【发布时间】:2020-04-27 13:11:06
【问题描述】:
我最近在我的 Windows 10 1607(14393.0) 上安装了 WinDBG Preview(1.0.2001.02001),一切都很好,直到我开始调试,或者尝试启动:
The debugging session could not be started: FAILURE HR=0x80073D07: Failed to CreateProcessAndAttachWide: C:\Users\WayToExecutable\executable.exe
命令窗口:
Microsoft (R) Windows Debugger Version 10.0.19528.1000 X86
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: C:\Users\WayToExecutable\executable.exe arg1 arg2
Cannot execute 'C:\Users\WayToExecutable\executable.exe arg1 arg2', Win32 error 0n15623
"An error was detected in the system binary. Try restoring your PC to fix the problem."
完整日志:
2020-01-10:01:52:11:145 : Information : DbgX.Shell.exe : OS Version: (Windows 10 Pro.10.0.14393) (14393.0.amd64fre.rs1_release.160715-1616) (64-bit)
2020-01-10:01:52:11:145 : Information : DbgX.Shell.exe : OS Version: (Windows 10 Pro.10.0.14393) (14393.0.amd64fre.rs1_release.160715-1616) (64-bit)
2020-01-10:01:52:11:208 : Warning : DbgX.Services.dll : Property CommandWindowSettings.CopyWithFormatting not found.
2020-01-10:01:52:11:223 : Warning : DbgX.Services.dll : Property CommandWindowSettings.MaxLineCount not found.
2020-01-10:01:52:11:270 : Information : DbgX.Debugger.dll : Found Sympath setting in dbgx.xml: srv*
2020-01-10:01:52:11:286 : Information : DbgX.dll : (E) Home directory is: C:\ProgramData\Dbg
2020-01-10:01:52:11:286 : Information : DbgX.Shell.exe : Version: 1.0.2001.02001
2020-01-10:01:52:11:676 : Information : DbgX.Shell.exe : Command line: "C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2001.2001.0_neutral__8wekyb3d8bbwe\DbgX.Shell.exe"
2020-01-10:01:52:11:348 : Information : DbgX.Debugger.dll : Starting EngHost: C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2001.2001.0_neutral__8wekyb3d8bbwe\amd64\EngHost.exe npipe:pipe=DbgX_cae0d6bd60f9439f92c667e2c313d819,password=d6588643f577 "C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2001.2001.0_neutral__8wekyb3d8bbwe\amd64" "C:\ProgramData\Dbg"
2020-01-10:01:52:11:380 : Information : DbgX.dll : (E) Added process EngHost (3032) to job object 861441e4-01cc-403d-8cb4-9b37050e03ac
2020-01-10:01:52:12:630 : Information : DbgX.dll : (E) Changed client, isPrimaryClient=True
2020-01-10:01:52:12:645 : Information : DbgX.dll : (E) Executing secondary thread request: ChangeClientRequest
2020-01-10:01:52:14:286 : Information : DbgX.Debugger.dll : Code level changed to Assembly
2020-01-10:01:52:12:661 : Information : DbgX.dll : (E) Completed secondary thread request: ChangeClientRequest
2020-01-10:01:52:14:333 : Information : DbgX.Debugger.dll : Code level changed to Source
2020-01-10:01:52:12:661 : Information : DbgX.dll : (E) Executing request: ScriptProvidersRequest
2020-01-10:01:52:12:692 : Information : DbgX.dll : (E) Completed request (18 ms) : ScriptProvidersRequest
2020-01-10:01:52:12:692 : Information : DbgX.dll : (E) Refreshing because we're in a break state.
