|
|
EDA365欢迎您登录!
您需要 登录 才可以下载或查看,没有帐号?注册
x
' {8 c1 K N* {" p! _
报错提示如下
! Y' i) i6 p. x, v7 N5 m* B& _
' G3 k' _8 a- y
( O- N: ^) Y' _9 z5 V2 L8 {+ Q4 dVBoxHardening.log日志如下:
7 }7 ^! W3 [5 Q& E5 r
* \2 [, ^. V6 D. C& n- F, b27fc.33b0: Log file opened: 6.1.12r139181 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047ba00
3 U5 ^; P t- ~% `7 S27fc.33b0: \SystemRoot\System32\ntdll.dll:
: |: {6 A# |7 ~27fc.33b0: CreationTime: 2020-05-13T04:08:01.305832200Z
) h/ M) {; G1 M( Z4 `27fc.33b0: LastWriteTime: 2020-05-13T04:08:01.364711200Z
# y ]+ }2 ]8 M27fc.33b0: ChangeTime: 2020-08-12T03:51:05.663111000Z1 R$ U, u4 a5 F; ~% `! q
27fc.33b0: FileAttributes: 0x20! y8 @1 V. t3 }# l+ v' b, h
27fc.33b0: Size: 0x1e8460
( d5 A( V0 C+ E" P9 o! F, k" h27fc.33b0: NT Headers: 0xd8
Z! |( f4 ?1 j7 ]& A8 N x27fc.33b0: Timestamp: 0xb29ecf521 @& @+ J) r5 u v7 M/ [" U
27fc.33b0: Machine: 0x8664 - amd64
4 P0 [% k( I. y% W, s27fc.33b0: Timestamp: 0xb29ecf52& S- e. U, B' o R2 h2 R
27fc.33b0: Image Version: 10.0
" r# C; {$ F9 d0 [7 `( X27fc.33b0: SizeOfImage: 0x1f0000 (2031616)4 j/ E4 s8 C: U P
27fc.33b0: Resource Dir: 0x17f000 LB 0x6f3105 A& l1 q, S. q/ m; i' X2 m
27fc.33b0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]3 H, e; r1 L2 U4 H
27fc.33b0: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
! J3 U9 L6 D( d% z9 Y, k7 K% T# v27fc.33b0: ProductName: Microsoft® Windows® Operating System
* u" E4 V2 f' r( g, g" w" F27fc.33b0: ProductVersion: 10.0.18362.815, F8 @5 Z; q1 j7 c6 Y) p
27fc.33b0: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
4 I2 s# F& V: n% W# d2 Z8 _4 r27fc.33b0: FileDescription: NT Layer DLL
- h d7 N$ x; ^; H! _: m: ?27fc.33b0: \SystemRoot\System32\kernel32.dll:& `( ~; R; @! b* ^# |% n' ^$ Y
27fc.33b0: CreationTime: 2020-07-15T02:37:51.154008500Z
1 E' K0 T) y& l27fc.33b0: LastWriteTime: 2020-07-15T02:37:51.189919900Z+ b4 k+ @/ W+ k* v4 k
27fc.33b0: ChangeTime: 2020-08-12T03:51:05.332995100Z9 A+ A8 y# r+ Y) t
27fc.33b0: FileAttributes: 0x20
6 h- [" W3 c* ~, I) O27fc.33b0: Size: 0xb0498- j/ K% r+ m: U! e. C
27fc.33b0: NT Headers: 0xe8
: [ x D+ @: f* E) V& e27fc.33b0: Timestamp: 0xce6bbd73
9 k! A5 t! ? Z. C27fc.33b0: Machine: 0x8664 - amd64; h: _. k7 Z; F, c$ L0 z
27fc.33b0: Timestamp: 0xce6bbd732 d5 v, l4 K1 P( F9 k
27fc.33b0: Image Version: 10.0/ b; n# @* T( _$ k+ B
27fc.33b0: SizeOfImage: 0xb2000 (729088)7 ?& v$ Q& L1 {# K% ~
27fc.33b0: Resource Dir: 0xb0000 LB 0x5202 H: D4 J1 h# `. T" ^ u
27fc.33b0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
( m8 @% [0 C; y/ e; ]1 b27fc.33b0: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]: E7 a# `7 @- s
27fc.33b0: ProductName: Microsoft® Windows® Operating System
: h1 m2 d* |. J% s3 K/ u9 J27fc.33b0: ProductVersion: 10.0.18362.959
( r4 `5 Q X4 M E1 _27fc.33b0: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)# n% P8 @5 o. `, o' G
27fc.33b0: FileDescription: Windows NT BASE API Client DLL
* A: M! E$ C" f! m27fc.33b0: \SystemRoot\System32\KernelBase.dll:
5 F0 i+ \3 J' o b27fc.33b0: CreationTime: 2020-08-12T03:50:16.150249100Z Y( C5 z/ l7 o- g' T3 a
27fc.33b0: LastWriteTime: 2020-08-12T03:50:16.238020800Z& e9 I1 X. W1 j K N0 ]3 O5 a5 |6 o$ _7 K
27fc.33b0: ChangeTime: 2020-08-12T09:44:10.047506100Z
