运行了TP游戏导致VS没得调试是啥子原因噻?
本帖最后由 gfw 于 2015-7-11 01:48 编辑听说是什么调试权限问题,谁能细说一下? 就是把DbgkDebugObjectType的ValidAccessMask给弄掉了,导致不管什么程序都无法DEBUG了。
解决方法:要么1MS一次恢复,要么直接把清零的线程给冻结;要么把清零代码PATCH掉(可能需要过CRC);要么让那块内存无法写入。
摘录一段文字给你:
dq DbgkDebugObjectType
dt _OBJECT_TYPE fffffa80`24e33250
清零前:
1: kd> dt _OBJECT_TYPE_INITIALIZER fffffa80`24e33250+0x040
nt!_OBJECT_TYPE_INITIALIZER
+0x000 Length : 0x70
+0x002 ObjectTypeFlags: 0x8 ''
+0x002 CaseInsensitive: 0y0
+0x002 UnnamedObjectsOnly : 0y0
+0x002 UseDefaultObject : 0y0
+0x002 SecurityRequired : 0y1
+0x002 MaintainHandleCount : 0y0
+0x002 MaintainTypeList : 0y0
+0x002 SupportsObjectCallbacks : 0y0
+0x004 ObjectTypeCode : 0
+0x008 InvalidAttributes : 0
+0x00c GenericMapping : _GENERIC_MAPPING
+0x01c ValidAccessMask: 0x1f000f
+0x020 RetainAccess : 0
+0x024 PoolType : 0 ( NonPagedPool )
+0x028 DefaultPagedPoolCharge : 0
+0x02c DefaultNonPagedPoolCharge : 0x58
+0x030 DumpProcedure : (null)
+0x038 OpenProcedure : (null)
+0x040 CloseProcedure : 0xfffff800`01f0ddb0 voidnt!DbgkpCloseObject+0
+0x048 DeleteProcedure: 0xfffff800`01d66fe0 voidnt!CmpConfigureProcessors+0
+0x050 ParseProcedure : (null)
+0x058 SecurityProcedure : 0xfffff800`01dd25f0 longnt!SeDefaultObjectMethod+0
+0x060 QueryNameProcedure : (null)
+0x068 OkayToCloseProcedure : (null)
清零后:
0: kd> dt _OBJECT_TYPE_INITIALIZER fffffa80`24e51250+0x040
nt!_OBJECT_TYPE_INITIALIZER
+0x000 Length : 0x70
+0x002 ObjectTypeFlags: 0x8 ''
+0x002 CaseInsensitive: 0y0
+0x002 UnnamedObjectsOnly : 0y0
+0x002 UseDefaultObject : 0y0
+0x002 SecurityRequired : 0y1
+0x002 MaintainHandleCount : 0y0
+0x002 MaintainTypeList : 0y0
+0x002 SupportsObjectCallbacks : 0y0
+0x004 ObjectTypeCode : 0
+0x008 InvalidAttributes : 0
+0x00c GenericMapping : _GENERIC_MAPPING
+0x01c ValidAccessMask: 0
+0x020 RetainAccess : 0
+0x024 PoolType : 0 ( NonPagedPool )
+0x028 DefaultPagedPoolCharge : 0
+0x02c DefaultNonPagedPoolCharge : 0x58
+0x030 DumpProcedure : (null)
+0x038 OpenProcedure : (null)
+0x040 CloseProcedure : 0xfffff800`01eb5db0 voidnt!DbgkpCloseObject+0
+0x048 DeleteProcedure: 0xfffff800`01d0efe0 voidnt!CmpConfigureProcessors+0
+0x050 ParseProcedure : (null)
+0x058 SecurityProcedure : 0xfffff800`01d7a5f0 longnt!SeDefaultObjectMethod+0
+0x060 QueryNameProcedure : (null)
+0x068 OkayToCloseProcedure : (null)
清零代码:
fffff880`0bcdc4cc 54 push rsp
fffff880`0bcdc4cd 33c0 xor eax,eax
fffff880`0bcdc4cf 87434c xchg eax,dword ptr
fffff880`0bcdc4d2 33c0 xor eax,eax
fffff880`0bcdc4d4 874350 xchg eax,dword ptr
fffff880`0bcdc4d7 33c0 xor eax,eax
fffff880`0bcdc4d9 87435c xchg eax,dword ptr // ValidAccessMask
fffff880`0bcdc4dc 833d9585000000cmp dword ptr ,0
fffff880`0bcdc4e3 0f8544feffff jne fffff880`0bcdc32d
fffff880`0bcdc4e9 33c9 xor ecx,ecx
fffff880`0bcdc4eb ff15df6b0000 call qword ptr
fffff880`0bcdc4f1 488b4c2440 mov rcx,qword ptr
fffff880`0bcdc4f6 4833cc xor rcx,rsp
fffff880`0bcdc4f9 e822570000 call fffff880`0bce1c20
fffff880`0bcdc4fe 488b5c2468 mov rbx,qword ptr
fffff880`0bcdc503 4883c450 add rsp,50h
fffff880`0bcdc507 5f pop rdi
fffff880`0bcdc508 c3 ret 谢谢了啊
页:
[1]