我需要使用 C++ 在 WMI 上运行一些查询,为此必须调用 CoInitializeEx。
在 32 位模式下它运行良好,我可以初始化 COM 并查询 wmi。但是如果我切换到 64 位(调试或发布没有区别),我会得到一个 AccessViolation,但前提是我调试应用程序(附加了调试器)。
重现问题:使用 Visual Studio(使用 2019/17)创建新的 C++ Windows 应用程序(无 CLR)。用下面的示例代码替换代码,并通过在 Visual Studio 中点击运行以调试模式 (Win32/x86) 启动应用程序,它应该一切正常。现在切换到 x64 并再次点击运行。现在你应该得到一个 AccessViolation 异常。
我认为这个问题与调试器有关。此代码稍后将位于单独的 DLL 中,用于不同的 C# 和 C++ 应用程序,因为这些应用程序相当大,我们需要能够调试它们。
有人可以帮我解决这个问题吗?
如果我直接从命令行或资源管理器打开应用程序,它运行良好。
#include <iostream>
#include <Windows.h>
int main()
{
PVOID ThreadLocalStoragePointer = (PVOID)__readgsqword(0x58); //added because of request in comments
CoInitialize(0);
}
ThreadLocalStoragePointer = 0x000000ae2c859058;
输出窗口(在 CoInitialize(0) 调用之前清除):
'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\tmumh\20019\AddOn\8.0.0.1056\TmUmEvt64.dll'.
'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\psapi.dll'. Symbols loaded.
'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\shlwapi.dll'. Symbols loaded.
'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\msvcrt.dll'. Symbols loaded.
'ConsoleApplication4.exe' (Win32): Loaded 'C:\Windows\System32\advapi32.dll'. Symbols loaded.
Exception thrown at 0x00007FFE24D53D3A (shlwapi.dll) in ConsoleApplication4.exe: 0xC0000005: Access violation reading location 0x0000000000000000.
堆栈跟踪:
shlwapi.dll!Microsoft::WRL::Module<1,class Microsoft::WRL::Details::DefaultModule<1> >::Create(void)
shlwapi.dll!Microsoft::WRL::Module<1,class Microsoft::WRL::Details::DefaultModule<1> >::StaticInitialize(void)
shlwapi.dll!`dynamic initializer for 'Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::isInitialized''()
msvcrt.dll!_initterm()
shlwapi.dll!_CRT_INIT()
shlwapi.dll!__DllMainCRTStartup()
ntdll.dll!LdrpCallInitRoutine()
ntdll.dll!LdrpInitializeNode()
ntdll.dll!LdrpInitializeGraphRecurse()
ntdll.dll!LdrpInitializeGraphRecurse()
ntdll.dll!LdrpPrepareModuleForExecution()
ntdll.dll!LdrpLoadDllInternal()
ntdll.dll!LdrpLoadDll()
ntdll.dll!LdrLoadDll()
00000134cfac0124()
模块:
00000134cfac0124() 我不知道这条指令被涂在哪里,但是每次我重新启动程序时它都会有所不同。在程序集中,它之前只有大约 20 条指令,而在这些指令之前有带有 ?? 的指令。?? 所以我猜这是程序的入口点?
调用堆栈中第一个条目的分解(参见最后一条指令)
000002504337004C ?? ??
000002504337004D ?? ??
000002504337004E ?? ??
000002504337004F ?? ??
0000025043370050 ?? ??
0000025043370051 ?? ??
0000025043370052 ?? ??
0000025043370053 and al,30h
0000025043370056 mov rax,qword ptr [rsp+50h]
000002504337005B mov rax,qword ptr [rax+408h]
0000025043370062 mov qword ptr [rsp+40h],rax
0000025043370067 lea rax,[rsp+48h]
000002504337006C mov qword ptr [rsp+20h],rax
0000025043370071 mov r9d,20h
0000025043370077 lea r8,[rsp+40h]
000002504337007C lea rdx,[rsp+30h]
0000025043370081 mov rcx,0FFFFFFFFFFFFFFFFh
0000025043370088 call qword ptr [rsp+38h]
000002504337008C mov dword ptr [rsp+60h],0
0000025043370094 jmp 00000250433700A1
0000025043370096 mov eax,dword ptr [rsp+60h]
000002504337009A add eax,1
000002504337009D mov dword ptr [rsp+60h],eax
00000250433700A1 mov rax,qword ptr [rsp+50h]
00000250433700A6 mov eax,dword ptr [rax+734h]
00000250433700AC cmp dword ptr [rsp+60h],eax
00000250433700B0 jae 0000025043370129
00000250433700B2 mov qword ptr [rsp+78h],0
00000250433700BB mov ecx,dword ptr [rsp+60h]
00000250433700BF imul rcx,rcx,104h
00000250433700C6 mov rax,qword ptr [rsp+50h]
00000250433700CB movzx eax,word ptr [rax+rcx+528h]
00000250433700D3 mov word ptr [rsp+68h],ax
00000250433700D8 mov ecx,dword ptr [rsp+60h]
00000250433700DC imul rcx,rcx,104h
00000250433700E3 mov rax,qword ptr [rsp+50h]
00000250433700E8 movzx eax,word ptr [rax+rcx+528h]
00000250433700F0 mov word ptr [rsp+6Ah],ax
00000250433700F5 mov ecx,dword ptr [rsp+60h]
00000250433700F9 imul rcx,rcx,104h
0000025043370100 mov rax,qword ptr [rsp+50h]
0000025043370105 lea rax,[rax+rcx+428h]
000002504337010D mov qword ptr [rsp+70h],rax
0000025043370112 lea r9,[rsp+78h]
0000025043370117 lea r8,[rsp+68h]
000002504337011C xor edx,edx
000002504337011E xor ecx,ecx
0000025043370120 call qword ptr [rsp+58h]
**0000025043370124 jmp 0000025043370096**
CoInitialize(NULL) 抛出异常 异常:
Exception thrown at 0x00007FFE24D53D3A (shlwapi.dll)
in ConsoleApplication4.exe: 0xC0000005: Access violation reading location
0x0000000000000000.
