none
Windows 10 1903, msra popup bad image 0xc0000428 error. RRS feed

  • 質問

  • On Windows 10, version 1903, when run msra.exe (Microsoft remote assistance), it would popup following message 

    "msra.exe - Bad Image : C:\Program Files (x86)\.....\xxxxx.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support. Error status 0xc0000428. "

    xxxxx.dll is our injection dll which uses SetWindowsHookEx function. digit sign the dll does not help. please help!
    2019年7月24日 17:12

すべての返信

  • Hi,

    It seems the system file has been distroyed, try to run SFC /scannow command to scan the integrity of operating system files. 

    Or try to reinstall Microsoft remote assistance: 

    https://www.microsoft.com/en-us/download/details.aspx?id=50042

    If they cannot help, use Windows 10 installation media to do a repair upgrade: 

    https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install-winpc/how-to-perform-a-repair-upgrade-using-the-windows/35160fbe-9352-4e70-9887-f40096ec3085

    Best regards,

    Yilia 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    2019年7月25日 5:50
    モデレータ
  • Hi,

    Is there anything I can do for you?

    If you have any problems or concerns, please feel free to post here. 

    Best regards,

    Yilia


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • 回答の候補に設定 _clown_ 2019年9月4日 11:46
    • 回答の候補の設定解除 _clown_ 2019年9月4日 11:46
    2019年7月29日 7:59
    モデレータ
  • Hello Yilia,

    I have the same problem. 

    For me, the problem appears when some of the application installed on the system uses Windows HOOKs technology. I noticed that once application installs a Windows HOOK the msra.exe stops working. And the strange thing here is that using previous version of the Windows, e.g. 1803, 1809, etc. I do not see this issue, msra.exe works an expected. The only thing is that on the prev version of the Windows (1803,1809) the msra.exe doesn't load HOOK dll being installed. 

    Moreover, I'm pretty confident that the application that uses the Windows HOOKs is not a malware, as all the binaries are signed by trusted certificate. And all the other applications, even native Windows Applications such as mstsc.exe, notepad.exe, etc. loads the HOOK dll without any problem. I can see that from the Process Explorer tool.

    Could you please provide any help here?

    Thanks in advance,
    Best regards,
    Andriy 

    2019年8月30日 8:36
  • Hello Yilia, 

    Can this be something related to the changes done in WDAC in Windows 10 1903 ?

    Thanks,
    Andriy 

    2019年9月4日 11:46
  • Looks like KB4512941 where about to fix this problem, according to the description: 

    • Addresses an issue in which Windows Defender Application Control will not allow third-party binaries to be loaded from a Universal Windows Platform application. CodeIntegrity event error 3033 appears as, “Code Integrity determined that a process (<process name>) attempted to load <binary name> that did not meet the Store signing level requirements.” 

    But unfortunately it didn't. After installing this update I still see the issue. 
    Although, it appears I'm talking with myself, haven't had any reply from Yilia yet, this might be helpful for other folks who faced similar issue, and have no clue what is happening.

    Andriy

    2019年9月6日 6:48
  • We found that disabling UAC was causing this issue in v1903. We had a GPO/policy in place that set the following key:

    :: DISABLE UAC
    reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0x0 /f

    Once we enabled UAC again (set to 1 or removed the value) and restarted the machine we were able to use Remote Assistance (msra.exe).
    • 編集済み _Rhino_ 2019年9月12日 16:37
    2019年9月12日 16:29
  • Hi Yilia,

    I am experiencing the same issues as others on this thread have reported. Any help you can offer with this would be appreciated.

    It seems 1903 has added some form of DLL checking to msra.exe. Was this an intentional security change in 1903 and the behavior to be expected by msra.exe and potentially other applications owned by Microsoft?

    If this was a conscious change, what was added, specifically what DLL's are not allowed to be loaded? From my searching on the web several known vendors such as Team Viewer are also experiencing this issue. Are all non-Microsoft signed DLLs rejected?

