win7文件扩展名关联打开方式时崩溃(RtlQueryInformationAcl+0x9)的调试

于 2021-07-13 12:57:34 发布
阅读量1.7k 收藏
点赞数
CC 4.0 BY-SA版权
分类专栏: Windows 逆向 文章标签: windows 反编译
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u010607621/article/details/118697670

故障现象

win7x64,装了蓝山办公,再卸载之,就出现了文件扩展名关联打开方式时会崩溃。

dmp分析

捕获进程崩溃dmp,可知崩溃的进程为rundll32.exe,崩溃时的栈如下:

00000000`000eec00 000007fe`fce9b35a : 00000000`000706e4 00000000`00310ea8 00000000`00000111 00000000`00000000 : ntdll!RtlQueryInformationAcl+0x9
00000000`000eec30 000007fe`fda60e66     : 00000000`00365590 00000000`00000000 00000000`000eed40 00000000`00000000 : KERNELBASE!GetAclInformation+0xa
00000000`000eec60 000007fe`fda61241     : 00000000`00365590 00000000`00365590 00000000`00000210 ffffffff`80000001 : shell32!CShellProtectedRegLock::Unlock+0x6e
00000000`000eecd0 000007fe`fd973946     : 00000000`00000010 00000000`00365590 00000000`0038d7f0 00000000`77187b14 : shell32!SHDeleteProtectedValue+0x69
00000000`000eed90 000007fe`fd974475     : 00000000`003a0120 00000000`000ef440 00000000`00000001 000007fe`fb4b8b62 : shell32!UserAssocSet+0x7e
00000000`000ef000 000007fe`fd936260     : 00000000`003053c0 00000000`000706e4 00000000`003053c0 00000000`003215d8 : shell32!CAssocHandler::MakeDefault+0x89
00000000`000ef4c0 000007fe`fd93633e     : 00000000`000806ba 00000000`00000001 00000000`000706e4 00000000`00000010 : shell32!COpenAs::OnOk+0x6c
00000000`000ef4f0 00000000`7708798b     : 00000000`00000000 00000000`00000001 00000000`00000001 00000000`770796c7 : shell32!OpenAsDlgProc+0x86
00000000`000ef520 00000000`77087766     : 00000000`00000111 000007fe`fd9362b8 00000000`008fdf70 00000000`00000001 : user32!UserCallDlgProcCheckWow+0x1b6
00000000`000ef5e0 00000000`77087696     : 00000000`00000000 00000000`000806ba 00000000`000706e4 00000000`00000111 : user32!DefDlgProcWorker+0xf1
00000000`000ef660 00000000`77079bbd     : 00000000`00000111 00000000`00000001 ffffffff`ffcef157 00000000`77079b2f : user32!DefDlgProcW+0x36
00000000`000ef6a0 00000000`77076a5c     : 00000000`008fdf70 00000000`771b69d8 00000000`fffffed1 00000000`000806ba : user32!UserCallWinProcCheckWow+0x1ad
00000000`000ef760 00000000`77076b61     : 00000000`000706e4 00000000`00000111 00000000`00000001 000007fe`fb4d0add : user32!SendMessageWorker+0x682
00000000`000ef7f0 000007fe`fb4d0c73     : 00000000`00321980 00000000`00000001 00000000`00000000 00000000`00000001 : user32!SendMessageW+0x5c
00000000`000ef840 000007fe`fb4d48b2     : 00000000`000806ba 00000000`00000001 00000000`00321980 000007fe`fb39e9c7 : comctl32!Button_ReleaseCapture+0x157
00000000`000ef880 00000000`77079bbd     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`7706f5b5 : comctl32!Button_WndProc+0xcde
00000000`000ef940 00000000`770798c2     : 00000000`000efb40 000007fe`fb4d3bd4 00000000`008fdf70 00000000`008e25f0 : user32!UserCallWinProcCheckWow+0x1ad
00000000`000efa00 00000000`77076782     : 00000000`00000000 00000000`00000000 000007fe`fb4d3bd4 00000000`00000001 : user32!DispatchMessageWorker+0x3b5
00000000`000efa80 00000000`77084bf4     : 00000000`00070552 00000000`008fdf70 00000000`00000001 00000000`00000001 : user32!IsDialogMessageW+0x153
00000000`000efb10 00000000`77084ed1     : 00000000`00070552 000007fe`fd9362b8 00000000`00000000 00000000`00070552 : user32!DialogBox2+0x197
00000000`000efba0 00000000`77084f46     : 00000000`01cd0490 00000000`00070552 000007fe`fd9362b8 000007fe`fd9362b8 : user32!InternalDialogBox+0x135
00000000`000efc00 00000000`7707d48e     : ffffffff`ffffffff 00000000`00070552 000007fe`fd9362b8 00000000`00000000 : user32!DialogBoxIndirectParamAorW+0x58
00000000`000efc40 000007fe`fd7dae5b     : 000007fe`fd9362b8 000007fe`fd710000 00000000`0000042e 000007fe`fd8b1f42 : user32!DialogBoxParamW+0x66
00000000`000efc80 000007fe`fd935fbf     : 00000000`003053c0 00000000`00000000 00000000`0000042e 000007fe`fe800837 : shell32!SHFusionDialogBoxParam+0x57
00000000`000efcd0 000007fe`fd93641f     : 00000000`00000003 00000000`003053c0 00000000`00070552 00000000`0000000a : shell32!COpenAs::_OpenAsDialog+0x2cb
00000000`000efd40 000007fe`fd93657f     : 00000000`00000000 00000000`ffca0000 00000000`002f9d60 00000000`00070552 : shell32!SHOpenWithDialog+0x83
00000000`000efd70 00000000`ffca2f52     : 00000000`00070552 00000000`00000000 00000000`00000004 00000000`002f9d60 : shell32!OpenAs
最低0.47元/天 解锁文章

200万优质内容无限畅学
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值