7 H l% A, y* @3 I27fc.33b0: FileAttributes: 0x20
9 S1 p. ?3 v. ?/ @+ o0 g27fc.33b0: Size: 0x2a3868
& z0 `3 c, D% E1 {! f- g- ]5 A5 U27fc.33b0: NT Headers: 0xf8
) `& u5 P I* y27fc.33b0: Timestamp: 0x91b9349a P, q! }; ~; A, O
27fc.33b0: Machine: 0x8664 - amd64
; I4 |7 }7 q( A" o% E2 b7 i) ^1 j27fc.33b0: Timestamp: 0x91b9349a% O8 [$ _. u0 A- v7 f
27fc.33b0: Image Version: 10.0
8 c* Q7 b& e2 F0 p27fc.33b0: SizeOfImage: 0x2a4000 (2768896)- ~$ w$ @4 x( W' b- m
27fc.33b0: Resource Dir: 0x27e000 LB 0x548
9 ]6 R/ \6 r2 J27fc.33b0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
! h3 x" s1 a9 s5 w3 _# \: l# L27fc.33b0: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
. b. g m/ P1 k# }27fc.33b0: ProductName: Microsoft® Windows® Operating System
( d5 }6 F& y* a: o5 ]27fc.33b0: ProductVersion: 10.0.18362.997
1 ]7 y! o' y/ D. R( f27fc.33b0: FileVersion: 10.0.18362.997 (WinBuild.160101.0800)( F | S" p, X! M* w$ A
27fc.33b0: FileDescription: Windows NT BASE API Client DLL- J2 ]7 E! R5 l7 W7 K1 a1 F. t
27fc.33b0: \SystemRoot\System32\apisetschema.dll:# s ^ N& O6 C9 y: G! g
27fc.33b0: CreationTime: 2019-03-19T04:43:54.837151500Z
+ Y' }2 e& A: ~. l5 s/ p0 s& d27fc.33b0: LastWriteTime: 2019-03-19T04:43:54.837151500Z
( ]3 n8 Q$ k2 V* ?' a27fc.33b0: ChangeTime: 2020-08-12T03:51:05.320029000Z
/ }$ F. V4 g0 @# `27fc.33b0: FileAttributes: 0x203 L, E# \8 b9 u( X
27fc.33b0: Size: 0x1d028# K/ `! R4 A# q6 G5 t
27fc.33b0: NT Headers: 0xc8
4 m+ {- `5 U/ g" v$ c- ^' Z27fc.33b0: Timestamp: 0xd6ced080
+ _1 l% J. ]4 y& }+ F0 ^- g27fc.33b0: Machine: 0x8664 - amd648 n# \; X/ v+ `4 r4 M5 I0 Q
27fc.33b0: Timestamp: 0xd6ced080
2 `$ c R- P, z6 y, ~27fc.33b0: Image Version: 10.0
. c) }* c( G: s. D3 x7 i8 p5 a27fc.33b0: SizeOfImage: 0x1e000 (122880)4 w8 {5 K8 Q3 @+ g. ~! m
27fc.33b0: Resource Dir: 0x1d000 LB 0x408
5 w1 m% G( G- Z27fc.33b0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6 r! F( ^/ o* w8 |' L27fc.33b0: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
+ V8 M6 l; Q% r) P" E; j& n27fc.33b0: ProductName: Microsoft® Windows® Operating System* A5 e* \) y: r5 e/ W6 w
27fc.33b0: ProductVersion: 10.0.18362.1. @. f7 s) C; d8 N$ q
27fc.33b0: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
# l4 d! e5 q7 d8 v27fc.33b0: FileDescription: ApiSet Schema DLL
! ]8 C# Z7 J+ M, D1 I27fc.33b0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
# C7 g! l4 y3 ?: a0 l27fc.33b0: supR3HardenedWinFindAdversaries: 0x08 E$ L) t8 r2 U8 x
27fc.33b0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume6\virtualBox'+ Z6 B, `" m) |$ S
27fc.33b0: Calling main()
2 G% e5 o- z# Q" F/ B, J27fc.33b0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
* g( S2 Y5 T4 [; g3 R27fc.33b0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume6\virtualBox'
5 f `" ]: z& I+ s) @* `2 G27fc.33b0: SUPR3HardenedMain: Respawn #1! V3 i- ?5 c+ A C) b- W
27fc.33b0: System32: \Device\HarddiskVolume3\Windows\System32
! x: j3 Z' R% K7 l. \' T0 ^% B27fc.33b0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
3 y; P! {0 M9 H" W# B6 S27fc.33b0: KnownDllPath: C:\Windows\System32
, U# ~( _, a3 z; V( ], P. V27fc.33b0: supR3HardenedWinInit: PeRForming a limited self purification...
