Trm007
07-04-2021, 16:45
Добрый вечер.
Не знаю в какую особо тему обратиться, поэтому напишу тут, если кто то из администраторов форума знает, перекиньте пожалуйста.
Есть древняя 32-битная программа , которая хорошо работает на windows 7 x64, но вылетает на windows 10 x64 когда используешь функция которая вызывает комбобокс (будет на картинке) все остальное работает нормально ( но это достаточно критическая функция в рисовалке).
В логах такая ошибка:
"Имя сбойного приложения: IDraw32.exe, версия: 2.5.1.1, метка времени: 0x4033daf1
Имя сбойного модуля: USER32.dll, версия: 10.0.18362.997, метка времени: 0x39a48e9e
Код исключения: 0xc000041d
Смещение ошибки: 0x00054269
Идентификатор сбойного процесса: 0x1614
Время запуска сбойного приложения: 0x01d72242ae5af5ce
Путь сбойного приложения: C:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\IDraw32.exe"
Пробовал декомпилировать exe файл и посмотреть через win32debuger где его глючит, в итоге понял только что когда программа вызывает какую то функцию из user32.dll, ее перенаправляет на файл ntdll.dll, и она вылетает, вот лог дебагера:
bytes pages size description
--------- ----- ---- --------------------------------------------
14680064 1792 8192 allocating memory for b-tree...
14680064 1792 8192 allocating memory for virtual array...
262144 32 8192 allocating memory for name pointers...
-----------------------------------------------------------------
29622272 total memory allocated
Loading processor module E:\Program Files (x86)\IDA 6.7\procs\pc64.w64 for metapc...OK
Autoanalysis subsystem has been initialized.
Possible file format: MS-DOS executable (EXE) (E:\Program Files (x86)\IDA 6.7\loaders\dos64.l64)
Possible file format: Portable executable for 80386 (PE) (E:\Program Files (x86)\IDA 6.7\loaders\pe64.l64)
Loading file 'E:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\IDraw32.exe' into database...
Detected file format: Portable executable for 80386 (PE)
0. Creating a new segment (0000000000401000-00000000005CC000) ... ... OK
1. Creating a new segment (00000000005CC000-00000000005D0000) ... ... OK
2. Creating a new segment (00000000005D0000-00000000005EB000) ... ... OK
Reading exports directory...
Reading imports directory...
File C:\Windows\system32\ctl3d32.dll is used for module CTL3D32...
File C:\Windows\system32\mdlctl32.dll is used for module MDLCTL32...
3. Creating a new segment (00000000005CC904-00000000005D0000) ... ... OK
Plan FLIRT signature: Microsoft VisualC 2-11/net runtime
autoload.cfg: vc32rtf.sig autoloads mssdk.til
Assuming __cdecl calling convention by default
Type library 'mssdk' loaded. Applying types...
Types applied to 482 names.
main() function at 480770, named "_WinMain@16"
Marking typical code sequences...
Flushing buffers, please wait...ok
File 'E:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\IDraw32.exe' has been successfully loaded into the database.
Compiling file 'E:\Program Files (x86)\IDA 6.7\idc\ida.idc'...
Executing function 'main'...
Compiling file 'E:\Program Files (x86)\IDA 6.7\idc\onload.idc'...
Executing function 'OnLoad'...
IDA is analysing the input file...
You may start to explore the input file right now.
---------------------------------------------------------------------------------------------
Python 2.7.6 (default, Nov 10 2013, 19:24:18) [MSC v.1500 32 bit (Intel)]
IDAPython 64-bit v1.7.0 final (serial 0) (c) The IDAPython Team <idapython@googlegroups.com>
---------------------------------------------------------------------------------------------
Type library 'vc6win' loaded. Applying types...
Types applied to 25 names.
Pattern is not found
Command "AskNextText" failed
Using FLIRT signature: Microsoft VisualC 2-11/net runtime
Propagating type information...
Function argument information has been propagated
The initial autoanalysis has been finished.