2020-01-10:01:52:14:427 : Information : DbgX.Debugger.dll : Notifying refresh requested
2020-01-10:01:52:14:474 : Information : DbgX.dll : (E) Executing request: ScriptProvidersRequest
2020-01-10:01:52:14:474 : Information : DbgX.dll : (E) Completed request (0 ms) : ScriptProvidersRequest
2020-01-10:01:52:14:489 : Information : DbgX.dll : (E) Executing request: GetSymbolPathRequest
2020-01-10:01:52:14:521 : Information : DbgX.Debugger.dll : Symbol path changed: srv*
2020-01-10:01:52:14:489 : Information : DbgX.dll : (E) Completed request (2 ms) : GetSymbolPathRequest
2020-01-10:01:52:14:630 : Information : DbgX.Shell.exe : Total startup time: 5145 ms
2020-01-10:01:52:14:630 : Information : DbgX.Shell.exe : Phase 'Process startup' time: 363 ms, started at 0 ms
2020-01-10:01:52:14:630 : Information : DbgX.Shell.exe : Phase 'Compatibility mitigations' time: 13 ms, started at 394 ms
2020-01-10:01:52:14:630 : Information : DbgX.Shell.exe : Phase 'Create main window' time: 490 ms, started at 409 ms
2020-01-10:01:52:14:630 : Information : DbgX.Shell.exe : Phase 'Composition catalog' time: 771 ms, started at 425 ms
2020-01-10:01:52:14:630 : Information : DbgX.Shell.exe : Phase 'Merging resource dictionaries' time: 148 ms, started at 910 ms
2020-01-10:01:52:14:630 : Information : DbgX.Shell.exe : Phase 'Compose components' time: 484 ms, started at 1191 ms
2020-01-10:01:52:14:646 : Information : DbgX.Shell.exe : Phase 'Setting main window viewmodel' time: 286 ms, started at 1707 ms
2020-01-10:01:52:14:646 : Information : DbgX.Shell.exe : Phase 'Startup listeners' time: 215 ms, started at 1988 ms
2020-01-10:01:52:14:646 : Information : DbgX.Shell.exe : Phase 'ViewManager initialization' time: 809 ms, started at 2269 ms
2020-01-10:01:52:14:646 : Information : DbgX.Shell.exe : Phase 'Main window show' time: 2071 ms, started at 3082 ms
2020-01-10:01:52:14:646 : Information : DbgX.Shell.exe : Phase 'Shell startup listeners' time: 25 ms, started at 4738 ms
2020-01-10:01:53:11:494 : Information : DbgX.dll : (E) Executing request: CreateProcessRequest: Command Line 'C:\Users\WayToExecutable\executable.exe'
2020-01-10:01:53:11:497 : Information : DbgX.dll : (E) Using process server: 0x0000000000000000
2020-01-10:01:53:11:509 : Information : DbgX.Debugger.dll : Starting EngHost: C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2001.2001.0_neutral__8wekyb3d8bbwe\x86\EngHost.exe npipe:pipe=DbgX_b476be37a32e4231b4126d91068caece,password=5fd8ced27b46 "C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2001.2001.0_neutral__8wekyb3d8bbwe\x86" "C:\ProgramData\Dbg"
2020-01-10:01:53:11:515 : Information : DbgX.dll : (E) Added process EngHost (9080) to job object 97a89ead-fb17-4730-868e-194c305b599f
2020-01-10:01:53:13:732 : Information : DbgX.dll : (E) Killing process EngHost (3032) for job object 861441e4-01cc-403d-8cb4-9b37050e03ac (HasExited: False)
2020-01-10:01:53:13:733 : Information : DbgX.dll : (E) Changed client, isPrimaryClient=True
2020-01-10:01:53:13:752 : Information : DbgX.dll : (E) Executing secondary thread request: ChangeClientRequest
2020-01-10:01:53:13:771 : Information : DbgX.Debugger.dll : Code level changed to Assembly
2020-01-10:01:53:13:773 : Information : DbgX.Debugger.dll : Code level changed to Source
2020-01-10:01:53:13:874 : Information : DbgX.dll : (E) Completed secondary thread request: ChangeClientRequest
2020-01-10:01:53:13:893 : Information : DbgX.Services.dll : Action item published: Error - The debugging session could not be started: FAILURE HR=0x80073D07: Failed to CreateProcessAndAttachWide: C:\Users\WayToExecutable\executable.exe
2020-01-10:01:53:13:955 : Error : DbgX.Services.dll :
WindowsDebugger.WindowsDebuggerException: FAILURE HR=0x80073D07: Failed to CreateProcessAndAttachWide: C:\Users\WayToExecutable\executable.exe
в WindowsDebugger.DbgEng.HRESULTExtensions.ThrowOnFailed(HRESULT hr, String operation)
в DbgX.Requests.Initialization.CreateProcessRequest.DoInitializeEngine(IEngineRequestServices ers, EngineInterfaces engine, UInt64 validatedServerToken)
в DbgX.Requests.Initialization.SpecifiedServerInitializationRequest.DoExecute(IEngineRequestServices ers, EngineInterfaces engine, UInt64 validatedServerToken)
в DbgX.Requests.SpecifiedServerEngineRequest`1.DoExecute(IEngineRequestServices ers, EngineInterfaces engine)
в DbgX.Requests.EngineRequestWithTask`1.Execute(IEngineRequestServices ers, EngineInterfaces engine)
--- End stack trace from previous location where exception occurred ---
в System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
в System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
в DbgX.Services.CommandLine.ConfiguredTargetManager.<LaunchTargetAsync>d__18.MoveNext()
2020-01-10:01:53:13:877 : Information : DbgX.dll : (E) Completed request (2382 ms) : CreateProcessRequest: Command Line 'C:\Users\WayToExecutable\executable.exe'
2020-01-10:01:53:13:877 : Information : DbgX.dll : (E) Refreshing because we're in a break state.
