O que fez com que o programa parasse de funcionar corretamente?

Question

O que fez com que o programa parasse de funcionar corretamente?

#1 resposta do (1 votos)

0

Mensagem de erro "um problema fez com que o programa parasse de funcionar corretamente. Por favor, feche o programa"

Eu atualizei meu computador do Windows 7 para o 8 pro no meu novo Lenovo PC. Desde o upgrade eu estou recebendo essa mensagem de erro como um pop-up, por conta própria. Mesmo se meu sistema estiver inativo. (Quero dizer, é no modo de área de trabalho. Mesmo antes de qualquer aplicativo ser iniciado.)

Ele me dará uma opção para fechar ou depurar. Se eu acertar o debug, ele tentará iniciar o visual studio e isso irá falhar também com a mesma mensagem de erro.

Eu também recebo a mesma mensagem de erro toda vez que tento iniciar alguns aplicativos como o Internet Explorer, a Conexão de Área de Trabalho Remota, etc. Mas se eu executá-los como um Administrador, ele será executado.

Eu verifiquei o visualizador de eventos quando eu iniciei o Internet Explorer e esta é a mensagem de erro do visualizador de eventos.

Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5123410e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fa0e790000
Faulting process id: 0x1e30
Faulting application start time: 0x01ce5425ec75a441
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: unknown
Report Id: 2a2329a8-c019-11e2-bea8-047d7b4222c5
Faulting package full name: 
Faulting package-relative application ID:

Como posso resolver este problema? Eu já tentei reinstalar o Windows 8.

upgrade windows-8 troubleshooting

por franklins 19.05.2013 / 03:00

1 resposta

Tags upgrade windows-8 troubleshooting

Onde posso encontrar uma lista de símbolos ASCII? [fechadas] Instalação antiga do Windows XP presa no loop. Não consigo terminar de instalar

score 1 · Accepted Answer

ok, eu verifico o despejo com o WinDbg e vi que o arquivo ActiveDetect64.dll do Lenovo Onekey Theater se encaixa para causar o travamento:

FAULTING_IP: 
+0
000007fa'0e790000 48ff25b5b21100  jmp     qword ptr [gdi32!langToDigitScript+0xc7ac (000007fa'0e8ab2bc)]

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fa0e790000
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

PROCESS_NAME:  iexplore.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  ffffffffffffffff

READ_ADDRESS:  ffffffffffffffff 

FOLLOWUP_IP: 
ActiveDetect64!RemoveR3APIHook64+7c
0000004b'856c2c4c 4889442420      mov     qword ptr [rsp+20h],rax

NTGLOBALFLAG:  2000100

APPLICATION_VERIFIER_FLAGS:  48004

APP:  iexplore.exe

FAULTING_THREAD:  0000000000001ce4

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ_EXPLOITABLE

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_READ_EXPLOITABLE

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ_EXPLOITABLE

LAST_CONTROL_TRANSFER:  from 0000004b856c2c4c to 000007fa0e790000

STACK_TEXT:  
ntdll!NtWaitForMultipleObjects
verifier!AVrfpNtWaitForMultipleObjects
KERNELBASE!WaitForMultipleObjectsEx
verifier!AVrfpWaitForMultipleObjectsExCommon
verifier!AVrfpKernelbaseWaitForMultipleObjectsEx
kernel32!WerpReportFaultInternal
kernel32!WerpReportFault
KERNELBASE!UnhandledExceptionFilter
ntdll! ?? ::FNODOBFM::'string'
ntdll!_C_specific_handler
ntdll!RtlpExecuteHandlerForException
ntdll!RtlDispatchException
ntdll!KiUserExceptionDispatch
0x0
ActiveDetect64!RemoveR3APIHook64
ieframe!__delayLoadHelper2
ieframe!_tailMerge_urlmon_dll
ieframe!_SetMatchFromContext
ieframe!LCIEMergeFrameProcess
ieframe!LCIEStartAsFrame
ieframe!DesktopFrameProcess
iexplore!wWinMain
iexplore!__wmainCRTStartup
kernel32!BaseThreadInitThunk
ntdll!RtlUserThreadStart


STACK_COMMAND:  ~0s; .ecxr ; kb

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  activedetect64!RemoveR3APIHook64+7c

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: ActiveDetect64

IMAGE_NAME:  ActiveDetect64.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  4d5b5e93

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_EXPLOITABLE_c0000005_ActiveDetect64.dll!RemoveR3APIHook64

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_EXPLOITABLE_activedetect64!RemoveR3APIHook64+7c

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/iexplore_exe/10_0_9200_16537/5123410e/unknown/0_0_0_0/bbbbbbb4/c0000005/0e790000.htm?Retriage=1

Followup: MachineOwner
---------

0:000> lmvm ActiveDetect64
start             end                 module name
0000004b'856c0000 0000004b'85714000   ActiveDetect64   (export symbols)       ActiveDetect64.dll
    Loaded symbol image file: ActiveDetect64.dll
    Image path: C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
    Image name: ActiveDetect64.dll
    Timestamp:        Wed Feb 16 06:20:19 2011 (4D5B5E93)



HostMachine\HostUser
Executing Processor Architecture is x64
Debuggee is in User Mode
Debuggee is a user mode small dump file
Event Type: Exception
Exception Faulting Address: 0xffffffffffffffff
Second Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Read Access Violation

Faulting Instruction:000007fa'0e790000 jmp qword ptr [gdi32!langtodigitscript+0xc7ac (000007fa'0e8ab2bc)]

Exception Hash (Major/Minor): 0x851865ef.0x8ad69e1c

 Hash Usage : Stack Trace:
Major+Minor : Unknown
Major+Minor : ActiveDetect64!RemoveR3APIHook64+0x7c
Major+Minor : ieframe!__delayLoadHelper2+0x1ca
Major+Minor : ieframe!_tailMerge_urlmon_dll+0x3f
Major+Minor : ieframe!_SetMatchFromContext+0x3f
Minor       : ieframe!LCIEMergeFrameProcess+0x5a
Minor       : ieframe!LCIEStartAsFrame+0x184
Minor       : ieframe!DesktopFrameProcess+0x3a
Minor       : iexplore!wWinMain+0x5f4
Minor       : iexplore!__wmainCRTStartup+0x1b2
Minor       : kernel32!BaseThreadInitThunk+0x1a
Minor       : ntdll!RtlUserThreadStart+0x1d
Instruction Address: 0x000007fa0e790000

Description: Read Access Violation on Control Flow
Short Description: ReadAVonControlFlow
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - Read Access Violation on Control Flow starting at Unknown Symbol @ 0x000007fa0e790000 called from ActiveDetect64!RemoveR3APIHook64+0x000000000000007c (Hash=0x851865ef.0x8ad69e1c)

Access violations not near null in control flow instructions are considered exploitable.

procure uma atualização ou remova essa extensão, porque essa falha pode ser explorada.