Hi Jan, Thanks for your reply. The problem as described in the Technet forum article you gave seems to be not related: this is about CERTIFICATE PINNING, and in my case it is related to SimExecFlow. I dont have problems with any of the other applications that are mentioned in the Technet article.
In the EMET 5.2 User Guide SimExecFlow is described as "Simulate execution flow: This feature tries to detect ROP gadgets following a call to a critical function" and ROP is "Return Oriented Programming". There are some Windows Application Events logged when EMET blocks PSPad: xxxxxxxxxxxxxxxxxx Logboeknaam: Application Bron: EMET Datum: 16-03-15 22:45:38 Gebeurtenis-id:2 Taakcategorie: Geen Niveau: Fout Trefwoorden: Klassiek Gebruiker: n.v.t. Computer: W7SSD Beschrijving: EMET detected SimExecFlow mitigation and will close the application: PSPad.exe SimExecFlow check failed: Application : C:\Program Files (x86)\PSPad editor\PSPad.exe User Name : W7SSD\Ed Session ID : 1 PID : 0x1134 (4404) TID : 0x107C (4220) CodeAddress : 0x006FCBAA CodeStackPtr : 0x38F9C8 CalledAddress : 0x76D54327 API name : kernel32.VirtualProtect StackPtr : 0x0038F9B4 FramePtr : 0x38F9DC xxxxxxxxxxxxxxxxx Logboeknaam: Application Bron: Application Error Datum: 16-03-15 22:45:40 Gebeurtenis-id:1000 Taakcategorie: (100) Niveau: Fout Trefwoorden: Klassiek Gebruiker: n.v.t. Computer: W7SSD Beschrijving: Naam van toepassing met fout: PSPad.exe, versie: 4.6.0.2653, tijdstempel: 0x54fd83dd Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000 Uitzonderingscode: 0xc000001d Foutoffset: 0x00000000 Id van proces met fout: 0x1134 Starttijd van toepassing met fout: 0x01d060328a70ca9d Pad naar toepassing met fout: C:\Program Files (x86)\PSPad editor\PSPad.exe Pad naar module met fout: unknown Rapport-id: c94e05a0-cc25-11e4-b5a0-001cc0fac263 xxxxxxxxxxxxxxx This is on a Dutch language version of Windows 7, so some Event wording is in Dutch. If you need it, I can translate it into English. Regarding the OpenSSL dlls: I already removed these before, because I don't need them for PSPad, and you already mentioned that PSPad starts faster without them. As a test I copied them back in the PSPad folder (OpenSSL version 1.0.2), but it does not make a difference. Of course I can understand that you don't have the time to study this in depth, and it is simple to solve by disabling the SynExecFlow option in EMET. But if you want me to do some testing, please let me know. -- <http://forum.pspad.com/read.php?4,64593,64603> PSPad freeware editor http://www.pspad.com
