gpt4 book ai didi

windbg - 如何使用 windbg 对无法启动的可执行文件进行故障排除?

转载 作者:行者123 更新时间:2023-12-01 15:00:30 28 4
gpt4 key购买 nike

Intel Power Gadget该工具无法在我的系统上运行,我正试图找出原因。它是运行 Window 8.1 x64 的 Core i7-720QM。 AIDA64 可以很好地读取 CPU 温度,但我什至无法启动 Intel Power Gadget。没有 window 打开,什么也没有发生。它在不同的计算机上工作正常。

我尝试附加 windbg,但导致可执行文件失败的原因并不明显。我一直没能找到说明如何对无法启动的可执行文件进行故障排除的 windbg 教程。

在下面的输出中,我设置了一个断点并按照用户 blabb 的建议转储了堆栈。 .有什么想法吗?

0:000> .symfix
0:000> .restart
CommandLine: "C:\Program Files\Intel\Power Gadget 3.0\IntelPowerGadget.exe"

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is: srv*
ModLoad: 00007ff6`800f0000 00007ff6`80178000 IntelPowerGadget.exe
ModLoad: 00007ff9`82ab0000 00007ff9`82c5c000 ntdll.dll
ModLoad: 00007ff9`80480000 00007ff9`805be000 C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ff9`7fcd0000 00007ff9`7fde5000 C:\Windows\system32\KERNELBASE.dll
ModLoad: 00000000`550e0000 00000000`55643000 C:\Windows\SYSTEM32\mfc100u.dll
ModLoad: 00000000`55920000 00000000`559f2000 C:\Windows\SYSTEM32\MSVCR100.dll
ModLoad: 00007ff9`80820000 00007ff9`80997000 C:\Windows\system32\USER32.dll
ModLoad: 00007ff9`82450000 00007ff9`825a1000 C:\Windows\system32\GDI32.dll
ModLoad: 00007ff9`80ce0000 00007ff9`821f9000 C:\Windows\system32\SHELL32.dll
ModLoad: 00007ff9`805c0000 00007ff9`80754000 C:\Windows\system32\ole32.dll
ModLoad: 00007ff9`7b660000 00007ff9`7b810000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17415_none_932b3b5547500489\gdiplus.dll
ModLoad: 00000000`55880000 00000000`55918000 C:\Windows\SYSTEM32\MSVCP100.dll
ModLoad: 00007ff9`823f0000 00007ff9`82444000 C:\Windows\system32\SHLWAPI.dll
ModLoad: 00007ff9`7d8c0000 00007ff9`7db3b000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb\COMCTL32.dll
ModLoad: 00007ff9`7cca0000 00007ff9`7cca7000 C:\Windows\SYSTEM32\MSIMG32.dll
ModLoad: 00007ff9`803d0000 00007ff9`8047a000 C:\Windows\system32\msvcrt.dll
ModLoad: 00007ff9`82700000 00007ff9`82911000 C:\Windows\SYSTEM32\combase.dll
ModLoad: 00007ff9`825b0000 00007ff9`826f1000 C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ff9`807c0000 00007ff9`80819000 C:\Windows\SYSTEM32\sechost.dll
(1a58.1a54): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ff9`82b71cd0 cc int 3
0:000> bp ntdll!ntTerminateProcess
0:000> bl
0 e 00007ff9`82b41090 0001 (0001) 0:**** ntdll!NtTerminateProcess
0:000> g
ModLoad: 00007ff9`80770000 00007ff9`807a6000 C:\Windows\system32\IMM32.DLL
ModLoad: 00007ff9`80270000 00007ff9`803c3000 C:\Windows\system32\MSCTF.dll
ModLoad: 00007ff9`7e870000 00007ff9`7e999000 C:\Windows\SYSTEM32\UxTheme.dll
ModLoad: 00007ff9`7df70000 00007ff9`7df91000 C:\Windows\system32\dwmapi.dll
ModLoad: 00000000`550d0000 00000000`550dd000 C:\Windows\SYSTEM32\MFC100ENU.DLL
ModLoad: 00007ff9`82a00000 00007ff9`82aaa000 C:\Windows\system32\ADVAPI32.dll
ModLoad: 00007ff9`743b0000 00007ff9`743c1000 C:\Program Files\Intel\Power Gadget 3.0\EnergyLib64.dll
ModLoad: 00007ff9`7f230000 00007ff9`7f276000 C:\Windows\SYSTEM32\POWRPROF.dll
Breakpoint 0 hit
ntdll!NtTerminateProcess:
00007ff9`82b41090 4c8bd1 mov r10,rcx
0:000> kb
RetAddr : Args to Child : Call Site
00007ff9`82b1f400 : 00007e42`e1a67e08 00000000`013f1680 00000000`00000000 00000000`00fafc80 : ntdll!NtTerminateProcess
00007ff9`8048516a : 00000000`00000000 00000000`013f1680 00000000`013f1680 00007ff6`80105bb0 : ntdll!RtlExitUserProcess+0x60
00000000`55940ccd : 00000000`013f1678 00007ff6`863f6e0b 00000000`01181f9e 00000000`00000000 : KERNEL32!ExitProcessImplementation+0xa
*** ERROR: Module load completed but symbols could not be loaded for IntelPowerGadget.exe
00007ff6`800f9e78 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : MSVCR100!doexit+0x1c1
00007ff9`804813d2 : 00007ff6`800f9fc4 00007ff6`7f50b000 00000000`00000000 00000000`00000000 : IntelPowerGadget+0x9e78
00007ff9`82b1eb64 : 00007ff9`804813b0 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x22
00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x34
0:000> g
Breakpoint 0 hit
ntdll!NtTerminateProcess:
00007ff9`82b41090 4c8bd1 mov r10,rcx
0:000> g
ntdll!NtTerminateProcess+0xa:
00007ff9`82b4109a c3 ret

最佳答案

查询中的输出没有用你只是在运行应用程序并且 windbg 正在显示它加载的所有模块这不会产生任何关于手头问题的信息你可能需要设置至少一个断点让 windbg 中断并转储堆栈分析执行路径

.重启
当 windbg 中断时,在发出 g 之前设置一个 bp 当遇到断点时,使用 kb
转储堆栈回溯bp ntdll!ntTerminateProcess


kb

编辑您的帖子以粘贴新输出

导致终止的函数出现在 00007ff6`800f9e78

你可能需要分析这个函数

ub(向后反汇编) ub 00007ff6`800f9e78 启用 loadersnap !gflag + sls 并扫描 debug spew 寻找线索可能会导致失败,因为依赖应显示调用如果这个调用看起来是一个终端调用,你可能需要回溯以确定导致这个调用的分支,并分析为什么采取这个分支

00007ff6`800f9e78 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : MSVCR100!doexit+0x1c1
00007ff9`804813d2 : 00007ff6`800f9fc4 00007ff6`7f50b000 00000000`00000000 00000000`00000000 : IntelPowerGadget+0x9e78

编辑

我查看了有问题的 exe,它似乎在 EnergyLib64.dll 中有一个整数除以零的异常->initterm (LdrpRunInitializeRoutine) 调用的初始化例程,当它使用 cpuid 检查某些处理器特定的功能时,cpuid 的结果一些计算向右移动 20 shr eax,20,这使得 eax 为 0,除数 ebp 也为 0,因此 div eax, ebp 导致被零除异常,导致立即终止。通过 msvcrt!exit at 0x ......9e78

关于windbg - 如何使用 windbg 对无法启动的可执行文件进行故障排除?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28848662/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com