-
-
[旧帖] 为何我的原版xp系统不能调试执行呢? 0.00雪花
-
发表于: 2013-8-14 00:16
-
虚拟机(vm8.02)设置:
虚拟系统设置:
[boot loader]
timeout=5
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /debug /debugport=com1 /baudrate=115200
windbg设置:
"C:\Program Files (x86)\Debugging Tools for Windows (x86)\windbg.exe" -b -k com:port=\\.\pipe\com_1,baud=115200,pipe
调试时提示:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Opened \\.\pipe\com_1
Waiting to reconnect...
Connected to Windows XP 2600 x86 compatible target at (Mon Aug 12 22:56:45.823 2013 (GMT+8)), ptr64 FALSE
Kernel Debugger connection established. (Initial Breakpoint requested)
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlpa.exe -
Windows XP Kernel Version 2600 UP Free x86 compatible
Built by: 2600.xpsp.080413-2111
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x80554fc0
System Uptime: not available
Break instruction exception - code 80000003 (first chance)
*******************************************************************************
* *
* You are seeing this message because you pressed either *
* CTRL+C (if you run kd.exe) or, *
* CTRL+BREAK (if you run WinDBG), *
* on your debugger machine's keyboard. *
* *
* THIS IS NOT A BUG OR A SYSTEM CRASH *
* *
* If you did not intend to break into the debugger, press the "g" key, then *
* press the "Enter" key now. This message might immediately reappear. If it *
* does, press "g" and "Enter" again. *
* *
*******************************************************************************
nt!RtlpBreakWithStatusInstruction:
80528bdc cc int 3
kd> g
*** Fatal System Error: 0x0000007e
(0xC0000005,0x806D3CCE,0xF7A14750,0xF7A1444C)
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
Connected to Windows XP 2600 x86 compatible target at (Mon Aug 12 22:56:52.431 2013 (GMT+8)), ptr64 FALSE
Loading Kernel Symbols
..............................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7E, {c0000005, 806d3cce, f7a14750, f7a1444c}
*** ERROR: Symbol file could not be found. Defaulted to export symbols for halaacpi.dll -
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\halaacpi.dll\4802517F20300\halaacpi.dll
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Probably caused by : hardware ( nt!Phase1Initialization+6c )
Followup: MachineOwner
---------
nt!RtlpBreakWithStatusInstruction:
80528bdc cc int 3
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 806d3cce, The address that the exception occurred at
Arg3: f7a14750, Exception Record Address
Arg4: f7a1444c, Context Record Address
Debugging Details:
------------------
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\halaacpi.dll\4802517F20300\halaacpi.dll
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
FAULTING_IP:
hal!HalBeginSystemInterrupt+22
806d3cce 6d ins dword ptr es:[edi],dx
EXCEPTION_RECORD: f7a14750 -- (.exr 0xfffffffff7a14750)
ExceptionAddress: 806d3cce (hal!HalBeginSystemInterrupt+0x00000022)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00000009
Attempt to write to address 00000009
CONTEXT: f7a1444c -- (.cxr 0xfffffffff7a1444c)
eax=0000a2a2 ebx=00000000 ecx=0000a2b2 edx=08100000 esi=0000a2b2 edi=00000009
eip=806d3cce esp=f7a14818 ebp=f7a1483c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
hal!HalBeginSystemInterrupt+0x22:
806d3cce 6d ins dword ptr es:[edi],dx es:0023:00000009=????????
Resetting default scope
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 00000009
WRITE_ADDRESS: 00000009
FOLLOWUP_IP:
nt!Phase1Initialization+6c
80686694 84c0 test al,al
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
MISALIGNED_IP:
hal!HalBeginSystemInterrupt+22
806d3cce 6d ins dword ptr es:[edi],dx
LAST_CONTROL_TRANSFER: from 80686694 to 806d3cce
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f7a1483c 80686694 00000001 80087000 867b75b8 hal!HalBeginSystemInterrupt+0x22
f7a14dac 805c7160 80087000 00000000 00000000 nt!Phase1Initialization+0x6c
f7a14ddc 80542dd2 80686628 80087000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!Phase1Initialization+6c
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xfffffffff7a1444c ; kb
MODULE_NAME: hardware
FAILURE_BUCKET_ID: IP_MISALIGNED
BUCKET_ID: IP_MISALIGNED
Followup: MachineOwner
---------
请问各位大侠,问题出在哪?我该怎么做才能解决这个问题?
虚拟系统设置:
[boot loader]
timeout=5
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /debug /debugport=com1 /baudrate=115200
windbg设置:
"C:\Program Files (x86)\Debugging Tools for Windows (x86)\windbg.exe" -b -k com:port=\\.\pipe\com_1,baud=115200,pipe
调试时提示:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Opened \\.\pipe\com_1
Waiting to reconnect...