$ c0 Q) t7 ?& _) \* F* |3 g3 w. ]27fc.33b0: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
7 O* w$ ]* z% Q! |; [2 D27fc.33b0: *0000000000000000-0000000000acffff 0x0001/0x0000 0x0000000
5 N! i7 T5 V/ l9 s j2 L27fc.33b0: *0000000000ad0000-0000000000adffff 0x0004/0x0004 0x0040000 t- a {( F. K6 V1 ], @- i
27fc.33b0: 0000000000ae0000-0000000000aeffff 0x0001/0x0000 0x0000000( z3 M8 P) ?* S2 e7 Z2 _
27fc.33b0: *0000000000af0000-0000000000b0afff 0x0002/0x0002 0x00400008 T9 _8 J/ n. r- S c
27fc.33b0: 0000000000b0b000-0000000000b0ffff 0x0001/0x0000 0x0000000
8 k" I. b9 o! ~7 p27fc.33b0: *0000000000b10000-0000000000b13fff 0x0002/0x0002 0x0040000( b* W4 _: w+ a5 c/ V
27fc.33b0: 0000000000b14000-0000000000b1ffff 0x0001/0x0000 0x0000000
. ] ]8 W+ J7 ?2 Z: z* L27fc.33b0: *0000000000b20000-0000000000b21fff 0x0004/0x0004 0x0020000* T, m6 ~: R% d8 \ _
27fc.33b0: 0000000000b22000-0000000000b2ffff 0x0001/0x0000 0x0000000
7 J3 b! P4 R2 q, H* ?& f$ _, E27fc.33b0: *0000000000b30000-0000000000bf6fff 0x0002/0x0002 0x00400009 f+ L) W( \ Q0 ~* f, u
27fc.33b0: 0000000000bf7000-0000000000bfffff 0x0001/0x0000 0x0000000
7 q( N: c8 S: X0 [7 [6 B27fc.33b0: *0000000000c00000-0000000000d8efff 0x0000/0x0004 0x0020000) g- h7 R, \6 p$ p: g% i0 D" H/ h
27fc.33b0: 0000000000d8f000-0000000000d91fff 0x0004/0x0004 0x0020000 q( M1 i0 G1 D5 a
27fc.33b0: 0000000000d92000-0000000000dfffff 0x0000/0x0004 0x0020000+ e- g& G6 T" @1 w% R+ P
27fc.33b0: *0000000000e00000-0000000000eb8fff 0x0000/0x0004 0x0020000! `4 H6 V* f l0 }
27fc.33b0: 0000000000eb9000-0000000000ebbfff 0x0104/0x0004 0x0020000
+ N$ Q \3 i/ V" w6 H; L; h27fc.33b0: 0000000000ebc000-0000000000efffff 0x0004/0x0004 0x0020000
! x$ l1 @) { Q5 A( u: d+ I z27fc.33b0: *0000000000f00000-0000000000f01fff 0x0004/0x0004 0x0020000
7 {5 z* ]8 o3 q8 F6 U# z+ k27fc.33b0: 0000000000f02000-0000000000f19fff 0x0000/0x0004 0x0020000
+ r' C. O) h6 k27fc.33b0: 0000000000f1a000-0000000000ffffff 0x0001/0x0000 0x0000000
1 p* L$ |8 I2 P* _5 P# a27fc.33b0: *0000000001000000-0000000001004fff 0x0004/0x0004 0x0020000
, z6 r/ y, ?7 J6 B$ q- u% @27fc.33b0: 0000000001005000-00000000010fffff 0x0000/0x0004 0x0020000
8 Z- j1 D8 j8 E' M2 ?. g27fc.33b0: *0000000001100000-000000000111cfff 0x0004/0x0004 0x00200007 B, R! `6 J/ f0 I5 ]
27fc.33b0: 000000000111d000-00000000011fffff 0x0000/0x0004 0x0020000
A: b' `+ a3 X; P; o% |6 u27fc.33b0: 0000000001200000-00000000012effff 0x0001/0x0000 0x0000000' g3 u7 d8 q) y7 Y
27fc.33b0: *00000000012f0000-00000000012fefff 0x0004/0x0004 0x0020000# C% v2 d+ W7 T8 j; c
27fc.33b0: 00000000012ff000-00000000012fffff 0x0000/0x0004 0x0020000
% q8 ^" O% i8 i8 j27fc.33b0: *0000000001300000-0000000001303fff 0x0000/0x0004 0x0020000$ o; a* Z" p7 g4 g# y
27fc.33b0: 0000000001304000-00000000014f4fff 0x0004/0x0004 0x00200007 D! B" e+ U% F! k# n
27fc.33b0: 00000000014f5000-00000000014f5fff 0x0000/0x0004 0x00200007 v/ h$ X$ i& B9 E+ t1 m0 J
27fc.33b0: 00000000014f6000-000000007ffdffff 0x0001/0x0000 0x0000000
: v" X3 q: n7 E9 z; x1 E8 \27fc.33b0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x00200004 k. K7 Y, x+ j# ~
