Crash on Program Start: Windows Update KB2533623


Faulting application bpftpserver-2011.exe, version 2011.1.0.71, time stamp 0x4e8f8103, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc000001d, fault offset 0x03094c99, process id 0x818, application start time 0x01cc9567a0e85aad

We’ve experienced some random crashes, at start-up in the program that have been found to be related to a patch from Microsoft Update with Microsoft Security Advisory: Insecure library loading could allow remote code execution (KB 2533623).

Technically, this patch prevents the loading of external DLL’s without a fully-qualified-path to the DLL. Unfortunately, we utilize a virtualized DLL that is loaded at program start that does not load a DLL-file on the system, so it can fail when KB2533623 is applied to this system.


Is KB2533623 installed on my installation of Windows?

Windows GUI: You can list all of the updates for your installation of Windows from the following location:

Alternatively, Internet Explorer can take you there with the following:
http://go.microsoft.com/fwlink/?LinkID=3326

Windows CLI: Alternatively you can execute the following at a command-line:

C:\Users\myusername> wmic qfe list | find "2533623"
http://support.microsoft.com/?kbid=2533623 MYCOMPUTERNAME Update KB2533623 MYCOMPUTERNAME\myusername 7/15/2011


How do I uninstall KB2533623?

Windows GUI: You can uninstall individual updates from Microsoft by loading the following:

Right-Click and select "Uninstall"

Windows CLI: If you are using Windows 2008 R2, you can then uninstall it from the command line using the WUSA.EXE command. (If you aren’t using Windows 2008 R2, you’ll need to use the above GUI method).

C:\Users\myusername> wusa /uninstall /kb:2533623

HOWTO: Overridding the Storage-Path for Settings, Users and Groups

The latest version of BulletProof FTP Server (by default) stores everything related to the program’s operation, including “Settings, Users and Groups” in the non-roaming, local user storage location %LOCALAPPDATA%. This allows for a constant, microsoft certified location for the storage of files and settings related to a program. This path is user-specific, in that, it is private to the OS-USER that you use to login to Windows. In some environments, you may want to change this location to something that complies with your own standards .. or perhaps you would like to run the SERVICE as a different user than the GUI.

Starting with BulletProof FTP Server v2010 (including later versions), the path for storing the “Settings, Users and Groups” was changed as a result of security improvements to Windows (starting with Vista). Previously, the BulletProof FTP Server stored everything in the “Installation-Directory” for the software. However, with the development of User-Access-Control (UAC) in Windows Vista/2008, the storage-path for these files were redirected to the Virtual Store. This redirection of file-writes to now protected paths, such as the %ProgramFiles%, proved to be very cumbersome of difficult for our customers to manage. For this reason, we embraced the new location Microsoft has specified and developed the ability to OVERRIDE it for customers that wanted to retain control of this location.

Table-Listing of Storage-Locations over the past several versions of BulletProof FTP Server:
Q: Can I backup the Settings, Users and Groups?

In the following example, you are stepped through the process of “Overriding the Storage-Path” in the program and the subsequent process that BulletProof FTP Server goes through to migrate the files containing the “Settings, Users and Groups”. Please note, this process can also be used to restore a backed up copy of your files.

Frequently Asked Questions (FAQ)

Q: We are running an older version of BulletProof FTP Server. If we upgrade to your latest version, will our configuration/user list/etc. transfer from our old version?
Q: Can I backup the Settings, Users and Groups?
Q: Can BulletProof FTP Server run as a Windows System-Service?
Q: My customers can’t login to BPFTP Server!
Q: My customers can login, but they can’t get a directory-listing!
Q: Do I get a discount for upgrading or renewing my previous order?
Q: I purchased BulletProof FTP Server a few years ago and I lost my key. Can you resend it?


 

Q: We are running an older version of BulletProof FTP Server. If we upgrade to your latest version, will our configuration/user list/etc. transfer from our old version?

A: YES! Absolutely. Everything is stored in INI files (settings, users, groups, etc), when the current version of the software is installed; it will go out and look for these files in the default locations for previous versions. If anything is found, the program will prompt you and ask if it’s ok to migrate these files to the current version.

FAQ: Can I Upgrade and retail all my Users, Groups and Settings?

