|libove||EMET - which process/thread is it killing?|
|28th Oct, 2010 10:15|
User Since: 12th Feb, 2008
System Score: N/A
I use the obsolete ACDSee Photo Editor v3.1. Unfortunately, EMET doesn't like it. Even more unfortunately, it's not as simple as just adding the ACDSeePhotoEditor3.exe to EMET's list of configured applications and opting that .exe out of all EMET protections.
Environment: Windows 7 Pro & Ultimate, 64-bit.
I first noticed the problem on my Ultimate 64-bit desktop system, then reproduced it in a clean Pro 64-bit VMware guest.
The specific symptom with ACDSee Photo Editor 3.1 when DEP is enabled is that, though ACDSee Photo Editor 3.1 will open (with a blank image), any attempt at all to open any .JPG image causes ACDSee Photo Editor 3.1 to incorrectly report "The file filename.jpg is corrupt and causing plug-in errors."
The only way I got ACDSee Photo Editor v3.1 to run on a system with EMET enabled at all, was to *globally* set DEP in EMET to either disabled or application opt-in.
A blank image can be created in ACDSee Photo Editor 3.1 (blank images have no file type by default in this program).
An image which started out as a .JPG in another program can be pasted in to ACDSee Photo Editor 3.1.
Any attempt to save any image (no matter its origin) as a .JPG triggers "An error occurred while saving the image. The Image was not saved."
The same image can be saved as .GIF and .BMP.
Trying to save as .JP2 causes-
"Unrecoverable Plug-in Error" "C:\Program Files (x86)\Common Files\ACD Systems\PlugIns2\IDE_JP2.apl" "ACD Photo Editor has detected that this plug-in has committed an unrecoverable error. Execution of the plug-in code has been terminated." (followed by the same "An error occurred while saving the image. The Image was not saved." from above)
n.b. that these failures only result in the report of the plugin or save error, but do not crash ACDSee Photo Editor 3.1 itself.
All of this suggests to me that it is not specifically the ACDSeePhotoEditor3.exe itself which is tripping on DEP, but rather something else that it is calling - the various image type plugins.
And on that point, I am lost as to how to find the specific piece of code that I can identify to EMET for which to disable DEP.
Could someone here give me a hint please on how to figure out what, associated with ACDSeePhotoEditor3.exe, is tripping over DEP, so that I can selectively opt-out just that component from DEP, instead of having to leave most applications un-protected by DEP just in order to get this one app to work?
|M.Hansen||RE: EMET - which process/thread is it killing?|
|28th Oct, 2010 10:47|
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
I'm not familiar with the use of the ACDSEE programs, so I won't be able to help you technically.
However, in case you haven't, you could try to seek help at the ACDSEE community forum:
|ddmarshall||RE: EMET - which process/thread is it killing?|
|28th Oct, 2010 12:46|
User Since: 8th Nov 2008
System Score: 98%
Last edited on 28th Oct, 2010 12:56
|You can make a system trace using Sysinternals Process Monitor
There is a video tutorial on using this available from
I'm not sure that opting out at the application level will work if you have system wide DEP set. You can email the authors at firstname.lastname@example.org for advice.
Some more information which might help you understand what's happenning (pre WIndows 7 but Vista part should be relevent)
This answer is provided “as-is.” You bear the risk of using it.
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.