27fc.33b0: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
5 r5 b" c0 V$ ]/ E3 V& m K27fc.33b0: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
, W+ c, S+ R! C" r27fc.33b0: 000000007fff0000-00007ff465c8ffff 0x0001/0x0000 0x0000000
9 m9 \* U2 ^2 O( R* ~) s. o27fc.33b0: *00007ff465c90000-00007ff465c94fff 0x0002/0x0002 0x0040000% H- W5 J. E/ L+ a8 q
27fc.33b0: 00007ff465c95000-00007ff465d8ffff 0x0000/0x0002 0x0040000
! [+ a; k1 J* z$ h. }9 f$ U* ^/ A27fc.33b0: *00007ff465d90000-00007ff565daffff 0x0000/0x0004 0x0020000+ Y1 _. T6 [2 i! K5 G1 G
27fc.33b0: *00007ff565db0000-00007ff567daffff 0x0000/0x0004 0x00200009 R/ L! \: {' w' p& h6 ~
27fc.33b0: 00007ff567db0000-00007ff567db0fff 0x0004/0x0004 0x00200005 F# [1 z/ ?: m6 g! x. c
27fc.33b0: 00007ff567db1000-00007ff567dbffff 0x0001/0x0000 0x0000000: d4 g% A% F& C9 w: Z* O5 V$ x
27fc.33b0: *00007ff567dc0000-00007ff567dc0fff 0x0002/0x0002 0x0040000
# P N. ]; i. @$ n$ r7 ^- `" ~27fc.33b0: 00007ff567dc1000-00007ff567dcffff 0x0001/0x0000 0x0000000! }: X. w4 h, N
27fc.33b0: *00007ff567dd0000-00007ff567e02fff 0x0002/0x0002 0x0040000
* \# G9 ~ n3 e6 Q3 T# V, G27fc.33b0: 00007ff567e03000-00007ff646a3ffff 0x0001/0x0000 0x00000009 [- j3 |* \9 M, C! `" _
27fc.33b0: *00007ff646a40000-00007ff646a40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe
5 ]: J4 f% `# r1 F$ E27fc.33b0: 00007ff646a41000-00007ff646ab6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe
0 ^# ?+ u8 R( q9 G9 N0 Y# ]3 h6 t+ \# J27fc.33b0: 00007ff646ab7000-00007ff646ab7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe/ Q+ M* C8 M8 \4 N1 F. h
27fc.33b0: 00007ff646ab8000-00007ff646afffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe
. I' Y5 _. ~! k( c* B% k" u+ r27fc.33b0: 00007ff646b00000-00007ff646b02fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe9 Z$ F$ p( l! i6 C7 s
27fc.33b0: 00007ff646b03000-00007ff646b05fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe
: ]9 s9 V$ H) y5 J0 R! k! {27fc.33b0: 00007ff646b06000-00007ff646b08fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe0 e6 t% [% L$ n: s
27fc.33b0: 00007ff646b09000-00007ff646b09fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe
7 m2 X9 n" O0 i* k: P1 k4 I9 m27fc.33b0: 00007ff646b0a000-00007ff646b0bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe
) U& _! R, B+ m27fc.33b0: 00007ff646b0c000-00007ff646b0cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe: o! q5 I' H* h5 T' X2 [
27fc.33b0: 00007ff646b0d000-00007ff646b55fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe) J$ f; h. {! J \7 X3 R# ]
27fc.33b0: 00007ff646b56000-00007ff938fcffff 0x0001/0x0000 0x0000000
' {2 ?0 S7 Q2 a0 Z0 r27fc.33b0: *00007ff938fd0000-00007ff938fd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll. d# b D' K. k) K& [3 Z4 I
27fc.33b0: 00007ff938fd1000-00007ff9390d5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll+ m" V* s1 S1 C2 y* ? ~* {% I2 h
27fc.33b0: 00007ff9390d6000-00007ff939238fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
; Q% `0 `( f$ S: T; ?27fc.33b0: 00007ff939239000-00007ff93923cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll' _: c. w$ m, @( I8 X$ T$ {