<Default debugger>: incompatible saved desktop layout has been ignored
400000: process E:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\IDraw32.exe has started (pid=10436)
77240000: loaded C:\Windows\system32\ntdll.dll
751E0000: loaded C:\Windows\SysWOW64\kernel32.dll
76210000: loaded C:\Windows\SysWOW64\KernelBase.dll
74CF0000: loaded C:\Windows\SysWOW64\user32.dll
75FE0000: loaded C:\Windows\SysWOW64\win32u.dll
7728E230: thread has started (tid=3384)
74C00000: loaded C:\Windows\SysWOW64\gdi32.dll
74F80000: loaded C:\Windows\SysWOW64\gdi32full.dll
74A40000: loaded C:\Windows\SysWOW64\msvcp_win.dll
75EB0000: loaded C:\Windows\SysWOW64\ucrtbase.dll
7728E230: thread has started (tid=10680)
7728E230: thread has started (tid=9600)
759D0000: loaded C:\Windows\SysWOW64\advapi32.dll
74C30000: loaded C:\Windows\SysWOW64\msvcrt.dll
75A50000: loaded C:\Windows\SysWOW64\sechost.dll
74910000: loaded C:\Windows\SysWOW64\rpcrt4.dll
748A0000: loaded C:\Windows\SysWOW64\sspicli.dll
74890000: loaded C:\Windows\SysWOW64\cryptbase.dll
752E0000: loaded C:\Windows\SysWOW64\bcryptprimitives.dll
75B30000: loaded C:\Windows\SysWOW64\comdlg32.dll
5F000000: loaded C:\Windows\SysWOW64\ctl3d32.dll
5AD50000: loaded C:\Windows\SysWOW64\olesvr32.dll
5AD30000: loaded C:\Windows\SysWOW64\olecli32.dll
76410000: loaded C:\Windows\SysWOW64\combase.dll
73110000: loaded C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17763.1039_none_b4b108b76e780de2\comctl32.dll
621D0000: loaded C:\Windows\SysWOW64\mpr.dll
74EF0000: loaded C:\Windows\SysWOW64\SHCore.dll
76BE0000: loaded C:\Windows\SysWOW64\shlwapi.dll
75350000: loaded C:\Windows\SysWOW64\shell32.dll
761D0000: loaded C:\Windows\SysWOW64\cfgmgr32.dll
76C30000: loaded C:\Windows\SysWOW64\windows.storage.dll
75DF0000: loaded C:\Windows\SysWOW64\profapi.dll
75AD0000: loaded C:\Windows\SysWOW64\powrprof.dll
749D0000: loaded C:\Windows\SysWOW64\kernel.appcore.dll
74A10000: loaded C:\Windows\SysWOW64\cryptsp.dll
758B0000: loaded C:\Windows\SysWOW64\ole32.dll
75E10000: loaded C:\Windows\SysWOW64\oleaut32.dll
749E0000: loaded C:\Windows\SysWOW64\imm32.dll
10000000: loaded C:\Windows\SysWOW64\mdlctl32.dll
6F8D0000: loaded C:\Windows\SysWOW64\uxtheme.dll
74AC0000: loaded C:\Windows\SysWOW64\msctf.dll
6F870000: loaded C:\Windows\SysWOW64\dwmapi.dll
75C50000: loaded C:\Windows\SysWOW64\crypt32.dll
76720000: loaded C:\Windows\SysWOW64\msasn1.dll
6EE40000: loaded C:\Windows\SysWOW64\TextInputFramework.dll
6EDB0000: loaded C:\Windows\SysWOW64\CoreMessaging.dll
6EB40000: loaded C:\Windows\SysWOW64\CoreUIComponents.dll
731F0000: loaded C:\Windows\SysWOW64\ntmarta.dll
6EA60000: loaded C:\Windows\SysWOW64\WinTypes.dll
5960000: loaded C:\Windows\SysWOW64\WinTypes.dll
Unloaded C:\Windows\SysWOW64\WinTypes.dll
76690000: loaded C:\Windows\SysWOW64\clbcatq.dll
71E00000: loaded C:\Windows\SysWOW64\winspool.drv
759B0000: loaded C:\Windows\SysWOW64\bcrypt.dll
73D90000: loaded C:\Windows\SysWOW64\IPHLPAPI.DLL
73F60000: loaded C:\Windows\SysWOW64\propsys.dll
763319B2: unknown exception code 6BA (exc.code 6ba, tid 11636)
PDBSRC: loading symbols for 'C:\Windows\SysWOW64\KernelBase.dll'...
