Re: 用Windbg调试win10 X64的bootmgfw.efi出现Unable to get program counter
Windows内核调试
用Windbg调试win10 X64的bootmgfw.efi出现Unable to get program counter
风继续吹
2016-03-18, 13:24 下午
用Windbg调试win10 X64的bootmgfw.efi出现问题,执行命令r和命令g均出现问题,但是栈回溯没有问题,windbg信息输出如下:
Response Time (ms) Location
Deferred SRV*D:\WinDbgSymbolFilePath*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*D:\WinDbgSymbolFilePath*http://msdl.microsoft.com/download/symbols
Executable search path is:
ReadVirtual() failed in GetXStateConfiguration() first read attempt (error == 997.
CS descriptor lookup failed
Windows Boot Debugger Kernel Version 10240 UP Free x64
Machine Name:
Primary image base = 0x00000000`10000000 Loaded module list = 0x00000000`10135e90
System Uptime: not available
Unable to get program counter
WaitForEvent failed
Unable to get program counter
0018:4bd5 0000 add byte ptr [bx+si],al
kd> r
Unable to get program counter
rax=0000000000000003 rbx=000000000ffd9850 rcx=000000000ffd9850
rdx=000000000ffd9800 rsi=0000000000103d90 rdi=0000000000000001
rip=00000000100f4bd5 rsp=000000000ffd97d8 rbp=000000000ffd98f0
r8=0000000000000003 r9=000000000ffd9840 r10=0000000000000000
r11=0000000000000000 r12=0000000000000001 r13=0000000000000000
r14=0000000000114d01 r15=000000001013ac60
iopl=0 nv up ei pl nz na po nc
cs=0018 ss=0008 ds=0030 es=0030 fs=0030 gs=0030 efl=00000206
0018:4bd5 0000 add byte ptr [bx+si],al ds:0030:0003=80
^ Unable to get program counter 'r'
kd> k
# Child-SP RetAddr Call Site
00 00000000`0ffd97d8 00000000`100d7e47 bootmgfw!DebugService2+0x5
01 00000000`0ffd97e0 00000000`100a7bc3 bootmgfw!DbgLoadImageSymbols+0x67
02 00000000`0ffd9830 00000000`100a8106 bootmgfw!BlBdStart+0x1a7
03 00000000`0ffd9870 00000000`10051541 bootmgfw!BlBdInitialize+0x2b2
04 00000000`0ffd9920 00000000`10014bac bootmgfw!BlInitializeLibrary+0x41
05 00000000`0ffd9950 00000000`100147ae bootmgfw!BmMain+0x24c
06 00000000`0ffd9aa0 00000000`0ffdc9b4 bootmgfw!EfiEntry+0x1e
07 00000000`0ffd9ad0 00000000`00000000 0xffdc9b4
kd> g
^ Unable to get program counter 'g'
Windbg的版本是10.0.10586.567,VMware Workstation的版本是12.1.0,跪求高手解答。
Re: 用Windbg调试win10 X64的bootmgfw.efi出现Unable to get program counter
风继续吹
2016-05-13, 15:42 下午
找到原因了,把360安全卫士卸载掉就好了,应该是那个核晶防护模块在作怪。