27fc.33b0: 00007ff93923d000-00007ff93923dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
* W0 M" b" o) L1 Q27fc.33b0: 00007ff93923e000-00007ff939273fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll) ?+ `. j! F, \0 K* C
27fc.33b0: 00007ff939274000-00007ff93a98ffff 0x0001/0x0000 0x0000000
# z7 y# |9 r- i( L Q. Y1 S27fc.33b0: *00007ff93a990000-00007ff93a990fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll8 n+ A$ M( Q9 q3 o# M2 W8 l
27fc.33b0: 00007ff93a991000-00007ff93aa05fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll2 j1 o" G& P0 `( y6 z/ y6 |2 o# E+ X% w
27fc.33b0: 00007ff93aa06000-00007ff93aa37fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll) s9 }0 ]3 C; X6 a: r
27fc.33b0: 00007ff93aa38000-00007ff93aa38fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll$ G. c4 y0 I7 f7 H2 q& ~
27fc.33b0: 00007ff93aa39000-00007ff93aa39fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll: ?2 |. ?4 z: W+ R# w3 X, ^4 u- H2 P
27fc.33b0: 00007ff93aa3a000-00007ff93aa41fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll a' N8 }) }( n
27fc.33b0: 00007ff93aa42000-00007ff93badffff 0x0001/0x0000 0x0000000
' O- A( X6 |! h8 n* { F ~27fc.33b0: *00007ff93bae0000-00007ff93bae0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
C p9 W2 D8 a3 p27fc.33b0: 00007ff93bae1000-00007ff93bbf7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll/ ?9 Z- ^3 O9 {; T
27fc.33b0: 00007ff93bbf8000-00007ff93bc3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
, }6 c0 i3 O: D2 ]27fc.33b0: 00007ff93bc3f000-00007ff93bc3ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll7 Z2 Q& y+ E5 L& T( f
27fc.33b0: 00007ff93bc40000-00007ff93bc41fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
# s/ A# K/ e& F A, g- W G27fc.33b0: 00007ff93bc42000-00007ff93bc4afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll3 ~$ a# `! f& k/ u. ~' d. I: }# c
27fc.33b0: 00007ff93bc4b000-00007ff93bccffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll5 j/ _* D% I6 o3 _6 V7 g4 j z
27fc.33b0: 00007ff93bcd0000-00007ffffffeffff 0x0001/0x0000 0x0000000' S$ l& \9 l! l. h( p5 ~
27fc.33b0: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS)
) B# ^3 E9 a5 A, v- @ S27fc.33b0: kernelbase.dll: timestamp 0x91b9349a (rc=VINF_SUCCESS)
* l4 }5 {* W( D! g1 y9 z. U& ~27fc.33b0: VirtualBoxVM.exe: timestamp 0x5f08d7bc (rc=VINF_SUCCESS)& s/ h4 g; i0 v. \
27fc.33b0: '\Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe' has no imports
: L$ p0 u. c( M1 j. R. y27fc.33b0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
/ u f, \% W6 u! k5 V27fc.33b0: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0% ~1 {; M. K2 l; [ j/ ^7 x
27fc.33b0: '\Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe' has no imports
- N% A2 ]4 Y3 k27fc.33b0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe)1 S. Z9 _# J; E# R
27fc.33b0: supR3HardNtEnableThreadCreationEx:8 b1 m% [( o) z4 S: w/ i
27fc.33b0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff93bb51770 pvNtTerminateThread=00007ff93bb7cac0