PDB: using DIA dll "C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll"
PDB: DIA interface version 9.0
PDB: using load address 76210000
7728E230: thread has started (tid=8436)
7728E230: thread has started (tid=13824)
71E21150: thread has started (tid=13096)
700E0000: loaded C:\Windows\SysWOW64\netprofm.dll
7649D9C0: thread has started (tid=14328)
700D0000: loaded C:\Windows\SysWOW64\npmproxy.dll
74A30000: loaded C:\Windows\SysWOW64\nsi.dll
73050000: loaded C:\Windows\SysWOW64\dhcpcsvc6.dll
730A0000: loaded C:\Windows\SysWOW64\dhcpcsvc.dll
76000000: loaded C:\Windows\SysWOW64\ws2_32.dll
73DD0000: loaded C:\Windows\SysWOW64\dnsapi.dll
Debugged application message: Invalid parameter passed to C runtime function.
Debugged application message: Invalid parameter passed to C runtime function.
Debugged application message: Invalid parameter passed to C runtime function.
Debugged application message: Invalid parameter passed to C runtime function.
Unloaded C:\Windows\SysWOW64\netprofm.dll
Unloaded C:\Windows\SysWOW64\npmproxy.dll
71670000: loaded C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1039_none_261d4d2767c89927\comctl32.dll
68B0000: loaded E:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\isisaim.dll
Unloaded E:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\isisaim.dll
68B0000: loaded E:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\isisaim.dll
22E0000: loaded e:\program files (x86)\mdl isis desktop 2.5 sp 1\drwstart\io_skbsd.dll
Unloaded e:\program files (x86)\mdl isis desktop 2.5 sp 1\drwstart\io_skbsd.dll
22E0000: loaded e:\program files (x86)\mdl isis desktop 2.5 sp 1\drwstart\io_skbsd.dll
6A30000: loaded e:\program files (x86)\mdl isis desktop 2.5 sp 1\drwstart\rasmd32.dll
Unloaded e:\program files (x86)\mdl isis desktop 2.5 sp 1\drwstart\rasmd32.dll
6A30000: loaded e:\program files (x86)\mdl isis desktop 2.5 sp 1\drwstart\rasmd32.dll
74D3DD84: The instruction at 0x74D3DD84 referenced memory at 0xEFC0. The memory could not be written -> 000000000000EFC0 (exc.code c0000005, tid 11636)
PDBSRC: loading symbols for 'C:\Windows\SysWOW64\user32.dll'...
PDB: using load address 74CF0000
Может есть какой то способ подменить эту dll аналогичными из windows 7 ? Перед или после запуска приложения? Буду благодарен за любую мысль в эту сторону.
Не знаю в какую особо тему обратиться, поэтому напишу тут, если кто то из администраторов форума знает, перекиньте пожалуйста.
Есть древняя 32-битная программа , которая хорошо работает на windows 7 x64, но вылетает на windows 10 x64 когда используешь функция которая вызывает комбобокс (будет на картинке) все остальное работает нормально ( но это достаточно критическая функция в рисовалке).
В логах такая ошибка:
"Имя сбойного приложения: IDraw32.exe, версия: 2.5.1.1, метка времени: 0x4033daf1
Имя сбойного модуля: USER32.dll, версия: 10.0.18362.997, метка времени: 0x39a48e9e
Код исключения: 0xc000041d
Смещение ошибки: 0x00054269
Идентификатор сбойного процесса: 0x1614
Время запуска сбойного приложения: 0x01d72242ae5af5ce
Путь сбойного приложения: C:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\IDraw32.exe"
Пробовал декомпилировать exe файл и посмотреть через win32debuger где его глючит, в итоге понял только что когда программа вызывает какую то функцию из user32.dll, ее перенаправляет на файл ntdll.dll, и она вылетает, вот лог дебагера:
bytes pages size description
--------- ----- ---- --------------------------------------------
14680064 1792 8192 allocating memory for b-tree...
14680064 1792 8192 allocating memory for virtual array...
262144 32 8192 allocating memory for name pointers...
-----------------------------------------------------------------
29622272 total memory allocated
Loading processor module E:\Program Files (x86)\IDA 6.7\procs\pc64.w64 for metapc...OK
Autoanalysis subsystem has been initialized.
Possible file format: MS-DOS executable (EXE) (E:\Program Files (x86)\IDA 6.7\loaders\dos64.l64)
Possible file format: Portable executable for 80386 (PE) (E:\Program Files (x86)\IDA 6.7\loaders\pe64.l64)
Loading file 'E:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\IDraw32.exe' into database...
Detected file format: Portable executable for 80386 (PE)
0. Creating a new segment (0000000000401000-00000000005CC000) ... ... OK
1. Creating a new segment (00000000005CC000-00000000005D0000) ... ... OK
2. Creating a new segment (00000000005D0000-00000000005EB000) ... ... OK
Reading exports directory...