2020-01-10:01:53:14:107 : Information : DbgX.Debugger.dll : Notifying refresh requested
2020-01-10:01:53:14:111 : Error : DbgXUI.dll :
WindowsDebugger.WindowsDebuggerException: FAILURE HR=0x80073D07: Failed to CreateProcessAndAttachWide: C:\Users\WayToExecutable\executable.exe
в WindowsDebugger.DbgEng.HRESULTExtensions.ThrowOnFailed(HRESULT hr, String operation)
в DbgX.Requests.Initialization.CreateProcessRequest.DoInitializeEngine(IEngineRequestServices ers, EngineInterfaces engine, UInt64 validatedServerToken)
в DbgX.Requests.Initialization.SpecifiedServerInitializationRequest.DoExecute(IEngineRequestServices ers, EngineInterfaces engine, UInt64 validatedServerToken)
в DbgX.Requests.SpecifiedServerEngineRequest`1.DoExecute(IEngineRequestServices ers, EngineInterfaces engine)
в DbgX.Requests.EngineRequestWithTask`1.Execute(IEngineRequestServices ers, EngineInterfaces engine)
--- End stack trace from previous location where exception occurred ---
в System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
в System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
в DbgX.Services.CommandLine.ConfiguredTargetManager.<LaunchTargetAsync>d__18.MoveNext()
--- End stack trace from previous location where exception occurred ---
в System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
в System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
в DbgXUI.Dialogs.LaunchExecutableViewModel.<LaunchAndReportAsync>d__51.MoveNext()
2020-01-10:01:53:14:114 : Information : DbgX.Services.dll : Action item published: Error - Could not launch process under the debugger: FAILURE HR=0x80073D07: Failed to CreateProcessAndAttachWide: C:\Users\WayToExecutable\executable.exe
2020-01-10:01:53:14:108 : Information : DbgX.dll : (E) Executing request: ScriptProvidersRequest
2020-01-10:01:53:14:108 : Information : DbgX.dll : (E) Completed request (0 ms) : ScriptProvidersRequest
2020-01-10:01:53:14:110 : Information : DbgX.dll : (E) Executing request: GetSymbolPathRequest
2020-01-10:01:53:14:119 : Information : DbgX.Debugger.dll : Symbol path changed: srv*
2020-01-10:01:53:14:110 : Information : DbgX.dll : (E) Completed request (0 ms) : GetSymbolPathRequest
当我尝试附加到目标进程时,并没有出现问题。
我尝试了许多不同的可执行文件,但它们都显示相同的错误...
我也尝试在经典 WinDBG 上开始调试,但它不显示错误..
经典 WinDBG 的版本:
Microsoft (R) Windows Debugger Version 10.0.18362.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
command line: '"C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\windbg.exe" ' Debugger Process 0xF34
dbgeng: image 10.0.18362.1,
[path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\dbgeng.dll]
dbghelp: image 10.0.18362.1,
[path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\dbghelp.dll]
DIA version: 26213
Extension DLL search Path:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\WINXP;C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext;C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext\arcade;C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\pri;C:\Program Files (x86)\Windows Kits\10\Debuggers\x86;C:\Users\User\AppData\Local\Dbg\EngineExtensions32;C:\Program Files (x86)\Windows Kits\10\Debuggers\x86;C:\Python27\;c:\strawberry\c\libexec\gcc\x86_64-w64-mingw32\9.1.0;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\PuTTY\;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin;C:\Program Files (x86)\dotnet\;C:\Program Files (x86)\Bitvise SSH Client;c:\strawberry\c\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\Program Files\Java\jdk-11.0.2\bin;C:\Users\Pavyk\AppData\Local\GitHubDesktop\bin;C:\Python27
Extension DLL chain:
dbghelp: image 10.0.18362.1, API 10.0.6,
[path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\dbghelp.dll]
ext: image 10.0.18362.1, API 1.0.0,
[path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext\ext.dll]
wow64exts: image 10.0.18362.1, API 1.0.0,
[path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\WINXP\wow64exts.dll]
exts: image 10.0.18362.1, API 1.0.0,
[path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\WINXP\exts.dll]
uext: image 10.0.18362.1, API 1.0.0,
[path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext\uext.dll]
ntsdexts: image 10.0.18362.1, API 1.0.0,
[path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\WINXP\ntsdexts.dll]
WOW64 extensions loaded
如果有人帮助我,我将不胜感激
【问题讨论】:
-
你有两个非常不同的命令行。你在两个 Windbg 中调试相同的进程吗?
-
15623 是 ERROR_SYSTEM_NEEDS_REMEDIATION。您是否尝试过重新启动并执行
sfc /scannow。第二个输出(经典的 WinDbg)并不表示您试图附加到某个东西。
标签: windows debugging reverse-engineering windbg disassembly