3 R Z% r4 g4 v" ]27fc.33b0: supR3HardenedWinDoReSpawn(1): New child 32b0.2564 [kernel32].
% Q8 t6 b' V& Y3 I/ u) c27fc.33b0: supR3HardNtChildGatherData: PebBaseAddress=0000000000b2e000 cbPeb=0x388
1 \3 S1 J! @7 L( r+ ?5 o6 F27fc.33b0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff93bae0000 uNtDllChildAddr=00007ff93bae0000( D0 r" C& @! N* ^
27fc.33b0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff93bb51770! z+ Z3 W6 s7 C: q" c9 x/ @
27fc.33b0: supR3HardenedWinSetupChildInit: Initial context:" z$ A5 [* q9 n6 P2 I) d. H
rax=0000000000000000 rbx=0000000000000000 rcx=00007ff646a47900 rdx=0000000000b2e000
6 C3 K9 K/ n( ]! |) prsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
* ~, b5 F5 B4 s3 p: e Gr10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000% M9 \ Z# H- C- T! T Y8 u/ f6 v
r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
0 U8 w2 C7 H4 [) T5 N6 y9 Urip=00007ff93bb4ce30 rsp=000000000096fa68 rbp=0000000000000000 ctxflags=0010001b
' w2 Y2 h) n' b: h$ O# P; f- ~cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f804 T& ` A9 g7 g' W1 r* j
P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
+ q" n- R2 n6 D0 E1 _3 Sdr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000& K7 W- Y7 c! m
dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=00000000000000001 ?& V5 n$ C* F6 q( r+ s
lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
' Q, K/ ^- x9 x, ]6 N* G27fc.33b0: supR3HardenedWinSetupChildInit: Start child.
- R! F, z$ E6 P/ F: B& T7 {27fc.33b0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
) r- w8 p! s9 g6 g0 g27fc.33b0: supR3HardNtChildPurify: Startup delay kludge #1/0: 268 ms, 23 sleeps
* B, q B) J* m5 y27fc.33b0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION1 H4 L* }* P2 T/ i) x2 ]& q
27fc.33b0: *0000000000000000-000000000082ffff 0x0001/0x0000 0x0000000
% F$ x+ S% o. V% [& s! N5 H9 z) A( m27fc.33b0: *0000000000830000-000000000084ffff 0x0004/0x0004 0x0020000
# w) |8 }4 ^6 e27fc.33b0: *0000000000850000-000000000086afff 0x0002/0x0002 0x0040000% T* d; Q1 U0 x" K3 }3 k: J9 r
27fc.33b0: 000000000086b000-000000000086ffff 0x0001/0x0000 0x0000000! p( t) h# y( A+ q4 _
27fc.33b0: *0000000000870000-000000000096afff 0x0000/0x0004 0x0020000. y' C) C( E0 r G! q' S5 g
27fc.33b0: 000000000096b000-000000000096dfff 0x0104/0x0004 0x0020000
0 A% \# m. U4 L27fc.33b0: 000000000096e000-000000000096ffff 0x0004/0x0004 0x0020000$ ^& ?9 f$ t% U" Q& L1 u. V" a3 G5 m
27fc.33b0: *0000000000970000-0000000000973fff 0x0002/0x0002 0x0040000* q& M3 e2 s0 R; c/ o3 ?. ~" y: D7 i; O
27fc.33b0: 0000000000974000-000000000097ffff 0x0001/0x0000 0x0000000
. c6 n, J% u/ ^) ~& `; q+ c" ?" u27fc.33b0: *0000000000980000-0000000000981fff 0x0004/0x0004 0x0020000- k1 N" {* ]5 |/ [
27fc.33b0: 0000000000982000-00000000009fffff 0x0001/0x0000 0x0000000! \6 _0 T; j+ {
27fc.33b0: *0000000000a00000-0000000000b2dfff 0x0000/0x0004 0x0020000
* ], S- W8 D" R9 e: |2 O0 Y9 S27fc.33b0: 0000000000b2e000-0000000000b30fff 0x0004/0x0004 0x0020000* `6 [8 C$ U; e5 |2 @2 v
27fc.33b0: 0000000000b31000-0000000000bfffff 0x0000/0x0004 0x0020000. s4 v& T! l/ k# K
27fc.33b0: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000' _# c4 D& Y6 M1 E