Reading imports directory...
File C:\Windows\system32\ctl3d32.dll is used for module CTL3D32...
File C:\Windows\system32\mdlctl32.dll is used for module MDLCTL32...
3. Creating a new segment (00000000005CC904-00000000005D0000) ... ... OK
Plan FLIRT signature: Microsoft VisualC 2-11/net runtime
autoload.cfg: vc32rtf.sig autoloads mssdk.til
Assuming __cdecl calling convention by default
Type library 'mssdk' loaded. Applying types...
Types applied to 482 names.
main() function at 480770, named "_WinMain@16"
Marking typical code sequences...
Flushing buffers, please wait...ok
File 'E:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\IDraw32.exe' has been successfully loaded into the database.
Compiling file 'E:\Program Files (x86)\IDA 6.7\idc\ida.idc'...
Executing function 'main'...
Compiling file 'E:\Program Files (x86)\IDA 6.7\idc\onload.idc'...
Executing function 'OnLoad'...
IDA is analysing the input file...
You may start to explore the input file right now.
---------------------------------------------------------------------------------------------
Python 2.7.6 (default, Nov 10 2013, 19:24:18) [MSC v.1500 32 bit (Intel)]
IDAPython 64-bit v1.7.0 final (serial 0) (c) The IDAPython Team <idapython@googlegroups.com>
---------------------------------------------------------------------------------------------
Type library 'vc6win' loaded. Applying types...
Types applied to 25 names.
Pattern is not found
Command "AskNextText" failed
Using FLIRT signature: Microsoft VisualC 2-11/net runtime
Propagating type information...
Function argument information has been propagated
The initial autoanalysis has been finished.
<Default debugger>: incompatible saved desktop layout has been ignored
400000: process E:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\IDraw32.exe has started (pid=10436)
77240000: loaded C:\Windows\system32\ntdll.dll
751E0000: loaded C:\Windows\SysWOW64\kernel32.dll
76210000: loaded C:\Windows\SysWOW64\KernelBase.dll
74CF0000: loaded C:\Windows\SysWOW64\user32.dll
75FE0000: loaded C:\Windows\SysWOW64\win32u.dll
7728E230: thread has started (tid=3384)
74C00000: loaded C:\Windows\SysWOW64\gdi32.dll
74F80000: loaded C:\Windows\SysWOW64\gdi32full.dll
74A40000: loaded C:\Windows\SysWOW64\msvcp_win.dll
75EB0000: loaded C:\Windows\SysWOW64\ucrtbase.dll
7728E230: thread has started (tid=10680)
7728E230: thread has started (tid=9600)
759D0000: loaded C:\Windows\SysWOW64\advapi32.dll
74C30000: loaded C:\Windows\SysWOW64\msvcrt.dll
75A50000: loaded C:\Windows\SysWOW64\sechost.dll
74910000: loaded C:\Windows\SysWOW64\rpcrt4.dll
748A0000: loaded C:\Windows\SysWOW64\sspicli.dll
74890000: loaded C:\Windows\SysWOW64\cryptbase.dll
752E0000: loaded C:\Windows\SysWOW64\bcryptprimitives.dll
75B30000: loaded C:\Windows\SysWOW64\comdlg32.dll
5F000000: loaded C:\Windows\SysWOW64\ctl3d32.dll
5AD50000: loaded C:\Windows\SysWOW64\olesvr32.dll
5AD30000: loaded C:\Windows\SysWOW64\olecli32.dll
76410000: loaded C:\Windows\SysWOW64\combase.dll
73110000: loaded C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17763.1039_none_b4b108b76e780de2\comctl32.dll
621D0000: loaded C:\Windows\SysWOW64\mpr.dll
74EF0000: loaded C:\Windows\SysWOW64\SHCore.dll
76BE0000: loaded C:\Windows\SysWOW64\shlwapi.dll
75350000: loaded C:\Windows\SysWOW64\shell32.dll
761D0000: loaded C:\Windows\SysWOW64\cfgmgr32.dll
76C30000: loaded C:\Windows\SysWOW64\windows.storage.dll
75DF0000: loaded C:\Windows\SysWOW64\profapi.dll
75AD0000: loaded C:\Windows\SysWOW64\powrprof.dll
749D0000: loaded C:\Windows\SysWOW64\kernel.appcore.dll
