Security Apps Break .NET 2.0 Remoting

If you are writing or using applications that use .NET Remoting there is a serious issue that you need to be aware of. There are a few security applications will crash any application that uses .NET 2.0 Remoting. The applications that have been confirmed to cause this issue are NOD32, Trend Micro Office Scan, Embassy Trust Suite, Broadcom Advanced Control Suite and NetLimiter. They all include some kind of network monitoring functionality.

The problem manifests itself as a crash whenever a .NET Remoting TcpChannel is closed. It isn't the application that closes the channel that crashes, but the application at the other end. In the case of TestDriven.Net it depends which functionality you're using which end crashes. If you use 'Test With... Debugger' then Visual Studio 2005 will crash. If you use 'Run Test(s)' then the test process (ProcessInvoker.exe) will crash when Visual Studio exits.

To repro the issue with NOD32 do the following:

  1. Install .NET 2.0
  2. Download RemotingSamples.zip
  3. Make sure NOD32 IMON module is running
  4. Run RemotingServer.exe
  5. Run RemotingClient.exe

At this point the RemotingServer.exe application will exit with a "needs to close" dialog and the following exception:

Unhandled Exception: System.AccessViolationException: Attempted to read or write
 protected memory. This is often an indication that other memory is corrupt.
  at System.Net.UnsafeNclNativeMethods.OSSOCK.WSAGetOverlappedResult(SafeCloseS
ocket socketHandle, IntPtr overlapped, UInt32& bytesTransferred, Boolean wait, I
ntPtr ignored)
  at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32
 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
  at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32
errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)

I would really like to get to the bottom of this. It is by far the most serious issue reported by TestDriven.Net users. My guess it that is isn't the fault of these applications, but they are all using a common DLL. I would like to find out what the issue it and it there's a patch. Thanks to Paul Welter for the repro and everyone on the TestDriven.Net Users group for reporting it.

Update 1: Manuel Rohrhirs wrote to let me know that Broadcom Advanced Control Suite which is installed by Dell also causes this issue. This situation is getting out of control. The seem to be a lot of applications that are being installed by default that will break any application that uses .NET 2.0 Remoting!

Update 2: It looks like James Woodall hit exactly the same issue with NetLimiter.

Published Wednesday, June 07, 2006 10:14 AM by Jamie Cansdale
Filed under: , ,

Comments

# .NET 2.0 Remoting defect with security apps

Jamie has blogged about a breaking issue with .NET 2.0 remoting when security apps are installed, this...

Thursday, June 08, 2006 5:19 AM by Andrew Stopford's Weblog

# re: Security Apps Break .NET 2.0 Remoting

I am experiencing the same problem.  Any update on this issue?  Any fixes?

Friday, March 16, 2007 9:49 PM by Rich Wade

# re: Security Apps Break .NET 2.0 Remoting

It's a bug in the .net framework.  There's a QFE for it, but it's not publicly available (or at least, it wasn't as of October 2006).  Supposedly if you call MS support, they'll refund your initial support-call charge when the problem is a bug in their software (or, you may be able to bypass the initial charge entirely, see below).

See blogs.msdn.com/.../whidbey-remoting-accessviolation-problem-maheshwar-jayaraman.aspx for the process of tracking down the problem -- but basically, you can skip to the end (search for "how to get the QFE" for instructions) if you don't care about the cause.

It should also get fixed in the next service pack for .net 2.0, but who knows how long that'll be.  (Note that in the post linked to above, there's a trackback about SP1 of VS2005 being released -- but that doesn't fix this issue, since this issue is in the framework, and the VS SP didn't change the framework.)

Thursday, July 19, 2007 11:58 AM by BryanK

# Security Applications Break .NET 2.0 Remoting - I can’t remember where I read it….

Pingback from  Security Applications Break .NET 2.0 Remoting - I can’t remember where I read it….

Monday, September 24, 2007 7:49 PM by Security Applications Break .NET 2.0 Remoting - I can’t remember where I read it….

# re: Security Apps Break .NET 2.0 Remoting

same error

student-faq.com

Monday, January 07, 2008 9:36 AM by Mr Security

# Cheap zolpidem.

Zolpidem and sleepwalking. Zolpidem overdose. Buy zolpidem. Zolpidem.

Saturday, July 19, 2008 10:35 AM by Zolpidem tartrate.

Leave a Comment

(required) 
(required) 
(optional)
(required)