如何使用windbg来解决不能启动的可执行文件?

时间:2015-03-04 07:22:13

标签: windbg

Intel Power Gadget工具无法在我的系统上运行,我正在试图找出原因。这是运行Window 8.1 x64的Core i7-720QM。 AIDA64读取CPU温度很好,但我甚至无法启动Intel Power Gadget。没有窗户打开,没有任何反应。它在另一台计算机上运行良好。

我尝试附加 windbg ,但是导致可执行文件失败的原因并不明显。我找不到 windbg 教程,该教程展示了如何解决无法启动的可执行文件。

在以下输出中,我设置了一个断点并按照用户blabb的建议转储了堆栈。有什么想法吗?

0:000> .symfix
0:000> .restart
CommandLine: "C:\Program Files\Intel\Power Gadget 3.0\IntelPowerGadget.exe"

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: srv*
ModLoad: 00007ff6`800f0000 00007ff6`80178000   IntelPowerGadget.exe
ModLoad: 00007ff9`82ab0000 00007ff9`82c5c000   ntdll.dll
ModLoad: 00007ff9`80480000 00007ff9`805be000   C:\Windows\system32\KERNEL32.DLL
ModLoad: 00007ff9`7fcd0000 00007ff9`7fde5000   C:\Windows\system32\KERNELBASE.dll
ModLoad: 00000000`550e0000 00000000`55643000   C:\Windows\SYSTEM32\mfc100u.dll
ModLoad: 00000000`55920000 00000000`559f2000   C:\Windows\SYSTEM32\MSVCR100.dll
ModLoad: 00007ff9`80820000 00007ff9`80997000   C:\Windows\system32\USER32.dll
ModLoad: 00007ff9`82450000 00007ff9`825a1000   C:\Windows\system32\GDI32.dll
ModLoad: 00007ff9`80ce0000 00007ff9`821f9000   C:\Windows\system32\SHELL32.dll
ModLoad: 00007ff9`805c0000 00007ff9`80754000   C:\Windows\system32\ole32.dll
ModLoad: 00007ff9`7b660000 00007ff9`7b810000   C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17415_none_932b3b5547500489\gdiplus.dll
ModLoad: 00000000`55880000 00000000`55918000   C:\Windows\SYSTEM32\MSVCP100.dll
ModLoad: 00007ff9`823f0000 00007ff9`82444000   C:\Windows\system32\SHLWAPI.dll
ModLoad: 00007ff9`7d8c0000 00007ff9`7db3b000   C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb\COMCTL32.dll
ModLoad: 00007ff9`7cca0000 00007ff9`7cca7000   C:\Windows\SYSTEM32\MSIMG32.dll
ModLoad: 00007ff9`803d0000 00007ff9`8047a000   C:\Windows\system32\msvcrt.dll
ModLoad: 00007ff9`82700000 00007ff9`82911000   C:\Windows\SYSTEM32\combase.dll
ModLoad: 00007ff9`825b0000 00007ff9`826f1000   C:\Windows\system32\RPCRT4.dll
ModLoad: 00007ff9`807c0000 00007ff9`80819000   C:\Windows\SYSTEM32\sechost.dll
(1a58.1a54): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ff9`82b71cd0 cc              int     3
0:000> bp ntdll!ntTerminateProcess
0:000> bl
 0 e 00007ff9`82b41090     0001 (0001)  0:**** ntdll!NtTerminateProcess
0:000> g
ModLoad: 00007ff9`80770000 00007ff9`807a6000   C:\Windows\system32\IMM32.DLL
ModLoad: 00007ff9`80270000 00007ff9`803c3000   C:\Windows\system32\MSCTF.dll
ModLoad: 00007ff9`7e870000 00007ff9`7e999000   C:\Windows\SYSTEM32\UxTheme.dll
ModLoad: 00007ff9`7df70000 00007ff9`7df91000   C:\Windows\system32\dwmapi.dll
ModLoad: 00000000`550d0000 00000000`550dd000   C:\Windows\SYSTEM32\MFC100ENU.DLL
ModLoad: 00007ff9`82a00000 00007ff9`82aaa000   C:\Windows\system32\ADVAPI32.dll
ModLoad: 00007ff9`743b0000 00007ff9`743c1000   C:\Program Files\Intel\Power Gadget 3.0\EnergyLib64.dll
ModLoad: 00007ff9`7f230000 00007ff9`7f276000   C:\Windows\SYSTEM32\POWRPROF.dll
Breakpoint 0 hit
ntdll!NtTerminateProcess:
00007ff9`82b41090 4c8bd1          mov     r10,rcx
0:000> kb
RetAddr           : Args to Child                                                           : Call Site
00007ff9`82b1f400 : 00007e42`e1a67e08 00000000`013f1680 00000000`00000000 00000000`00fafc80 : ntdll!NtTerminateProcess
00007ff9`8048516a : 00000000`00000000 00000000`013f1680 00000000`013f1680 00007ff6`80105bb0 : ntdll!RtlExitUserProcess+0x60
00000000`55940ccd : 00000000`013f1678 00007ff6`863f6e0b 00000000`01181f9e 00000000`00000000 : KERNEL32!ExitProcessImplementation+0xa
*** ERROR: Module load completed but symbols could not be loaded for IntelPowerGadget.exe
00007ff6`800f9e78 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : MSVCR100!doexit+0x1c1
00007ff9`804813d2 : 00007ff6`800f9fc4 00007ff6`7f50b000 00000000`00000000 00000000`00000000 : IntelPowerGadget+0x9e78
00007ff9`82b1eb64 : 00007ff9`804813b0 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x22
00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x34
0:000> g
Breakpoint 0 hit
ntdll!NtTerminateProcess:
00007ff9`82b41090 4c8bd1          mov     r10,rcx
0:000> g
ntdll!NtTerminateProcess+0xa:
00007ff9`82b4109a c3              ret

1 个答案:

答案 0 :(得分:4)

查询中的输出没有用,你只是运行应用程序而windbg显示它加载的所有模块,它们不会产生任何信息到手头的问题你可能需要设置至少一个断点让windbg中断并转储用于分析执行路径的堆栈

<强> .restart
当windbg中断时,在发出g之前设置bp,当断点被击中时,使用kb转换堆栈回溯 bp ntdll!ntTerminateProcess
BL

kb

编辑帖子以粘贴新输出

导致终止的功能似乎是00007ff6`800f9e78

您可能需要分析此功能

ub (unassemble backward ) ub 00007ff6`800f9e78 启用loadersnap!gflag + sls并扫描调试spew以获取线索可能导致因依赖性而导致失败,如果此调用似乎是终端呼叫您可能需要追溯以确定导致此呼叫的分支并分析为何采取此分支

00007ff6`800f9e78 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : MSVCR100!doexit+0x1c1
00007ff9`804813d2 : 00007ff6`800f9fc4 00007ff6`7f50b000 00000000`00000000 00000000`00000000 : IntelPowerGadget+0x9e78 

编辑

我看了一下有问题的exe看起来似乎有一个整数除零异常在EnergyLib64.dll-&gt;初始化例程中由initterm(LdrpRunInitializeRoutine)调用,当它使用cpuid检查某些处理器特定功能时cpuid的结果在一些计算右移20 shr eax后,20使得eax为0且除数ebp也为0所以div eax,ebp导致除以零的异常,导致立即终止。通过msvcrt!退出0x ...... 9e78