 

Q: Can I backup the Settings, Users and Groups?

A: YES! You just need to make sure the program is not running when you backup the files. For a list of the default storage-locations for these files, please see the URL below:
http://blog.builtbp.com/2011/12/faq-where-does-bpftp-server-store-the-users-groups-and-settings/

 

Q: Can BulletProof FTP Server run as a Windows System-Service?

A: YES! The latest version includes very tight support for running BulletProof FTP Server as a Windows System-Service. Please see this guide:
HOWTO: Windows System-Service
Windows System Service: Logon As Service

 

Q: My customers can’t login to BPFTP Server!
Q: My customers can login, but they can’t get a directory-listing!

A: The machine is most likely firewalled. This means there’s a physical-device which is acting as a firewall (aka NAT/Firewall/Router/WiFi,etc) and/or Windows Firewall and/or (some other) Internet Security that is protecting the computer.

In order to run BulletProof FTP Server in a secure environment, you *MUST* configure PASSIVE-MODE and open at least two tcp/ip ports to allow full functionality. These two ports are called:
Control-Port (default tcp/ip 21) provides the ability for the ftp-client to login and issue commands
Data-Ports provide a conduit for the ftp-client to connect to the ftp-server for file-transfers, directory-listings, etc

HOWTO: Windows Firewall and BPFTP Server 2011
HOWTO: Setting up NAT/Passive/Firewall Support
FTP Server Firewall Ports and Tester

 

Q: Do I get a discount for upgrading or renewing my previous order?

A: YES! You can get the discount coupon-code and instructions from our website under the Members section of our website (see below) or you can email us with the customer information used on the previous order and we can send it directly to you.

Please also see:
FAQ: My License-Code doesn’t work in the Latest Version

 

Q: I purchased BulletProof FTP Server a few years ago and I lost my key. Can you resend it?

A: PERHAPS: First, we need you to send the customer information for the previous order. This will allow us to look it up and see what length of Update/Support Protection with Download Locker was purchased. If it’s within the period you purchased, we can quickly issue a new key and send it to you. If it’s expired, then we can send you a discount coupon-code for renewal.

You can see all of your orders and the Update/Support Protection with Download Locker by logging into the Members section of our website. If the term is expired, you an also get a coupon-code for renewal in this same location. If you are having troubles logging into the Members section of the website, please Contact Us and include your question and customer-information used on the previous order.

HOWTO: Windows System-Service

BulletProof FTP Server 2011 can also run as a Windows System-Sevice, allowing you to serve up ftp-content from your computer without having to login to the system. This is a very handy feature for businesses that rely upon a FTP-Server to communicate with customers, receive files from automated processes or just-plain access your HOME computer from WORK.

Setting up Windows System-Service Support is very easy, but it does mean a little-bit of leg work on your end to satisfy Microsoft Windows’ security.

Click on a thumbnail to expand the image and see more information and instructions.

HOWTO: Upgrade your license from HOME to CORP

First, thank you very much for upgrading to the CORP version! Your support helps to fund development and keep new versions coming out with the same pace of changing technology!

Second, you’ll need to remove the previous license from the computer. This is done by:

  • Launch the GUI version of BulletProof FTP Server for Windows
  • Clicking the “About” button
  • Now, hold down Ctrl + Shift + Alt and Left-Click the section labeled “Licensed for Use”
  • Click “Yes” to confirm removing the license
  • Then click the “Enter Key” dialog after the program terminates
  • FIX: “Out of Memory” or “Low GDI” with BulletProof FTP Server

    Is BulletProof FTP Server for Windows crashing when you first run it? You might have it freeze during “Loading” or a “Crash Report” comes up saying “Out of Memory”…

    Don’t worry! It’s most likely a problem with running out of GDI-Handles in your installation of Windows…

    You may receive an “Out of Memory” error message because of the desktop heap limitation in Windows Vista or in Windows 7
    http://support.microsoft.com/kb/947246

    “Out of Memory” error message appears when you have a large number of programs running
    http://support.microsoft.com/kb/126962

    NOTE: You CANNOT have the /3GB option specified in the bootloader, this is often used on Exchange Server installations. (MORE INFO)

    This GUIDE will help illustrate the steps to increase the amount of memory..