27fc.33b0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000* ], V' K' l- V; y
27fc.33b0: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
, m. c4 i1 p# E0 {8 L& E% ~- a27fc.33b0: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000/ b+ ?, q$ ~0 N0 Z6 ]% \! ]' W0 B
27fc.33b0: 000000007fff0000-00007ff5ec1bffff 0x0001/0x0000 0x0000000. G/ x6 G8 h6 c
27fc.33b0: *00007ff5ec1c0000-00007ff5ec1c0fff 0x0002/0x0002 0x0040000
( d9 y) ^5 ~4 y4 A6 d27fc.33b0: 00007ff5ec1c1000-00007ff5ec1cffff 0x0001/0x0000 0x0000000
4 c- F+ G/ v, o1 d27fc.33b0: *00007ff5ec1d0000-00007ff5ec202fff 0x0002/0x0002 0x0040000
: u! t1 ]: f- s/ _7 I: Z. _27fc.33b0: 00007ff5ec203000-00007ff646a3ffff 0x0001/0x0000 0x0000000
- }/ F6 m$ @! m1 S# N$ R27fc.33b0: *00007ff646a40000-00007ff646a40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe
2 H+ Y5 e2 p2 A3 ^$ g( \' g3 P27fc.33b0: 00007ff646a41000-00007ff646ab6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe4 y. g M n' @' v
27fc.33b0: 00007ff646ab7000-00007ff646ab7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe+ {9 d1 G3 U% W
27fc.33b0: 00007ff646ab8000-00007ff646afffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe7 B7 ]9 S: H( z! M
27fc.33b0: 00007ff646b00000-00007ff646b00fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe
2 Y: T" E3 Y! m7 S27fc.33b0: 00007ff646b01000-00007ff646b01fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe, k q+ g5 s' i* N! T' C& p
27fc.33b0: 00007ff646b02000-00007ff646b06fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe7 H. x& a8 I ]1 V+ j
27fc.33b0: 00007ff646b07000-00007ff646b07fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe
! s9 y! J! S/ L; q6 W5 P27fc.33b0: 00007ff646b08000-00007ff646b08fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe! T! g& P; e: `7 l% E7 q) t7 E7 X
27fc.33b0: 00007ff646b09000-00007ff646b0cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe! \; g. x. r {2 e' f7 T) Z
27fc.33b0: 00007ff646b0d000-00007ff646b55fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe) Z4 z. R. H% A4 L* m' T: `. Z1 b4 K
27fc.33b0: 00007ff646b56000-00007ff93badffff 0x0001/0x0000 0x0000000
/ Z4 E6 @9 L; o' u2 u& C3 J27fc.33b0: *00007ff93bae0000-00007ff93bae0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll6 P$ y" t* k+ O. |, Q4 N7 E
27fc.33b0: 00007ff93bae1000-00007ff93bbf7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll7 a: }' R9 B1 C
27fc.33b0: 00007ff93bbf8000-00007ff93bc3efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
# M% U$ V1 }; @9 e6 V$ a27fc.33b0: 00007ff93bc3f000-00007ff93bc4afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
C: i' k% x3 K4 N0 ?# k27fc.33b0: 00007ff93bc4b000-00007ff93bc59fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll |% d! j; k8 P8 c5 P
27fc.33b0: 00007ff93bc5a000-00007ff93bc5afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll6 _$ \9 N! F# J, N
27fc.33b0: 00007ff93bc5b000-00007ff93bc5dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll) @; m" c( F; g) F( V* a
27fc.33b0: 00007ff93bc5e000-00007ff93bccffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll7 z9 Z! n* c+ y( M E+ b
27fc.33b0: 00007ff93bcd0000-00007ffffffeffff 0x0001/0x0000 0x0000000
* Y7 U, Z: Q, O; a27fc.33b0: supR3HardNtChildPurify: Done after 274 ms and 0 fixes (loop #0).
