Hello, anybody has any comment about this stackoverflow topic I posted just now? I've been suffering for quite something and end up asking for help online. In short, when Delphi XE4 is running, something when I install new software, an error message saying something like "rtl180.bpl is missing" will keep showing up - even I close it it will still keeping showing up up to dozens of times until the installation is completed. This is very strange to me, because the IDE is not supposed to hijack/inject into my computer. Thanks in advance.
Hello, anybody has any comment about this stackoverflow topic I posted just now? I've been suffering for quite something and end up asking for help online. In short, when Delphi XE4 is running, something when I install new software, an error message saying something like "rtl180.bpl is missing" will keep showing up - even I close it it will still keeping showing up up to dozens of times until the installation is completed. This is very strange to me, because the IDE is not supposed to hijack/inject into my computer. Thanks in advance.
http://stackoverflow.com/questions/42361002/is-the-delphi-ide-hijacking-my-system
http://stackoverflow.com/questions/42361002/is-the-delphi-ide-hijacking-my-system
Does it happen when you install any software or just a specific piece of software? If the IDE is not running, I presume that the error does not occur, based upon your description?
ReplyDeleteAt least older times you could I install Delphi adsystem default debugger. Just pondering could you got Delphi installed that way and it is not working properly and system would try to start up Delphi on every program crash etc. But not sure, just first thing came into my mind
ReplyDeleteMartyn Spencer Only when installing a set of software, a dozen of them over the year, IIRC, and I haven't found any specific characters that share among them that might cause this issue, I'm sure the installers in question are not written in Delphi.
ReplyDeleteIf it is independent from the environment actually running, then it could well be as Tommi Prami suggests, that for some reason the Delphi debugger has been registered as the system debugger and the registration has become corrupted for some reason. A quick search would tell you how to reset your Windows debugger to the default.
ReplyDeleteAlternatively, are you sure that there is no other software that has been written using Delphi that is running and in any way hooking into installation events? By "other software", do include the possibility of malware, in addition to anything you may have installed yourself.
Run something like "process monitor" and have it log all activities of all processes, up until to the error message, dump that to a file and then start filtering the dump for patterns related to rtl180.bpl
ReplyDeletetechnet.microsoft.com - Process Monitor
Jeroen Wiert Pluimers good idea, will try it.
ReplyDeleteThe IDE does not hijack. Just to be clear :)
ReplyDeleteIt's an odd error. My guess would be something to do with the system path changes you've made, or another Delphi-written app that is having problems. All the comments above are excellent suggestions about tracking it down.
What OS version? What happens if you rename the rtl180.bpl that is in the Delphi IDE's program files\embarcader\xx.0\Bin folder?
ReplyDeleteThe app which is messing up is loading an incorrect/incompatible DLL version.
Senad Zeco Yes, it does.
ReplyDeleteWarren Postma I'll try all your advises over the weekend, thanks!
ReplyDeleteUpdate 2017-02-22: Checked the registry and I don't have a system default debugger.
ReplyDeleteUpdate (B) 2017-02-22: I followed Jeroen Wiert Pluimers advises, and found something - I upgraed putty.exe today, and this error happens again (only when the Delphi IDE is running), and ProcessMon tells me that putty.exe would create the file called `C:\Users\Public\Documents\RAD Studio\11.0\Bpl\rtl180.bpl`, which is missing from my computer, why this strange behaviour? For details please check my "update 2" section in the SO topic in question. Any thoughts?
ReplyDeleteSomeone already noted that rtl180.bpl is not shipped with your version of Delphi. Can you confirm this to be the case? When Delphi starts, does it in any way attempt to access or create this file, anywhere? If it does, you need to find out why. The fact that the problem only happens when the IDE is running implies that there is some file based conflict as soon as you run an installer.
ReplyDeleteMy original comment still holds true. Have you scanned your machine for malware? If your version of Delphi does not introduce rtl180.bpl then something else does. I doubt that every installer that manifests the problem is written using Delphi, so you have to consider that there is something that does rely upon it that is behaving this way.
The other thing to consider is that you may have a perfectly legitimate application that hooks into install events but that for some reason your anti-virus program may have quarantined the rtl180.bpl at some point in time and so it is having problems. I am not sure why it would be trying to create the file in your Delphi install directory but without more information, it makes me feel a little suspicious.
Before you go any further, just check your machine thoroughly for anything nefarious. You did not say that you had followed this piece of advice. Personally, I would remove the HDD and scan it in a different machine (using the necessary precautions, naturally).
Martyn Spencer Thanks for the help. rtl180.bpl DOES belong to XE4, I already replied about that and a google search would provide proves (https://www.google.com/search?q=Delphi+xe4+%22rtl180.bpl%22). Re, Malware, I'm scanning the PC now, so far drive C is ok, still in progress. However I'm quite confident that my PC is clean, I use MS Security Essentials. I used to use paid anti-virus software, but over the years I've learned that MSE is enough since I've learned a lot about protecting the computer over the years.
ReplyDeleteHave you used Process Explorer to see what's happening for the affected apps? For example, is a DLL being injected? Usually foreign DLLs are fairly obvious by name or path. The file and handle activity might give some clues too.
ReplyDeleteEdwin Yip
ReplyDeleteMy suggestion is more as a process of elimination rather than suggesting that you don't follow good practices.
If the file does belong to that version of Delphi, then it is possible that something is attempting to change replace it while the IDE is operational. The question still remains what. David Millington's suggestion and those of others should also be followed. You need to know what is attempting to make the changes and why.
I read on one of the MS forums that sometimes AV programs can consider the bpl to be part of a malware application and so attempt to quarantine it. Is there a possibility that this is happening at some stage during the installation?
Martyn Spencer Thanks for your patience. I was planning following all the advises provided here during the weekend, but it's just that today, the very same error also happens when running (*not installing*) putty, which is a very well-known app and it's not written in Delphi, so I couldn't wait and tried the method advised by Jeroen Wiert Pluimers... I'll try the others ASAP.
ReplyDeleteThe difficulty here is that the problem does not appear to be as originally described. Initially, you said that it only happens when you attempt to install an application. Now you say it is when an application runs.
ReplyDeleteAt this stage, I would be pulling the drive from my machine (assuming it is not a VM) and scanning it. There is no guarantee that anything will be found, but at least you exclude the possibility of anything known.
The behaviour is distinctly odd. Once I had excluded the possibility of anything nefarious, I would proceed with David Millington's suggestion re Process Explorer etc.
Martyn Spencer Yes, it's odd, so I'm asking for insights here :) I've scanned with the latest MS Security Essentials, no malware were found. I'll hunt the culprit with the systernal tools soon, and will report back here when something's found. Thank you all guys!
ReplyDeleteBeing slightly more positive than Senad Zeco, I would choose a package with a better detection rate and do make sure that you don't scan using the Windows installation that exhibits the behaviour. Also search with specific malware protection tools. Sometimes AV software is not good at picking up some forms of malware.
ReplyDeleteFound the cause of the issue - I have an installed IDE expert modified from the earlier version of the Delphi IDE Colorizer by @RRUZ, for enlarging the font size of the editor tabs, because the IDE didn't work well with large system DPI settings (http://stackoverflow.com/questions/8238239/how-to-change-the-font-size-of-the-editor-tabs-in-delphi-2010-ide).
ReplyDeleteAfter disabled the above mentioned expert, the issue gone away. There must be something related to system injection that went wrong. I'll try to figure out how to modify it.
Thank you for all the help.
How did I find the source of the problem: Using the Process Monitor tool by Sysinternals, as suggested by Jeroen Wiert Pluimers.