WinDbg 时间旅行调试 (TTD) 无法附加到 32 位进程 (Outlook.exe)

WinDbg Time Travel Debugging (TTD) fails to attach to 32-bit process (Outlook.exe)

提问人:ezG 提问时间:7/7/2023 最后编辑:ezG 更新时间:7/8/2023 访问量:146

问:

当我尝试附加到进程 Outlook.exe 时出现错误(见下文)

我们正在运行 O365
32 位 Outlook
64 位 Win10

运行 WinDbg 时,我以管理员身份运行它。

错误:注入客户机进程失败,退出代码:4294967295 - 0xFFFFFFFF 这可能表示存在权限问题,或者进程是 已处于跟踪控制之下,需要重新启动。

**完成。输出文件 **
版本:1.11.138.0 版权所有 (C) Microsoft Corporation。保留所有权利。

Initializing Time Travel Debugging for Attach to 3900
Time: 07/07/2023 14:16:36
OS:10.0.19045 EDITION:x64

SessionID: 204EFD6E-F21C-49C8-92E2-1FC2224AB422

   (TTD::ManageTTDTrace:2729)
Running 
   (TTD::StartGuestProcess:1512)
Group tracing GUID: A4E27785-6D06-43C4-B4A9-A66F310EB8B5

Running "C:\Users\home\AppData\Local\Microsoft\WindowsApps\Microsoft.WinDbg_8wekyb3d8bbwe\amd64\TTD\wow64\TTDInject.exe" /duration 1 /InjectMode LoaderForCombinedRecording /ClientParams "37 C:\Users\home\Documents\OUTLOOK14.run 0 0 0 0 0 0 0 0 c06001 0" /RecordScenario 268435457 /attach 3900 -TraceFileHandle 2d74 -GuestEventHandle 4b60 -ClientEventHandle 6814 -ActiveEventHandle 6790 -MutexHandle 6720 -CommunicationBufferHandle 623c -SharedSequenceMutexHandle 6684 -SharedSequenceBufferHandle 6724 /TelemetryFeatureSessionId "204EFD6E-F21C-49C8-92E2-1FC2224AB422"
   (TTD::StartGuestProcess:1959)
Microsoft (R) TTDInject 1.01.11
Release: 1.11.138.0
Copyright (C) Microsoft Corporation. All rights reserved.

TTDLoader Params:
 LauncherDll = TTDLoader
 ClientDll   = TTDRecordCPU
 ClientEntry = InitializeNirvanaClient
 ClientParams= 37 C:\Users\home\Documents\OUTLOOK14.run 0 0 0 0 0 0 0 0 c06001 0
 Attach
WaitForMain is off
Allocated processors:32, running threads:76.
Loader TTDLoader.dll injected at 0x5C110000 0x8000 -- .reload  TTDLoader.dll=0x5C110000,0x8000

Injection by thread was incomplete. Status: 2156436999
 --> Client Initialization failed.
RecordingEngine initialization status 'ErrorVcpuInitializationFailed' with message:
 --> Error: TTDWriter Initialize: failed to initialize the TTDRecordCPU client
RecordVcpu initialization status 'ErrorGettingNtdllApiAddresses' with message:
 --> Error: GetNtdllAPIAddresses() failed for KiUserExceptionDispatcher
Loader initialization status ClientInitFailed' with message:
 --> Client Initialization failed.
Error: Injecting into guest process failed with exitcode: 4294967295 - 0xFFFFFFFF
 This may be an indication of a privileges problem or that the process is
 already under tracing control and needs to be restarted.

   (TTD::StartGuestProcess:2012)
Error: Client initialization failed status:4294967295
   (TTD::InitiateGuestProcess:2541)
Trace dumped to C:\Users\home\Documents\OUTLOOK14.run
调试 Outlook Office365 WinDbg

评论

答:

1赞 Eugene Astafiev 7/8/2023 #1

您需要在同一安全上下文下运行这两个进程 - 如果使用管理员权限运行 Outlook,则还需要使用管理员权限运行。WinDbg

确保这两个进程在同一安全上下文下运行。有关详细信息,请参阅进程安全性和访问权限

评论

0赞 ezG 7/8/2023
我以管理员身份运行 WinDbg,但不是 Outlook。我会试试的!!
0赞 ezG 7/8/2023
不幸的是,以管理员身份运行 Outlook.exe 和 WinDbg 会产生相同的结果。我发布了日志的内容。

上一个:为什么 SWAPGS 指令后 GS 段选择器值没有变化?(Windows 内核调试)

下一个:Windbg C# 转储分析:如何设置调试符号?