    Unfortunately the UAC change suggestions made by _Rhino_ did not work for me.

    Andriy / _clown_,

    Were you able to get DLLs that did not contain any hooks loaded into msra.exe?

    Thanks,

    Nate


    • 編集済み _Crouton_ 2019年9月13日 13:24
    2019年9月13日 13:21
  • @_Crouton_

    Can you confirm the UAC virtualization status under Task Manager > Details (may need to add this column if not already there)?

    For us all processes were showing as Not allowed when we would have this issue. Playing around with UAC settings (change the slider, restarting) and then checking again we would then have multiple processes showing as Enabled/Disabled/Not allowed including msra.exe.

    We narrowed down our issue to the EnableLUA registry value being set to 0 where all processes under Task Manager would be set to Not allowed for UAC virtualization. If you don't have any luck with UAC but are finding all your processes set to Not allowed perhaps something else is causing this.

    2019年9月13日 17:13
  • @_Rhino_,

    Thanks for the suggestions. I appreciate your help with this.

    I have verified that different applications are set Enabled/Disabled/Not allowed. I tried changing several of the UAC registry keys, as well as manipulating the UAC slider and rebooting with each of those changes. Msra.exe is always shown as Disabled, and unfortunately none of the changes seem to prevent the error from popping up and allowing use of the application. Additionally, it seems like enabling UAC Virtualization for msra.exe through task manager only applies to the currently running instance. It does not stop the error from opening, and when closing the app and re-opening, the error occurs and the Virtualization state is back to Disabled.

    2019年9月16日 21:00
  • Yes. at least I can see that msra.exe load bunch of dlls. Moreover, I tried Spy++ application that also uses HOOK and it's dll is loaded by the msra.exe without any problem. Though Spy++ is Microsoft tool :) 
    • 編集済み _clown_ 2019年9月17日 19:43
    2019年9月17日 19:39
  • Sorry _Crouton_ for your continued issues. Honestly it was fortunate that we were able to resolve this issue by changing UAC settings as I did not expect that to have any bearing--we were just trying anything.

    It seems Microsoft may have changed things or is otherwise a defect in v1903. According to another user/post this is something Microsoft did not address with submitted bug reports.

    You may have success if following the steps outlined here:
    https://forums.stardock.com/496396/start10_64dll-error-windows-1903

    1) Open Settings
    2) Goto Update and security
    3) Pick Windows security and use the Open WIndows Security button
    4) Pick app and browser control
    5) Find Exploit protection and click exploit protection settings
    6) Click program settings
    7) Add a program, using by program name
    8) Enter msra.exe and click add
    9) Scroll down the list of options until you find "Disable extension points"
    10) Tick override system settings and then slide it to ON
    11) Apply and ensure msra.exe is not running via taskmanager


    2019年9月19日 15:10
  • @_clown_, yeah I was thinking that perhaps Microsoft signed (or somehow approved) DLLs were not causing the issue and only DLLs seen as "foreign" to msra.exe caused the issue.

    @_Rhino_ I did see that on the stardock forum but unfortunately that did not work for me either. I am not sure if my case is different because the software is using a driver or what.

    I used the Windows 10 Feedback Hub to create a case for this instance. I am not sure how active that is and if I will get a response, but if I get any information from Microsoft I will share it here.

    Thanks for the help @_Rhino_ and @_clown_, I appreciate the time both of you have spent assisting me.

    2019年9月23日 12:16
  • Hello, @_Rhino_, thank you for sharing the solution above, it has solved my problem. At least I haven’t heard anyone complains yet. And again very strange behavior with msra.exe app. After adding changes provided above, the msra app starts. And my HOOK dll is not loaded into it :) the same as it works on e.g. 1803. It is not that I need it there, but it is strange. Why would it check the dll if it does not load it!
    • 編集済み _clown_ 2019年9月25日 17:08
    2019年9月25日 17:08