Avast and LSP

I’ve build an ifs LSP.
I’ve noticed that using avast it doesn’t work.
I’ve found that when the avast is enabled the WSPSelect return only after timeout.
If I disable the avast with “Arresta la protezione all’avvio” it return working ok.

Can you help me?

I need to debug a Layered Service Provider that won’t work with the avast Web Shield active, but i can’t get windbg attach to the ashWebSv.
What can i do?

I’m afraid you’ll have to wait for Lukor, the main WebShield developer - but if you could say something more about the LSP (what does it do, etc.), it might be easier for him to give you some useful info.

My LSP is IFS.
It intercept some Winsock function like:
WSPConnect
WSPSend
WSPRead
WSPAccept
WSPSelect
and more.
I can’t understand if it is a problem of my LSP because i can’t attach windbg to ashWebSh.
I only know that is a problem related to Avast, because if i disable this protection, my lsp macigally return to work.

I’ll remain in waiting.

Hi,

to debug WebShield, you must disable avast self protection - in Settings / Troubleshooting.

WebShield however waits in WSPSelect only for a short time, 30 secs I think, then it ends with timeout, do some of its processing and re-accepts - select( ) again. So unless you are not seeing the accepts when they really happen - e.g. you browse - seeing these timeouts from wspselect in webshield is perfectly normal.

Cheers,
Lukas.

Attaching WinDbg to ashWebsv, after the return from the wsprecv of my lsp i can see on the command output this message:

(1594.1678): C++ EH exception - code e06d7363 (first chance)

It is repeted after every wsprecv.
The only think that change in the message is the number after the dot (1678) that is always different from precedent wsprecv.

What this message mean?
Is an error caused by the avast? Or is my lsp that is causing an error to avast? If yes what i can do?

C++ exception has occurred means exactly what it says ;D – if it is not in your code, it’s in webshield’s. It shouldn’t bother you if you don’t want to handle it - which I doubt you can from the LSP and would interfere with the software your module is loaded (e.g. WebShield ). Since your module (LSP) is going to load into every process I don’t think it is any good to tailor it specifically for WebShield. If there is something specific you would like to solve by this and want help understanding what’s happening there - you can write me an email, but I don’t think we should continue to debug here on the forum.

Cheers,
Lukas.