74A10000: loaded C:\Windows\SysWOW64\cryptsp.dll
758B0000: loaded C:\Windows\SysWOW64\ole32.dll
75E10000: loaded C:\Windows\SysWOW64\oleaut32.dll
749E0000: loaded C:\Windows\SysWOW64\imm32.dll
10000000: loaded C:\Windows\SysWOW64\mdlctl32.dll
6F8D0000: loaded C:\Windows\SysWOW64\uxtheme.dll
74AC0000: loaded C:\Windows\SysWOW64\msctf.dll
6F870000: loaded C:\Windows\SysWOW64\dwmapi.dll
75C50000: loaded C:\Windows\SysWOW64\crypt32.dll
76720000: loaded C:\Windows\SysWOW64\msasn1.dll
6EE40000: loaded C:\Windows\SysWOW64\TextInputFramework.dll
6EDB0000: loaded C:\Windows\SysWOW64\CoreMessaging.dll
6EB40000: loaded C:\Windows\SysWOW64\CoreUIComponents.dll
731F0000: loaded C:\Windows\SysWOW64\ntmarta.dll
6EA60000: loaded C:\Windows\SysWOW64\WinTypes.dll
5960000: loaded C:\Windows\SysWOW64\WinTypes.dll
Unloaded C:\Windows\SysWOW64\WinTypes.dll
76690000: loaded C:\Windows\SysWOW64\clbcatq.dll
71E00000: loaded C:\Windows\SysWOW64\winspool.drv
759B0000: loaded C:\Windows\SysWOW64\bcrypt.dll
73D90000: loaded C:\Windows\SysWOW64\IPHLPAPI.DLL
73F60000: loaded C:\Windows\SysWOW64\propsys.dll
763319B2: unknown exception code 6BA (exc.code 6ba, tid 11636)
PDBSRC: loading symbols for 'C:\Windows\SysWOW64\KernelBase.dll'...
PDB: using DIA dll "C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll"
PDB: DIA interface version 9.0
PDB: using load address 76210000
7728E230: thread has started (tid=8436)
7728E230: thread has started (tid=13824)
71E21150: thread has started (tid=13096)
700E0000: loaded C:\Windows\SysWOW64\netprofm.dll
7649D9C0: thread has started (tid=14328)
700D0000: loaded C:\Windows\SysWOW64\npmproxy.dll
74A30000: loaded C:\Windows\SysWOW64\nsi.dll
73050000: loaded C:\Windows\SysWOW64\dhcpcsvc6.dll
730A0000: loaded C:\Windows\SysWOW64\dhcpcsvc.dll
76000000: loaded C:\Windows\SysWOW64\ws2_32.dll
73DD0000: loaded C:\Windows\SysWOW64\dnsapi.dll
Debugged application message: Invalid parameter passed to C runtime function.
Debugged application message: Invalid parameter passed to C runtime function.
Debugged application message: Invalid parameter passed to C runtime function.
Debugged application message: Invalid parameter passed to C runtime function.
Unloaded C:\Windows\SysWOW64\netprofm.dll
Unloaded C:\Windows\SysWOW64\npmproxy.dll
71670000: loaded C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1039_none_261d4d2767c89927\comctl32.dll
68B0000: loaded E:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\isisaim.dll
Unloaded E:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\isisaim.dll
68B0000: loaded E:\Program Files (x86)\MDL ISIS Desktop 2.5 SP 1\isisaim.dll
22E0000: loaded e:\program files (x86)\mdl isis desktop 2.5 sp 1\drwstart\io_skbsd.dll
Unloaded e:\program files (x86)\mdl isis desktop 2.5 sp 1\drwstart\io_skbsd.dll
22E0000: loaded e:\program files (x86)\mdl isis desktop 2.5 sp 1\drwstart\io_skbsd.dll
6A30000: loaded e:\program files (x86)\mdl isis desktop 2.5 sp 1\drwstart\rasmd32.dll
Unloaded e:\program files (x86)\mdl isis desktop 2.5 sp 1\drwstart\rasmd32.dll
6A30000: loaded e:\program files (x86)\mdl isis desktop 2.5 sp 1\drwstart\rasmd32.dll
74D3DD84: The instruction at 0x74D3DD84 referenced memory at 0xEFC0. The memory could not be written -> 000000000000EFC0 (exc.code c0000005, tid 11636)
PDBSRC: loading symbols for 'C:\Windows\SysWOW64\user32.dll'...
PDB: using load address 74CF0000
Может есть какой то способ подменить эту dll аналогичными из windows 7 ? Перед или после запуска приложения? Буду благодарен за любую мысль в эту сторону.