    Vista Hands On #17: Solving a pesky resource problem
    http://www.zdnet.com/blog/bott/vista-hands-on-17-solving-a-pesky-resource-problem/269

    SharedSection & Max Number of Open Windows on XP & Vista
    http://www.mycsharpcorner.com/Post.aspx?postID=50

    Windows XP flakiness – solved
    http://weblogs.asp.net/kdente/archive/2004/06/04/148145.aspx

    Registry setting keeps Windows from wigging out when you open lots of IE7 tabs
    http://weblogs.asp.net/jgalloway/archive/2008/01/14/registry-setting-keeps-windows-from-wigging-out-when-you-open-lots-of-ie7-tabs.aspx

    INCREASING USER HANDLE AND GDI HANDLE LIMITS
    http://weblogs.asp.net/mikedopp/archive/2008/05/16/increasing-user-handle-and-gdi-handle-limits.aspx

    Many Thanks to AlexanderL for helping to discover a resolution to this problem!

    Windows System Service: Logon As Service

    Microsoft is known to be one of the most security (gui) operating-systems on the ‘net. For us old salts, we know it certainly didn’t start that way. Over the last decade, Microsoft has made tremendous strides… but with that comes added levels of complications.

    Take running BPFTP Server as a Windows-System-Service, one of the most common technical-support questions (second to Firewall settings )… It’s a complicated issue.

    In order to run BPFTP Server as a Windows-System-Service, you must give it a USER/PASSWORD to run under. In BulletProof FTP Server 2011, this is done under:

    Management -> Server Settings -> Auto-Start (tab) -> Auto-Start: Windows System Service

    Or, You can change it directly from Windows in:

    Windows Start -> Control Panel -> Administrative Tools -> Services -> BulletProof FTP Server 2011 -> right-click for "Properties" -> "Logon" (tab)


    NOTE: This USER/PASSWORD needs to be the same one you run the GUI version as, since the Settings, Users and Groups are all stored in:

    "%LOCALAPPDATA%\BulletProof Software\BulletProof FTP Server\2011\"

    NOTE: You can get around this, by overriding the “default storage-path” in BulletProof FTP Server 2011 under the following:

    Management -> Server Settings -> General (tab) -> Adv Settings -> Override Storage-Path


    Which brings us to the permission “Logon as Service”… The magically permission that the OS-USER needs to have in Windows in order to run BulletProof FTP Server 2011 as a Windows System Service.

    Microsoft: Logon as Service
    http://technet.microsoft.com/en-us/library/cc739424(WS.10).aspx

    HOWTO: API/CLI into BPFTP Server

    BulletProof FTP Server is an excellent FTP Server for Windows. With the recent development efforts in v2011, we thought it would be a good time to introduce some of the command-line-switches (CLI) for managing BPFTP Server from external programs, web-sites, scripts, etc.

    NOTE: At times you’ll see BulletProof FTP Server for Windows referred to as “BPS”.

    Let’s first start with a brief explanation of the binaries distributed with BulletProof FTP Server for Windows (BPS):

    The default installation location for the program is located in the following location:
    %PROGRAMFILES%\BulletProof FTP Server\

    Depending on your version of Windows, %PROGRAMFILES% is expanded to the following for 32-Bit and 64-Bit versions of Windows:
    C:\Program Files\BulletProof FTP Server\
    C:\Program Files (x86)\BulletProof FTP Server\

    Investigating this location will yield the following executables:
    bpftpserver.exe – Main executable for the program
    bpftpserver-adduser.exe – CLI to manipulating the User & Group Database
    bpftpserver-service.exe – responsible for controlling BPS when it’s running as a Windows System Service
    CSDispatcher.exe – used with “remote debug” for sending log-messages to our remote-server

    MAIN EXECUTABLE

    bpftpserver.exe [OPTION]

    -reload
    Will cause the running instance of BPS to reload the settings, users and group information.

    -online
    Take BPS online and ready for incoming connections.

    -offline
    Take BPS offline and disable the listener from answering incoming connections.

    -exit
    Terminate BPS and stop it’s execution on the system. All users will be forcibly disconnected.

    -close
    Keep BPS online and all active-connections maintain, but disable the listener; resuling in no *new* connections accepted.

