Dr. Memory failed to start the target application, perhaps due to interference from invasive security software. - umppc15806

[balamurata123]

Describe the bug
Hi drmemory,

I have build a large library on C++ on Windows which is a scientific code for integration of materials behaviour under loading in time. The library is based on in-house source code, external libraries (e.g. blas/lapack MKL implementation) and a large amount of win32 dlls. Following some runs I noticed a memory leak; the code is too large to do step by step so I picked your tool.

I followed the workflow which was provided in the Dr Memory doc. After calling drmemory.exe and the executable which calls the library in question above, the following errors is output:

**drmemory.exe -- C:\Users\shell_memory_check_neml.exe
~~Dr.M~~ WARNING: unable to locate results file: can't open C:\Users\\AppData\Roaming\Dr. Memory/resfile.25028 (code=2).
Dr. Memory failed to start the target application, perhaps due to
interference from invasive security software.
Try disabling other software or running in a virtual machine.
WARNING: Examine the following unusual libraries in this process to help identify
invasive software that may have affected the target application:**

        C:\Windows\System32\umppc15806.dll

**Please file a bug about this at http://drmemory.org/issues
~~Dr.M~~ WARNING: application exited with abnormal code 0xc000041d**

The library mentioned is built according to the documentation of Dr Memory in /debug:full. During the build on Visual Studio, I noticed that the .pdb file for this specific dll is not loaded, my expectation is that it is missing or not produced. There is little info on these umppc files as well (online, or documentation) which makes it harder to debug. After looking at the manual for Dr Memory I was unable to determine if and how I can suppress this specific dll from being probed by Dr Memory.

My thinking and question is - is there a way to block Dr Memory from reading this specific dll; or other ways to bypass this error?

Thanks in advance.
M

To Reproduce
I don't think this is reproducible as it is linked to local implementation of libraries.

Please also answer these questions drawn from https://drmemory.org/page_help.html#sec_narrow :

• Does the problem go away when running in light mode (pass -light to Dr. Memory)? No
• Does the problem go away when running with the options -leaks_only -no_count_leaks -no_track_allocs? No
• Does the problem go away when running under plain DynamoRIO? Do this by running dynamorio/bin32/drrun -- <application and args> or dynamorio/bin64/drrun -- <application and args> depending on the bitwidth of your applicaiton. (Ignore warnings about "incomplete installation".) No
• What happens with the debug version of Dr. Memory and of its underlying engine DynamoRIO? Try this by passing -debug -dr_debug -pause_at_assert. Are any messages reported? No messages reported; same result; output below:

Expected behavior
What I was expecting to happen is that Dr Memory will evaluate the performance as the code is running for some simple dummy inputs and highlight where omission of some delete / delete[] cause excursion in memory. The library I want to evaluate should allow for this as it is built with extensive smart pointer use and structure, but the umppc dll is preventing from running.

Screenshots or Pasted Text
If applicable, add screenshots to help explain your problem. For text, please cut and paste the text here, delimited by lines consisting of three backtics to render it verbatim, like this:

```
```
**~~Dr.M~~ WARNING: unable to locate results file: can't open C:\Users\\AppData\Roaming\Dr. Memory/resfile.2656 (code=2).
Dr. Memory failed to start the target application, perhaps due to
interference from invasive security software.
Try disabling other software or running in a virtual machine.
WARNING: Examine the following unusual libraries in this process to help identify
invasive software that may have affected the target application:

        C:\Windows\System32\umppc15806.dll

Please file a bug about this at http://drmemory.org/issues
~~Dr.M~~ WARNING: application exited with abnormal code 0xc000041d**
```
```

Versions

• What version of Dr. Memory are you using? - Dr. Memory version 2.5.0 -- build 0
• Does the latest build from
  https://drmemory.org/page_download.html#sec_latest_build solve the problem? - No
• What operating system version are you running on? ("Windows 10" is not sufficient: give the release number.) - Windows 10 Pro 21H2 19044.1889
• Is your application 32-bit or 64-bit? 64-bit os, x64 processor

Additional context
Add any other context about the problem here.

[khuey]

Searching for umppc leads me to believe that DLL is part of the CrowdStrike Falcon security product. Does that sound plausible to you? Can you disable that?

[balamurata123]

Good point. I do see that CrowdStrike is installed locally; but cannot remove / disable currently as it requires a registration key. Let me chat with IT. I will share outcome.