代码直接在应用程序的 main 方法中调用,而不是从任何 dll 调用,尽管从 dll 调用时相同
反汇编(引发异常的指令:00007FFE24D53D3A 与 rax 和 rcx beeing 0)
Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create:
00007FFE24D53D20 push rbx
00007FFE24D53D22 sub rsp,20h
00007FFE24D53D26 mov rax,qword ptr gs:[58h]
00007FFE24D53D2F mov ecx,dword ptr [_tls_index (07FFE24D9A9C8h)]
00007FFE24D53D35 mov edx,4
00007FFE24D53D3A mov rcx,qword ptr [rax+rcx*8]
00007FFE24D53D3E mov eax,dword ptr [rdx+rcx]
00007FFE24D53D41 cmp dword ptr [TSS0<`template-parameter-2',Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::eate,Microsoft::WRL::Details::$00::faultModule,void,int, ?? &> (07FFE24D9ACF0h)],eax
00007FFE24D53D47 jle Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create+7Bh (07FFE24D53D9Bh)
00007FFE24D53D49 lea rcx,[TSS0<`template-parameter-2',Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::eate,Microsoft::WRL::Details::$00::faultModule,void,int, ?? &> (07FFE24D9ACF0h)]
00007FFE24D53D50 call _Init_thread_header (07FFE24D5A6B8h)
00007FFE24D53D55 cmp dword ptr [TSS0<`template-parameter-2',Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::eate,Microsoft::WRL::Details::$00::faultModule,void,int, ?? &> (07FFE24D9ACF0h)],0FFFFFFFFh
00007FFE24D53D5C jne Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create+7Bh (07FFE24D53D9Bh)
00007FFE24D53D5E lea rax,[Microsoft::WRL::Details::DefaultModule<1>::`vftable' (07FFE24D7A010h)]
00007FFE24D53D65 lea rbx,[`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::moduleSingleton (07FFE24D9ACF8h)]
00007FFE24D53D6C mov qword ptr [`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::moduleSingleton (07FFE24D9ACF8h)],rax
00007FFE24D53D73 lea rcx,[`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::`dynamic atexit destructor for 'moduleSingleton'' (07FFE24D5C3A0h)]
00007FFE24D53D7A mov qword ptr [Microsoft::WRL::Details::ModuleBase::module_ (07FFE24D9AB18h)],rbx
00007FFE24D53D81 call atexit (07FFE24D5A4ACh)
00007FFE24D53D86 lea rcx,[TSS0<`template-parameter-2',Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::eate,Microsoft::WRL::Details::$00::faultModule,void,int, ?? &> (07FFE24D9ACF0h)]
00007FFE24D53D8D call _Init_thread_footer (07FFE24D5A658h)
00007FFE24D53D92 mov rax,rbx
00007FFE24D53D95 add rsp,20h
00007FFE24D53D99 pop rbx
00007FFE24D53D9A ret
00007FFE24D53D9B lea rax,[`Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create'::`2'::moduleSingleton (07FFE24D9ACF8h)]
00007FFE24D53DA2 jmp Microsoft::WRL::Module<1,Microsoft::WRL::Details::DefaultModule<1> >::Create+75h (07FFE24D53D95h)
00007FFE24D53DA4 int 3
00007FFE24D53DA5 int 3
00007FFE24D53DA6 int 3
00007FFE24D53DA7 int 3
00007FFE24D53DA8 int 3
00007FFE24D53DA9 int 3
00007FFE24D53DAA int 3
00007FFE24D53DAB int 3
00007FFE24D53DAC int 3
00007FFE24D53DAD int 3
00007FFE24D53DAE int 3
00007FFE24D53DAF int 3