    -open
    Renable the listener, allowing new connections to be accepted.

    -startlogging
    Start logging to the log-file defined in the software.

    -stoplogging
    Stop logging to the log-file.

    -kickall
    Kick all currently connected users off of the server.

    -stat
    Regenerate the statistics files for users in the system.

    CLI ADDUSER

    BulletProof FTP Server command-line utility 'bpftpserver-adduser.exe'
    Copyright (c) 1998-2015 BulletProof Software LLC, All Rights Reserved.

    Command-line utility to manipulate the USER and GROUP database for BulletProof FTP Server.

    Usage: bpftpserver-adduser.exe [OPTION]…

    Bulk Import (moreNew in Version 2013.1.0.7 – 2013-JUNE-26
    –bulkimport=FILENAME.CSV
    –bulkimport-help (reports a list of fields supported for CSV import)
    –bulkimport-help-as-html (output HTML version of –bulkimport-help

    -list=USERNAME[*,?]
    -name=ACCOUNTNAME
    -enabled
    -disabled
    -login=USERNAME
    -group=GROUPNAME
    -pswd=PASSWORD
    -crypt
    -access=PATH,ACCESSRIGHTS
    -loginmsg=FILENAME
    -speedlimit=[0,1]
    -speedrcv=BYTES-PER-SECOND
    -speedsnd=BYTES-PER-SECOND
    -banfile=FILEMASK[,FILEMASK2,FILEMASK3,…]

    Access = R(ead) W(rite) D(elete) A(ppend) M(ake) L(ist) S(ubdir) K(delete dir)

    First -access will be Home Directory

    Example :
    C:\Program Files (x86)\BulletProof FTP Server\bpftpserver-adduser.exe -name=newuser -enabled -login=newlogin -pswd=newpass -group=demogroup -loginmsg=c:\login.txt -access=c:\ftproot\,RLS -banfile=+*.jpg,+*.gif

    Some explanation of the behavior is important, specifically the “-access” parameter. In the above example the login of “newlogin” for the account “newuser” is given the directory of “c:\ftproot\”

    We’ll break down the command-line, piece by piece

    -name=newuser
    While initially confusing, there’s a difference between an “account-name” and the “login-name”. The account-name refers to a “user-friendly” name for the account, such as “upstairs accountant” and “log-name” is the actual login that used to access the ftp-server; such as “accountant”.

    -enabled
    Will enable the account for login

    -login=newlogin
    The login-name for the user to use to access the ftp-server (see above not for -name)

    -pswd=newpass
    The password for the login

    -group=demogroup
    If the account belongs to a group, you can specify the name of the group (OPTIONAL)

    -loginmsg=c:\login.txt
    Will send a user-specific login-message via the protocol to the user after logging in (OPTIONAL)

    -access=c:\ftproot\,RLS
    Will add an access-right for the account to the directory c:\ftproot\ with the privledges of (R)ead,(L)ist,(S)ubdir . The first access-right specified will be the HOME-DIRECTORY for the user. Additional access-rights can be defined by use the “-access” parameter again. If you are specifying a user-account that already exists, then all access-rights for the account will be deleted and given the access-rights that you define here.

    -banfile=+*.jpg,+*.gif
    Will add a file-mask of files that the user-account is prohibited from uploading or downloading. (OPTIONAL)

    HOWTO: Getting Started Video-Guide for BPFTP Server

    Great “Getting Started Guide” for BulletProof FTP Server.. the intention of the video is to get the product up an running with Yokogawa DAQMaster MW100; but it’s a great primer!

    YouTube:
    http://www.youtube.com/watch?v=SLTAo1pDTe4

    NOTE: The version used in the video is 2010, but the UI is very familiar to 2011 and you won’t have a problem following it.

    HOWTO: Windows Firewall and BPFTP Server 2011

    Windows Version: Windows Server 2008 R2, Windows Server 2008, Windows 7/Vista

    By default, the latest versions of Windows protects your computer with the Windows Firewall with Advanced Security, effectively blocking access to your computer from the internet and would-be hackers (Getting Started Guide).

    However, this also prevents ftp-clients from accessing your installation of BulletProof FTP Server 2011 unless you “open the firewall” to allow access. This means, you must open at least two ports; one for the control-connect and 1 (one) data-port for every concurrent connection to the ftp-server.

