loadlibrary icon indicating copy to clipboard operation
loadlibrary copied to clipboard

Published 20 hours ago verified publisher icon taviso

__rsignal(RSIG_BOOTENGINE) returned failure, missing definitions?

Open amartin-git opened this issue 3 years ago • 13 comments

Hello,

As of this morning it looks like MS changed something in the distribution files. Now getting the following error when trying to run mpclient:

main(): __rsignal(RSIG_BOOTENGINE) returned failure, missing definitions?
main(): Make sure the VDM files and mpengine.dll are in the engine directory

Don't know if it's related, but compared to yesterday's files, some of the new files seem to have shrunk:

-rw-r--r-- 1 root root 47954880 Aug  5 06:10 mpasbase.vdm
-rw-r--r-- 1 root root 10175432 Aug  5 06:03 mpasdlta.vdm
-rw-r--r-- 1 root root 45193160 Aug  5 06:03 mpavbase.vdm
-rw-r--r-- 1 root root 11338184 Aug  5 06:03 mpavdlta.vdm
-rw-r--r-- 1 root root 12990384 Aug  5 06:03 mpengine.dll
-rw-r--r-- 1 root root   647560 Aug  5 06:03 MpSigStub.exe

-rw-r--r-- 1 root root 48507840 Aug  6 08:50 mpasbase.vdm
-rw-r--r-- 1 root root  2742728 Aug  6 08:50 mpasdlta.vdm
-rw-r--r-- 1 root root 50892208 Aug  6 08:50 mpavbase.vdm
-rw-r--r-- 1 root root   139200 Aug  6 08:50 mpavdlta.vdm
-rw-r--r-- 1 root root 12848312 Aug  6 08:50 mpengine.dll
-rw-r--r-- 1 root root   647560 Aug  6 08:50 MpSigStub.exe

amartin-git avatar Aug 06 '21 14:08 amartin-git

Having the same issue

idanfei avatar Aug 09 '21 07:08 idanfei

Same here :(

frisch-raphael avatar Aug 11 '21 16:08 frisch-raphael

Thanks for letting me know, I'm investigating.

taviso avatar Aug 12 '21 14:08 taviso

Using the mpengine.dll from Aug 5 with the newer .vdm files seems to work for now (not familiar with the inner-workings of these files, but it does detect EICAR and several other virsuses correctly).

Thanks for all the work that you put into this project!

amartin-git avatar Aug 16 '21 16:08 amartin-git

I see the issue, mpengine is doing a lot more work to validate all the signatures on the VDM, and not trusting the host system to do the verification. It might take a day or two, but I'm thinking about solutions!

taviso avatar Aug 19 '21 23:08 taviso

Thanks :)

frisch-raphael avatar Sep 02 '21 12:09 frisch-raphael

i am also troubled by this problem :(

IkeZZZ avatar Sep 06 '21 13:09 IkeZZZ

Same Issue, Thanks @taviso

DDB-en avatar Sep 08 '21 15:09 DDB-en

Looks like using the mpengine.dll from Aug 5 no longer works with the new VDM files as of this weekend.

@taviso - have you been able to make any progress with this? Thanks again.

amartin-git avatar Sep 20 '21 13:09 amartin-git

I search another download link, it works. But I don't know why. It maybe helpful.

http://download.microsoft.com/download/DefinitionUpdates/mpam-fe.exe

YongZeer avatar Nov 16 '21 06:11 YongZeer

Thanks for the other link. That does work, but it appears to be an outdate engine. I'm seeing the error listed in this issue on the latest version of the engine. Would love to have a fix as well!

mikewilusz-stairwell avatar Nov 30 '21 02:11 mikewilusz-stairwell

It works fine with older version but latest updated is not supported.

Rd1997 avatar Dec 24 '21 07:12 Rd1997

@taviso were you able to figure out the root cause for this?

blacktop avatar Mar 16 '22 18:03 blacktop