# B. E0 p( @ \32b0.2564: Log file opened: 6.1.12r139181 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00( X5 f7 F$ q2 q$ P- E5 o6 D
32b0.2564: supR3HardenedVmProcessInit: uNtDllAddr=00007ff93bae0000 g_uNtVerCombined=0xa047ba00 (stack ~000000000096f4f8)
2 G# A# T! @9 |2 G( W* m/ `+ h$ ]32b0.2564: ntdll.dll: timestamp 0xb29ecf52 (rc=VINF_SUCCESS)- f( R# f* R+ X& b/ ~$ q
32b0.2564: New simple heap: #1 0000000000d00000 LB 0x400000 (for 2031616 allocation)
& x, d4 C1 B6 `5 X4 g32b0.2564: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume6\virtualBox'
/ s4 m5 t3 d4 _% }2 j1 ^32b0.2564: System32: \Device\HarddiskVolume3\Windows\System32" \# x7 c+ }; T/ R
32b0.2564: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS4 V. F4 `0 {6 H1 x) B
32b0.2564: KnownDllPath: C:\Windows\System32
3 o$ Y$ ]! e+ t3 D% D; u- [1 t32b0.2564: supR3HardenedVmProcessInit: Opening vboxdrv stub...
# L. B6 E# x2 H- p6 U5 M27fc.33b0: supR3HardNtEnableThreadCreationEx:
. ~! k! T- U# |( A: s32b0.2564: supR3HardenedWinReadErrorInfoDevice: 'Unknown image file \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe at 00007ff646a40000. (rc83Exp=-91)'
3 `6 g8 n* p4 F32b0.2564: Error -5633 in supR3HardenedWinReSpawn! (enmWhat=3)
% c0 b- c2 j/ \" `+ ]1 y32b0.2564: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -5633 (0xffffe9ff) (rcNt=0xe986e9ff)+ F. \7 k) k1 \: C$ g( R" J! C+ `. m
VBoxDrvStub error: Unknown image file \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe at 00007ff646a40000. (rc83Exp=-91)
7 g% Z w) b! k5 p7 b% P27fc.33b0: supR3HardenedWinCheckChild: enmRequest=2 rc=-5633 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -5633 (0xffffe9ff) (rcNt=0xe986e9ff)* V3 h1 J$ s# s
VBoxDrvStub error: Unknown image file \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe at 00007ff646a40000. (rc83Exp=-91)
* i! V4 j' h/ R1 W5 E32b0.2564: KiUserExceptionDispatcher: 0xc0000005 (0000000000000001, 0000000000000024) @ 00007ff93bae72a6 (flags=0x0)
+ K. k! l, U: t) Q3 |, Urax=0000000000000000 rbx=00007ff93bc452c0 rcx=00007ff93bc452c0 rdx=00000000fffffffa
6 V# K' C* `0 s2 srsi=0000000000000000 rdi=00007ff93bc44f00 r8 =0000000000000000 r9 =00007ff93bc45200' r, R7 u* \4 y9 D( u8 z C% m
r10=0000000000000000 r11=0000000000968d90 r12=0000000000000000 r13=0000000000b2f000
( H7 U0 l( F% P( h$ R8 V, lr14=0000000000000001 r15=0000000000000000 P1=0000000000000000 P2=00000000000000007 x! ~7 w: ~4 o1 ?/ i+ L+ N
rip=00007ff93bae72a6 rsp=0000000000968bf0 rbp=00000000ffffe900 ctxflags=0010005f
" h& ?' F( `# |% n, Q0 ~cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010213 mxcrx=00001f80
! m x/ @# b1 e S) V0 [P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
: T$ j$ e; f' e/ q5 [. adr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
/ u4 L2 C+ B! H( m5 Bdr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=00000000000000008 P7 ]: G% E# `! v5 {7 z
lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 d, J* B3 k% s
27fc.33b0: Error -5633 in supR3HardenedWinReSpawn! (enmWhat=3)/ `/ z& I; A; x# p( K
27fc.33b0: NtCreateFile(\Device\VBoxDrvStub) failed: Unknown Status -5633 (0xffffe9ff) (rcNt=0xe986e9ff)
6 ^! x( ~: ~8 uVBoxDrvStub error: Unknown image file \Device\HarddiskVolume6\virtualBox\VirtualBoxVM.exe at 00007ff646a40000. (rc83Exp=-91)
$ w) D9 w: H! ?3 L5 B6 u0 q3 U+ e( m
0 b; [6 X/ k0 L/ U9 T6 R+ q% F
2 ]4 I9 C- T. A6 Z
0 L9 J7 N, o& C! `7 Y( ]: m: A
$ f8 w/ p q- ~: ^; }vboxdrv已运行7 ]. J* g5 ?0 Q. K; O
+ \+ o, L* y. i4 V+ i" D请问大神们改如何解决这个问题
7 \5 C" g' ^7 \& C0 l1 [5 a j3 G |
|
/1 
发表于 2021-7-13 13:34
收藏
淘帖
支持!
反对!