问题描述
我想在 Windows 10 x86 内核的 启动 时间启动 .exe 文件。我创建了一个仅使用 ntdll 的程序,并且成功执行所需的进程通过调用ntcreateuserprocess函数,但是在调用了Ntresumethread函数之后,即使这个函数成功结束,在几次之后我的进程停止并出现错误代码c0000017
{Not Enough Quota} 没有足够的虚拟内存或分页文件配额 可以完成指定的操作。
#include <Windows.h>
ULONG WINAPI NtGetCurrentProcessorNumber(void);
int main()
{
int a = 1;
int b = 2;
ULONG Number = NtGetCurrentProcessorNumber();
return 0;
}
这是 Windbg !anakyze-v 结果
UnkNown bugcheck code (c0000145)
UnkNown bugcheck description
Arguments:
Arg1: c0000017
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.cpu.Sec
Value: 4
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-3QQQ253
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 50
Key : Analysis.Memory.CommitPeak.Mb
Value: 58
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: c0000145
BUGCHECK_P1: ffffffffc0000017
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: Testempty.exe
STACK_TEXT:
8aa6348c 8188696d 00000003 6fe5c42e 00000065 nt!RtlpBreakWithStatusInstruction
8aa634e0 81886339 8707b340 8aa638cc 8aa6390c nt!KiBugCheckDebugBreak+0x1f
8aa638a0 817ea6b6 0000004c c0000145 8aaaf820 nt!KeBugCheck2+0x79d
8aa638c4 817ea5ed 0000004c c0000145 8aaaf820 nt!KiBugCheck2+0xc6
8aa638e4 819987ef 0000004c c0000145 8aaaf820 nt!KeBugCheckEx+0x19
8aa6390c 81992548 00000000 8aa63ac4 8aa63b48 nt!PopGracefulShutdown+0x221
8aa63950 8198bc42 00000004 00000006 c0000004 nt!PopTransitionSystemPowerStateEx+0xab4a
8aa63ab0 818009bb 00000004 00000006 c0000004 nt!NtSetSystemPowerState+0x4e
8aa63ab0 817e8589 00000004 00000006 c0000004 nt!KiSystemServicePostCall
8aa63b34 81b7d75d 00000004 00000006 c0000004 nt!ZwSetSystemPowerState+0x11
8aa63b8c 81ab0633 00000006 c0000004 00000000 nt!PopIssueActionRequest+0xcdd43
8aa63bcc 81789f30 85980ce0 8adbb040 8192bab0 nt!PopPolicyWorkerAction+0x5f
8aa63be8 81723098 00000001 00000000 8adbb040 nt!PopPolicyWorkerThread+0x8a
8aa63c38 81763c32 85980ce0 6fe5ccbe 00000000 nt!ExpWorkerThread+0xf8
8aa63c70 81808d6d 81722fa0 85980ce0 00000000 nt!PspSystemThreadStartup+0x4a
8aa63c7c 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x15
SYMBOL_NAME: nt!PopTransitionSystemPowerStateEx+ab4a
MODULE_NAME: nt
IMAGE_NAME: ntkrpamp.exe
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: ab4a
FAILURE_BUCKET_ID: 0xC0000145_nt!PopTransitionSystemPowerStateEx
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x86
OSNAME: Windows 10
FAILURE_ID_HASH: {82d39f6b-e96d-578f-1f7d-c19db99fcfcb}
Followup: MachineOwner
---------
kd> !process
PROCESS 8c1ea680 SessionId: none Cid: 01b8 Peb: 005c8000 ParentCid: 0004
DirBase: 7e1ef080 ObjectTable: 89ca2cc0 HandleCount: 1.
Image: Testempty.exe
VadRoot 8b9fa8d0 Vads 12 Clone 0 Private 28. Modified 0. Locked 0.
DeviceMap 00000000
Token 89cb6cc8
elapsedtime 00:01:36.461
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 8104
QuotaPoolUsage[NonPagedPool] 1016
Working Set Sizes (Now,min,max) (132,50,345) (528KB,200KB,1380KB)
PeakWorkingSetSize 121
VirtualSize 5 Mb
PeakVirtualSize 5 Mb
PageFaultCount 132
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 74
THREAD 8a44e900 Cid 01b8.01bc Teb: 005c9000 Win32Thread: 00000000 WAIT: (Suspended) KernelMode Alertable
8bf67de0 NotificationEvent
你能帮我吗?
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)