我无法在我的 go 项目中导入本地包

Question

vengy

Asked: 2023-09-03 22:06:01 +0800 CST2023-09-03 22:06:01 +0800 CST 2023-09-03 22:06:01 +0800 CST

Windows Palo Alto Cortex XDR BSOD，带错误检查 0x139

772

Windows 防病毒软件Cortex XDR Agent version 8.1.1在我的开发计算机上处于活动状态。使用CreateToolhelp32Snapshot运行指定进程的一些快照时，Cortex 突然弹出一条消息，Malicious tampering threat detected并显示 BSOD

经过几个小时的调试，这是最小的再现

// HeapTest.c - Release x64 build with Visual C++ 2022 
// BSOD with Bug Check 0x139 in Cortex XDR

#include <windows.h>
#include <tlhelp32.h>

int main()
{
    CreateToolhelp32Snapshot(TH32CS_SNAPHEAPLIST, 8456);
}

其中进程 ID 8456 是cytray.exe的。

Windows 创建了一个 minidmp%SystemRoot%\Minidump并用调试器打开它Windbg显示

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\090223-14718-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 22621 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff807`72600000 PsLoadedModuleList = 0xfffff807`732130e0
Debug session time: Sat Sep  2 19:35:12.743 2023 (UTC - 4:00)
System Uptime: 0 days 5:06:37.745
Loading Kernel Symbols
...............................................................
................................................................
................................................................
....................................................
Loading User Symbols
Loading unloaded module list
...................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 139, {a, 0, 0, fffff80772a2dfc0}

Probably caused by : Unknown_Image ( PAGE_NOT_ZERO )

Followup: MachineOwner
---------

 *** Memory manager detected 178688 instance(s) of page corruption, target is likely to have memory corruption.



6: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Unknown bugcheck code (139)
Unknown bugcheck description
Arguments:
Arg1: 000000000000000a
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: fffff80772a2dfc0

Debugging Details:
------------------


CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x139

PROCESS_NAME:  HeapTest.exe

CURRENT_IRQL:  0

BAD_PAGES_DETECTED: 2ba00

LAST_CONTROL_TRANSFER:  from fffff80772a3bf8e to fffff80772a31250

STACK_TEXT:  
ffffa20c`050b6988 fffff807`72a3bf8e : 00000000`00000139 00000000`0000000a 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffffa20c`050b6990 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!guard_icall_bugcheck+0x1e


STACK_COMMAND:  kb

SYMBOL_NAME:  PAGE_NOT_ZERO

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: Unknown_Module

IMAGE_NAME:  Unknown_Image

DEBUG_FLR_IMAGE_TIMESTAMP:  0

BUCKET_ID:  PAGE_NOT_ZERO

Followup: MachineOwner
---------

 *** Memory manager detected 178688 instance(s) of page corruption, target is likely to have memory corruption.

基于 Cortex 的预防信息

OS version: 10.0.22621
Component: Anti Tampering Protection
Cortex XDR code: C04000AC
Prevention description: Malicious tampering threat detected
Verdict: 0
Quarantined: False
Post-Detected: False
Rule name: anti_tampering.8

这很可能是以下Cortex XDR 驱动程序之一中的错误

C:\Program Files\Palo Alto Networks\Traps\cyverak.sys
C:\Program Files\Palo Alto Networks\Traps\cyvrmtgn.sys
C:\Program Files\Palo Alto Networks\Traps\cyvrfsfd.sys
C:\Program Files\Palo Alto Networks\Traps\tedrdrv.sys
C:\Program Files\Palo Alto Networks\Traps\tdevflt.sys
C:\Program Files\Palo Alto Networks\Traps\tedrpers-<version>.sys
C:\Windows\System32\drivers\telam.sys

问题

出于好奇，有没有办法识别有缺陷的系统驱动程序的名称？

1 个回答

Voted

David Browne - Microsoft · Answer 1 · 2023-09-03T22:16:13+08:00

Best Answer

David Browne - Microsoft

2023-09-03T22:16:13+08:002023-09-03T22:16:13+08:00

出于好奇，有没有办法识别有缺陷的系统驱动程序的名称？

如果没有驱动程序的源代码，就没有合理的方法。内存损坏是崩溃之前发生的事情。这是一个真正需要驱动程序开发人员弄清楚的调试练习。

1

Windows Palo Alto Cortex XDR BSOD，带错误检查 0x139

使用 <font color="#xxx"> 突出显示 html 中的代码

为什么在传递 {} 时重载解析更喜欢 std::nullptr_t 而不是类？

您可以使用花括号初始化列表作为（默认）模板参数吗？

为什么列表推导式在内部创建一个函数？

我正在尝试仅使用海龟随机和数学模块来制作吃豆人游戏

java.lang.NoSuchMethodError: 'void org.openqa.selenium.remote.http.ClientConfig.<init>(java.net.URI, java.time.Duration, java.time.Duratio

为什么 'char -> int' 是提升，而 'char -> Short' 是转换（但不是提升）？

为什么库中不调用全局变量的构造函数？

std::common_reference_with 在元组上的行为不一致。哪个是对的？

C++17 中 std::byte 只能按位运算？

Windows Palo Alto Cortex XDR BSOD，带错误检查 0x139

1 个回答

相关问题