是什么原因导致程序停止正常运行?

是什么原因导致程序停止正常运行?

错误消息“问题导致程序停止正常工作。请关闭该程序”

我在新的联想 PC 上将计算机从 Windows 7 升级到 8 pro。自从升级以来,我不断收到此错误消息,即使我的系统处于空闲状态。(我的意思是它处于桌面模式。甚至在任何应用程序启动之前。)

它会给我一个关闭或调试的选项。如果我点击调试,它会尝试启动 Visual Studio,它也会崩溃并显示相同的错误消息。

每次我尝试启动一些应用程序(如 Internet Explorer、远程桌面连接等)时,也会收到相同的错误消息。但如果我以管理员身份运行它们,它们就会开始运行。

当我启动 Internet Explorer 时,我检查了事件查看器,这是来自事件查看器的错误消息。

Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5123410e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fa0e790000
Faulting process id: 0x1e30
Faulting application start time: 0x01ce5425ec75a441
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: unknown
Report Id: 2a2329a8-c019-11e2-bea8-047d7b4222c5
Faulting package full name: 
Faulting package-relative application ID: 

我该如何解决这个问题?我已经尝试重新安装 Windows 8。

答案1

好的,我用 WinDbg 检查了转储,发现文件 ActiveDetect64.dll 来自联想一键影院导致崩溃的接缝:

FAULTING_IP: 
+0
000007fa`0e790000 48ff25b5b21100  jmp     qword ptr [gdi32!langToDigitScript+0xc7ac (000007fa`0e8ab2bc)]

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fa0e790000
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

PROCESS_NAME:  iexplore.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS:  ffffffffffffffff 

FOLLOWUP_IP: 
ActiveDetect64!RemoveR3APIHook64+7c
0000004b`856c2c4c 4889442420      mov     qword ptr [rsp+20h],rax

NTGLOBALFLAG:  2000100

APPLICATION_VERIFIER_FLAGS:  48004

APP:  iexplore.exe

FAULTING_THREAD:  0000000000001ce4

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ_EXPLOITABLE

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_READ_EXPLOITABLE

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ_EXPLOITABLE

LAST_CONTROL_TRANSFER:  from 0000004b856c2c4c to 000007fa0e790000

STACK_TEXT:  
ntdll!NtWaitForMultipleObjects
verifier!AVrfpNtWaitForMultipleObjects
KERNELBASE!WaitForMultipleObjectsEx
verifier!AVrfpWaitForMultipleObjectsExCommon
verifier!AVrfpKernelbaseWaitForMultipleObjectsEx
kernel32!WerpReportFaultInternal
kernel32!WerpReportFault
KERNELBASE!UnhandledExceptionFilter
ntdll! ?? ::FNODOBFM::`string'
ntdll!_C_specific_handler
ntdll!RtlpExecuteHandlerForException
ntdll!RtlDispatchException
ntdll!KiUserExceptionDispatch
0x0
ActiveDetect64!RemoveR3APIHook64
ieframe!__delayLoadHelper2
ieframe!_tailMerge_urlmon_dll
ieframe!_SetMatchFromContext
ieframe!LCIEMergeFrameProcess
ieframe!LCIEStartAsFrame
ieframe!DesktopFrameProcess
iexplore!wWinMain
iexplore!__wmainCRTStartup
kernel32!BaseThreadInitThunk
ntdll!RtlUserThreadStart


STACK_COMMAND:  ~0s; .ecxr ; kb

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  activedetect64!RemoveR3APIHook64+7c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ActiveDetect64

IMAGE_NAME:  ActiveDetect64.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4d5b5e93

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_EXPLOITABLE_c0000005_ActiveDetect64.dll!RemoveR3APIHook64

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_EXPLOITABLE_activedetect64!RemoveR3APIHook64+7c

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/iexplore_exe/10_0_9200_16537/5123410e/unknown/0_0_0_0/bbbbbbb4/c0000005/0e790000.htm?Retriage=1

Followup: MachineOwner
---------

0:000> lmvm ActiveDetect64
start             end                 module name
0000004b`856c0000 0000004b`85714000   ActiveDetect64   (export symbols)       ActiveDetect64.dll
    Loaded symbol image file: ActiveDetect64.dll
    Image path: C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
    Image name: ActiveDetect64.dll
    Timestamp:        Wed Feb 16 06:20:19 2011 (4D5B5E93)



HostMachine\HostUser
Executing Processor Architecture is x64
Debuggee is in User Mode
Debuggee is a user mode small dump file
Event Type: Exception
Exception Faulting Address: 0xffffffffffffffff
Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Read Access Violation

Faulting Instruction:000007fa`0e790000 jmp qword ptr [gdi32!langtodigitscript+0xc7ac (000007fa`0e8ab2bc)]

Exception Hash (Major/Minor): 0x851865ef.0x8ad69e1c

 Hash Usage : Stack Trace:
Major+Minor : Unknown
Major+Minor : ActiveDetect64!RemoveR3APIHook64+0x7c
Major+Minor : ieframe!__delayLoadHelper2+0x1ca
Major+Minor : ieframe!_tailMerge_urlmon_dll+0x3f
Major+Minor : ieframe!_SetMatchFromContext+0x3f
Minor       : ieframe!LCIEMergeFrameProcess+0x5a
Minor       : ieframe!LCIEStartAsFrame+0x184
Minor       : ieframe!DesktopFrameProcess+0x3a
Minor       : iexplore!wWinMain+0x5f4
Minor       : iexplore!__wmainCRTStartup+0x1b2
Minor       : kernel32!BaseThreadInitThunk+0x1a
Minor       : ntdll!RtlUserThreadStart+0x1d
Instruction Address: 0x000007fa0e790000

Description: Read Access Violation on Control Flow
Short Description: ReadAVonControlFlow
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - Read Access Violation on Control Flow starting at Unknown Symbol @ 0x000007fa0e790000 called from ActiveDetect64!RemoveR3APIHook64+0x000000000000007c (Hash=0x851865ef.0x8ad69e1c)

Access violations not near null in control flow instructions are considered exploitable.

因此请寻找更新或删除此扩展,因为此崩溃可能会被利用。

相关内容