虽然平时不怎么关机,但是每次重启系统之后都会看到这个蛋疼的R6025错误也是一件很蛋疼的事情,以前曾经尝试过解决这个问题,虽然当时是没有什么问题了,但是后来这个问题却又出现了(传送门链接:http://www.h4ck.org.cn/2012/11/win7-x64-explorer-exe-r6025-pure-virtual-function-call/)。
今天又看到这个鸟错误,实在受不了鸟,于是直接操起windbg挂在exporer.exe进行调试。启动之后会发现调用堆栈基本没什么东西。
转到未处理的异常,然后中断调试,查看调用堆栈:
代码语言:javascript复制0:028> gn
Mon Dec 17 15:56:44.025 2012 (UTC 8:00): (a08.9d4): Break instruction exception - code 80000003 (first chance)
ntdll!DbgBreakPoint:
00000000`76e60530 cc int 3
0:028> k
Child-SP RetAddr Call Site
00000000`0636f958 00000000`76f07ef8 ntdll!DbgBreakPoint
00000000`0636f960 00000000`7684652d ntdll!DbgUiRemoteBreakin 0x38
00000000`0636f990 00000000`76e3c521 kernel32!BaseThreadInitThunk 0xd
00000000`0636f9c0 00000000`00000000 ntdll!RtlUserThreadStart 0x21可以看到是ntdll返回出现了错误,直接进行分析,得到如下的内容:
代码语言:javascript复制0:028> !analyze
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
***** OS symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_PEB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!IMAGE_NT_HEADERS32 ***
*** ***
*************************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath *
*********************************************************************
*** ERROR: Module load completed but symbols could not be loaded for C:WindowsExplorer.EXE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:WindowsSystem32ieframe.dll -
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath *
*********************************************************************
*********************************************************************
* Symbols can not be loaded because symbol path is not initialized. *
* *
* The Symbol Path can be set by: *
* using the _NT_SYMBOL_PATH environment variable. *
* using the -y argument when starting the debugger. *
* using .sympath and .sympath *
*********************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:Windowssystem32ole32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:Windowssystem32RPCRT4.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:Windowssystem32DUser.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:Windowssystem32msvcrt.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:UsersobabyAppDataRoamingbaiduBaiduYunNetdiskExt64.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:Windowssystem32UxTheme.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:WindowsehomeehSSO.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:Windowssystem32stobject.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:WindowsSystem32MMDevApi.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:Windowssystem32msiltcfg.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:Windowssystem32fxsst.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:WindowsSystem32AltTab.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:Windowssystem32Wlanapi.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:Windowssystem32WINMM.dll -
GetPageUrlData failed, server returned HTTP status 404
URL requested: http://watson.microsoft.com/StageOne/Explorer_EXE/6_1_7601_17567/4d672ee4/ntdll_dll/6_1_7601_17725/4ec4aa8e/80000003/00050530.htm?Retriage=1
Probably caused by : ntdll.dll ( ntdll!DbgBreakPoint 0 )
Followup: MachineOwner
---------系统给出的错误可能原因是ntdll.dll文件,但是用脚指头想想也不可能是这个问题,而加载的用户的dll只有一个,就是:C:UsersobabyAppDataRoamingbaiduBaiduYunNetdiskExt64.dll – 这个东西是百度云盘的客户端,没有对这个文件进行详细的分析,但是大体已经可以确定问题的原因了,直接删除百度云盘,然后重新启动,嗯,系统从此就清静了。
但是重启之后出现了另外一个问题,就是原来的百度云盘的那个图标没了,在系统的盘符浏览器那里看起来灰常的蛋疼,处理的方式也比较简单,删除注册表的如下项目即可:
代码语言:javascript复制Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{20D04FE0-3AEA-1069-A2D8-08002B303091}]
@="百度云"
"LocalizedString"="百度云"
"InfoTip"="从这里进入百度云"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{20D04FE0-3AEA-1069-A2D8-08002B303091}DefaultIcon]
@="C:\Users\obaby\AppData\Roaming\baidu\BaiduYun\baohefolder.ico"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{20D04FE0-3AEA-1069-A2D8-08002B303091}InprocServer32]
@="shdocvw.dll"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{20D04FE0-3AEA-1069-A2D8-08002B303091}Instance]
@=""
"CLSID"="{0AFACED1-E828-11D1-9187-B532F1E9575D}"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{20D04FE0-3AEA-1069-A2D8-08002B303091}InstanceInitPropertyBag]
"Target"="F:\百度云\"
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{20D04FE0-3AEA-1069-A2D8-08002B303091}ShellFolder]
"Attributes"=dword:f8801148
"PinToNameSpaceTree"=""
"QueryForOverlay"=""
"wantsFORPARSING"=""☆文章版权声明☆
* 网站名称:obaby@mars
* 网址:https://h4ck.org.cn/
* 本文标题: 《再谈Win7 x64 Explorer.exe R6025错误》
* 本文链接:https://h4ck.org.cn/2012/12/再谈win7-x64-explorer-exe-r6025错误/
* 转载文章请标明文章来源,原文标题以及原文链接。请遵从 《署名-非商业性使用-相同方式共享 2.5 中国大陆 (CC BY-NC-SA 2.5 CN) 》许可协议。
分享文章:
相关文章:
- Win7 x64 Explorer.exe R6025 -pure virtual function call
- Simple Assembly Explorer 1.13.2
- Delphi Tips Explorer 2007 v3.0
- Internet Explorer 8 CSS Parser Exploit Code
- USB over Network (Server) & VMWare WorkStation 7.1 BSOD
- Symbol Type Viewer 1.0.0.6
- Hooking library calls on Mac using DYLD_INSERT_LIBRARIES
- 注册表非常规启动项
- Python加载的文件哪里去了?(2)
- Affinic Debugger GUI for GDB(Windows/MaxOS/Linux)
