错误消息“问题导致程序停止正常工作。请关闭该程序”
我在新的联想 PC 上将计算机从 Windows 7 升级到 8 pro。自从升级以来,我不断收到此错误消息,即使我的系统处于空闲状态。(我的意思是它处于桌面模式。甚至在任何应用程序启动之前。)
它会给我一个关闭或调试的选项。如果我点击调试,它会尝试启动 Visual Studio,它也会崩溃并显示相同的错误消息。
每次我尝试启动一些应用程序(如 Internet Explorer、远程桌面连接等)时,也会收到相同的错误消息。但如果我以管理员身份运行它们,它们就会开始运行。
当我启动 Internet Explorer 时,我检查了事件查看器,这是来自事件查看器的错误消息。
Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5123410e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fa0e790000
Faulting process id: 0x1e30
Faulting application start time: 0x01ce5425ec75a441
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: unknown
Report Id: 2a2329a8-c019-11e2-bea8-047d7b4222c5
Faulting package full name:
Faulting package-relative application ID:
我该如何解决这个问题?我已经尝试重新安装 Windows 8。
答案1
好的,我用 WinDbg 检查了转储,发现文件 ActiveDetect64.dll 来自联想一键影院导致崩溃的接缝:
FAULTING_IP:
+0
000007fa`0e790000 48ff25b5b21100 jmp qword ptr [gdi32!langToDigitScript+0xc7ac (000007fa`0e8ab2bc)]
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fa0e790000
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff
PROCESS_NAME: iexplore.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: ffffffffffffffff
FOLLOWUP_IP:
ActiveDetect64!RemoveR3APIHook64+7c
0000004b`856c2c4c 4889442420 mov qword ptr [rsp+20h],rax
NTGLOBALFLAG: 2000100
APPLICATION_VERIFIER_FLAGS: 48004
APP: iexplore.exe
FAULTING_THREAD: 0000000000001ce4
BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ_EXPLOITABLE
PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ_EXPLOITABLE
DEFAULT_BUCKET_ID: INVALID_POINTER_READ_EXPLOITABLE
LAST_CONTROL_TRANSFER: from 0000004b856c2c4c to 000007fa0e790000
STACK_TEXT:
ntdll!NtWaitForMultipleObjects
verifier!AVrfpNtWaitForMultipleObjects
KERNELBASE!WaitForMultipleObjectsEx
verifier!AVrfpWaitForMultipleObjectsExCommon
verifier!AVrfpKernelbaseWaitForMultipleObjectsEx
kernel32!WerpReportFaultInternal
kernel32!WerpReportFault
KERNELBASE!UnhandledExceptionFilter
ntdll! ?? ::FNODOBFM::`string'
ntdll!_C_specific_handler
ntdll!RtlpExecuteHandlerForException
ntdll!RtlDispatchException
ntdll!KiUserExceptionDispatch
0x0
ActiveDetect64!RemoveR3APIHook64
ieframe!__delayLoadHelper2
ieframe!_tailMerge_urlmon_dll
ieframe!_SetMatchFromContext
ieframe!LCIEMergeFrameProcess
ieframe!LCIEStartAsFrame
ieframe!DesktopFrameProcess
iexplore!wWinMain
iexplore!__wmainCRTStartup
kernel32!BaseThreadInitThunk
ntdll!RtlUserThreadStart
STACK_COMMAND: ~0s; .ecxr ; kb
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: activedetect64!RemoveR3APIHook64+7c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ActiveDetect64
IMAGE_NAME: ActiveDetect64.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4d5b5e93
FAILURE_BUCKET_ID: INVALID_POINTER_READ_EXPLOITABLE_c0000005_ActiveDetect64.dll!RemoveR3APIHook64
BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_EXPLOITABLE_activedetect64!RemoveR3APIHook64+7c
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/iexplore_exe/10_0_9200_16537/5123410e/unknown/0_0_0_0/bbbbbbb4/c0000005/0e790000.htm?Retriage=1
Followup: MachineOwner
---------
0:000> lmvm ActiveDetect64
start end module name
0000004b`856c0000 0000004b`85714000 ActiveDetect64 (export symbols) ActiveDetect64.dll
Loaded symbol image file: ActiveDetect64.dll
Image path: C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
Image name: ActiveDetect64.dll
Timestamp: Wed Feb 16 06:20:19 2011 (4D5B5E93)
HostMachine\HostUser
Executing Processor Architecture is x64
Debuggee is in User Mode
Debuggee is a user mode small dump file
Event Type: Exception
Exception Faulting Address: 0xffffffffffffffff
Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Read Access Violation
Faulting Instruction:000007fa`0e790000 jmp qword ptr [gdi32!langtodigitscript+0xc7ac (000007fa`0e8ab2bc)]
Exception Hash (Major/Minor): 0x851865ef.0x8ad69e1c
Hash Usage : Stack Trace:
Major+Minor : Unknown
Major+Minor : ActiveDetect64!RemoveR3APIHook64+0x7c
Major+Minor : ieframe!__delayLoadHelper2+0x1ca
Major+Minor : ieframe!_tailMerge_urlmon_dll+0x3f
Major+Minor : ieframe!_SetMatchFromContext+0x3f
Minor : ieframe!LCIEMergeFrameProcess+0x5a
Minor : ieframe!LCIEStartAsFrame+0x184
Minor : ieframe!DesktopFrameProcess+0x3a
Minor : iexplore!wWinMain+0x5f4
Minor : iexplore!__wmainCRTStartup+0x1b2
Minor : kernel32!BaseThreadInitThunk+0x1a
Minor : ntdll!RtlUserThreadStart+0x1d
Instruction Address: 0x000007fa0e790000
Description: Read Access Violation on Control Flow
Short Description: ReadAVonControlFlow
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - Read Access Violation on Control Flow starting at Unknown Symbol @ 0x000007fa0e790000 called from ActiveDetect64!RemoveR3APIHook64+0x000000000000007c (Hash=0x851865ef.0x8ad69e1c)
Access violations not near null in control flow instructions are considered exploitable.
因此请寻找更新或删除此扩展,因为此崩溃可能会被利用。