Connected to Windows XP 2600 x86 compatible target at (Mon Aug 12 22:56:45.823 2013 (GMT+8)), ptr64 FALSE
Kernel Debugger connection established. (Initial Breakpoint requested)
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y <symbol_path> argument when starting the debugger. *
* using .sympath and .sympath+ *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlpa.exe -
Windows XP Kernel Version 2600 UP Free x86 compatible
Built by: 2600.xpsp.080413-2111
Machine Name:
Kernel base = 0x804d8000 PsLoadedModuleList = 0x80554fc0
System Uptime: not available
Break instruction exception - code 80000003 (first chance)
*******************************************************************************
* *
* You are seeing this message because you pressed either *
* CTRL+C (if you run kd.exe) or, *
* CTRL+BREAK (if you run WinDBG), *
* on your debugger machine's keyboard. *
* *
* THIS IS NOT A BUG OR A SYSTEM CRASH *
* *
* If you did not intend to break into the debugger, press the "g" key, then *
* press the "Enter" key now. This message might immediately reappear. If it *
* does, press "g" and "Enter" again. *
* *
*******************************************************************************
nt!RtlpBreakWithStatusInstruction:
80528bdc cc int 3
kd> g
*** Fatal System Error: 0x0000007e
(0xC0000005,0x806D3CCE,0xF7A14750,0xF7A1444C)
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
Connected to Windows XP 2600 x86 compatible target at (Mon Aug 12 22:56:52.431 2013 (GMT+8)), ptr64 FALSE
Loading Kernel Symbols
..............................
Loading User Symbols
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 7E, {c0000005, 806d3cce, f7a14750, f7a1444c}
*** ERROR: Symbol file could not be found. Defaulted to export symbols for halaacpi.dll -
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\halaacpi.dll\4802517F20300\halaacpi.dll
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Probably caused by : hardware ( nt!Phase1Initialization+6c )
Followup: MachineOwner
---------
nt!RtlpBreakWithStatusInstruction:
80528bdc cc int 3
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 806d3cce, The address that the exception occurred at
Arg3: f7a14750, Exception Record Address
Arg4: f7a1444c, Context Record Address
Debugging Details:
------------------
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\ntkrnlpa.exe\4802516A1f8480\ntkrnlpa.exe
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
Unable to open image file: C:\Program Files (x86)\Debugging Tools for Windows (x86)\sym\halaacpi.dll\4802517F20300\halaacpi.dll
ϵͳÕÒ²»µ½Ö¸¶¨µÄÎļþ¡£
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
FAULTING_IP:
hal!HalBeginSystemInterrupt+22
806d3cce 6d ins dword ptr es:[edi],dx
EXCEPTION_RECORD: f7a14750 -- (.exr 0xfffffffff7a14750)
ExceptionAddress: 806d3cce (hal!HalBeginSystemInterrupt+0x00000022)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000001
Parameter[1]: 00000009
Attempt to write to address 00000009
CONTEXT: f7a1444c -- (.cxr 0xfffffffff7a1444c)
eax=0000a2a2 ebx=00000000 ecx=0000a2b2 edx=08100000 esi=0000a2b2 edi=00000009
eip=806d3cce esp=f7a14818 ebp=f7a1483c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
hal!HalBeginSystemInterrupt+0x22:
806d3cce 6d ins dword ptr es:[edi],dx es:0023:00000009=????????
Resetting default scope
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%08lx
EXCEPTION_PARAMETER1: 00000001
EXCEPTION_PARAMETER2: 00000009
WRITE_ADDRESS: 00000009
FOLLOWUP_IP:
nt!Phase1Initialization+6c
80686694 84c0 test al,al
BUGCHECK_STR: 0x7E
DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE
MISALIGNED_IP:
hal!HalBeginSystemInterrupt+22
806d3cce 6d ins dword ptr es:[edi],dx
LAST_CONTROL_TRANSFER: from 80686694 to 806d3cce
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f7a1483c 80686694 00000001 80087000 867b75b8 hal!HalBeginSystemInterrupt+0x22
f7a14dac 805c7160 80087000 00000000 00000000 nt!Phase1Initialization+0x6c
f7a14ddc 80542dd2 80686628 80087000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!Phase1Initialization+6c
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: hardware
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: .cxr 0xfffffffff7a1444c ; kb
MODULE_NAME: hardware
FAILURE_BUCKET_ID: IP_MISALIGNED
BUCKET_ID: IP_MISALIGNED
Followup: MachineOwner
---------
请问各位大侠,问题出在哪?我该怎么做才能解决这个问题?
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
