be pretty safe to try, i.e. at worst remote desktop would stop working.

I will try it tonight as I am not near that computer right now (hence my need for rdp ;) and I guess I should be near it when I try this.

Thank you again for your invaluable help!

borhani

  • Guest
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #10 on: May 15, 2013, 03:52:34 PM »
PK, just to confirm: the change made to Avast!, around the April 7 timeframe, made Avast! cause this BSOD even though it previously did not cause it?

I ask because the KB article is from 2009, and I've only been running Avast! since 2011. And, I've been mapping drives the entire time (until April 7!!).

I'll try the hotfix tonight as well. I had read this KB article, but held off on applying the fix for the same reason as lm713: I don't want to brick by system, or have to do some sort of serious back-tracking.  Also, I had googled for an "official" XP version of this rdpdr.sys file without luck. I guess it is possible that MS created the fix only for Server 2003 (but that seems odd, given the date).



borhani

  • Guest
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #11 on: May 16, 2013, 03:59:38 AM »
PK, Long story short: I need the rdpdr.sys file --- not the hotfix zip file --- from you. The hotfix doesn't work. Thanks!

Details

The 2003 Server hotfix file "368918_ENU_i386_zip.exe" unzips to "WindowsServer2003-KB960652-x86-ENU.exe", which then refuses to run on WinXP (Pro, 32-bit), giving the following error:
---------------------------
KB960652 Setup Error
---------------------------
The version of Windows you have installed does not match the update you are trying to install.
---------------------------

Interestingly, however...

I mistakenly downloaded the hotfix earlier today, at work (Win7 x64). The hotfixer downloader was "smart" enough to give me the x64 version (without complaining that it's not for Win7); my old eyes missed the "x64" in the file name.   Here's the crazy part: "368938_ENU_x64_zip.exe" unzips to "WindowsServer2003.WindowsXP-KB960652-x64-ENU.exe"!!

But of course, this file doesn't run on XP 32-bit, but gives instead a rather cryptic error:
---------------------------
Extraction Failed
---------------------------
update\update.exe is not a valid Win32 application.
---------------------------

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #12 on: May 16, 2013, 08:46:29 AM »
>> WindowsServer2003.WindowsXP-KB960652-x64

Server2003 and XP 64-bit has the same kernel version, i.e. they're both identical inside

Downloaded links for rdpdr.sys:
x86: http://public.avast.com/~kurtin/patches/rdpdr/x86/SP2QFE/rdpdr.sys
x64: http://public.avast.com/~kurtin/patches/rdpdr/x64/SP2QFE/rdpdr.sys

Please let me know if it works for you, thanks.

borhani

  • Guest
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #13 on: May 16, 2013, 04:27:58 PM »
Thanks, will give a try tonight

borhani

  • Guest
Re: RDP rdpdr.sys causes Win XP BSOD on accessing shared drive
« Reply #14 on: May 17, 2013, 06:11:31 AM »
 :D :D IT WORKS!!!  ;D ;D

I had to disable the Windows System File Protector, setting it to ignore (only) rdpdr.sys, so that I could slip in the Win 2003 Server version of rdpdr.sys that pk supplied. Instructions on how to do this are here: http://bitsum.com/aboutwfp.asp  Skip right to:
Mod Method 5: Disable WFP permanently for specific files via patching the protected file list
More simple than patching executable code is simply patching the list of files contained in SFCFILES.DLL. First, copy
SFCFILES.DLL to a temporary file. Using a hex editor (i.e. UltraEdit), search for files to disable protection on inside
the temporary file. Once found, replacing the first character of the file name with 0 (that is: value 0 NOT ascii '0'
character). After completing the modifications, correct the checksum using our PEChkSum utility and set the temporary
file to replace the original at boot-time using our MoveLatr utility. Reboot the computer to finish the process.

I used HxD to edit C:\WINDOWS\system32\SFCFILES.DLL; there were ~5 instances of "r◊d◊p◊d◊r◊.◊s◊y◊s" ("◊" = null, hex 0x0). I changed them all to "◊◊d◊p◊d◊r◊.◊s◊y◊s"; fixed the checksum (Chksum.exe sfcfiles.bak); set up the file replacement (MoveLatr.exe sfcfiles.bak sfcfiles.dll); and rebooted. Worked fine (as evidenced by a quick peek at the new SFCFILES.DLL).
The needed utilities Jeremy Collake mentions are here: http://bitsum.com/other/  WORKED LIKE A CHARM (Thanks Jeremy!)

THEN, I was able to copy the new rdpdr.sys (having saved a copy of the old one!) to C:\WINDOWS\system32\drivers & :\WINDOWS\system32\dllcache (for good measure), without the WinXP WFP "nanny" replacing the file!!

Tested RDP from Win7 client to the now-stably-modified WinXP sever: it worked fine; c

Reinstalled Avast! (ver. 8, free version). OK

And the Acid Test: RDP from Win7 into WinXP --- with Avast! running --- IT WORKED! copy/paste, with drives mapped, worked in both directions.

Thanks so very much, pk!