    NOTE: It’s very common for people to think that only 1 (ONE) port is needed for FTP (default tcp/ip port 21). However, this is NOT the case as you need to define data-ports in order to support Passive-Mode (PASV).


    Configuring the Windows Firewall and BPFTP Server 2011 is very simple, but it takes a few steps. Below, we’ve broken down the process:
    1) Configure BPFTP Server 2011 for NAT/Firewall and Passive-Mode (PASV)
    2) Open the Windows Firewall up for the BPFTP Server 2011
    3) Open the Windows Firewall up for the Control-Connection
    4) Open the Windows Firewall up for the Data-Ports (Passive-Mode aka PASV)
    5) Completed Entries in Windows Firewall

    LASTLY: Be sure to run your installation through our Firewall Tester. After providing the IP/Host, Port, User and Password for your installation, this tester will simulate a ftp-user can connect to your BPFTP Server. Please use it!
    http://bpftpserver.com/products/bpftpserver/windows/test/firewall

    NOTE: If you are running any Anti-Virus or Internet-Security software on your computer (McAfee, Norton, etc) you may also be protected by yet-another-software-based-firewall. Please consult the documentation that came with your software for opening up firewall-ports.

    NOTE: Almost everyone has a hardware-based NAT/Firewall router in their network topology. For Home Users, this is usually your WiFi-Router. Please look into the documentation that came with your hard-based NAT/Firewall router for information on opening firewall-ports.

    Step-by-Step Directions


    BPFTP Server - NAT/Firewall Configuration
    Step #1.1: BPFTP Server - NAT/Firewall Configuration

    BPFTP Server - Use DNS for PASV
    Step #1.2: BPFTP Server - Use DNS for PASV

    BPFTP Server - Use Static IP for PASV
    Step #1.3: BPFTP Server - Use Static IP for PASV

    BPFTP Server - Configure Data-Ports
    Step #1.4: BPFTP Server - Configure Data-Ports

    Back to Top

    2) Open the Windows Firewall up for the BPFTP Server 2011

    Open Windows Firewall
    Step 2.0: Open Windows Firewall

    Create New Firewall-Rule
    Step 2.1 Create New Firewall-Rule

    Choose Firewall-Rule Type
    Step 2.2: Choose Firewall-Rule Type

    Browse for Program
    Step 2.3: Browse for Program

    Choose Program-Path
    Step 2.4: Choose Program-Path

    Confirm Program-Path
    Step 2.5: Confirm Program-Path

    Choose Allow
    Step 2.6: Choose Allow

    Select Firewall Domain
    Step 2.7: Select Firewall Domain

    Name Firewall-Rule
    Step 2.8: Name Firewall-Rule

    Back to Top

    3) Open the Windows Firewall up for the Control-Connection

    Open Windows Firewall
    Step 3.0: Open Windows Firewall

    Create New Firewall-Rule
    Step 3.1: Create New Firewall-Rule

    Choose Firewall-Rule Type
    Step 3.2: Choose Firewall-Rule Type

    Specify Port for Control-Connection
    Step 3.3: Specify Port for Control-Connection

    Choose Allow
    Step 3.4: Choose Allow

    Select Firewall Domains
    Step 3.5: Select Firewall Domains

    Name Firewall-Rule
    Step 3.6: Name Firewall-Rule

    Back to Top

    4) Open the Windows Firewall up for the Data-Ports (Passive-Mode aka PASV)

    Open Windows Firewall
    Step 4.0: Open Windows Firewall

    Create New Firewall-Rule
    Step 4.1: Create New Firewall-Rule

    Choose Firewall-Rule Type
    Step 4.2: Choose Firewall-Rule Type

    Specify Port for Data-Ports
    Step 4.3: Specify Port for Data-Ports

    Choose Allow
    Step 4.4: Choose Allow

    Select Firewall Domains
    Step 4.5: Select Firewall Domains

    Name Firewall-Rule
    Step 4.6: Name Firewall-Rule

    Back to Top

    5) Completed Entries in Windows Firewall

    Completed Entries in Windows Firewall
    Step 5: Completed Entries in Windows Firewall

    Back to Top