在 Windows 启动时运行 .exe 文件

如何解决在 Windows 启动时运行 .exe 文件

我想在 Windows 10 x86 内核的 启动 时间启动 .exe 文件。我创建了一个仅使用 ntdll 的程序，并且成功执行所需的进程通过调用ntcreateuserprocess函数，但是在调用了Ntresumethread函数之后，即使这个函数成功结束，在几次之后我的进程停止并出现错误代码c0000017

{Not Enough Quota} 没有足够的虚拟内存或分页文件配额 可以完成指定的操作。

我的应用代码在这里：

#include <Windows.h>

ULONG WINAPI NtGetCurrentProcessorNumber(void);

int main()
{
    int a = 1;
    int b = 2;
    ULONG Number = NtGetCurrentProcessorNumber();
    return 0;
}

这是 Windbg !anakyze-v 结果

UnkNown bugcheck code (c0000145)
UnkNown bugcheck description
Arguments:
Arg1: c0000017
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.cpu.Sec
    Value: 4

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on DESKTOP-3QQQ253

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 50

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 58

    Key  : Analysis.System
    Value: CreateObject


BUGCHECK_CODE:  c0000145

BUGCHECK_P1: ffffffffc0000017

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

PROCESS_NAME:  Testempty.exe

STACK_TEXT:  
8aa6348c 8188696d 00000003 6fe5c42e 00000065 nt!RtlpBreakWithStatusInstruction
8aa634e0 81886339 8707b340 8aa638cc 8aa6390c nt!KiBugCheckDebugBreak+0x1f
8aa638a0 817ea6b6 0000004c c0000145 8aaaf820 nt!KeBugCheck2+0x79d
8aa638c4 817ea5ed 0000004c c0000145 8aaaf820 nt!KiBugCheck2+0xc6
8aa638e4 819987ef 0000004c c0000145 8aaaf820 nt!KeBugCheckEx+0x19
8aa6390c 81992548 00000000 8aa63ac4 8aa63b48 nt!PopGracefulShutdown+0x221
8aa63950 8198bc42 00000004 00000006 c0000004 nt!PopTransitionSystemPowerStateEx+0xab4a
8aa63ab0 818009bb 00000004 00000006 c0000004 nt!NtSetSystemPowerState+0x4e
8aa63ab0 817e8589 00000004 00000006 c0000004 nt!KiSystemServicePostCall
8aa63b34 81b7d75d 00000004 00000006 c0000004 nt!ZwSetSystemPowerState+0x11
8aa63b8c 81ab0633 00000006 c0000004 00000000 nt!PopIssueActionRequest+0xcdd43
8aa63bcc 81789f30 85980ce0 8adbb040 8192bab0 nt!PopPolicyWorkerAction+0x5f
8aa63be8 81723098 00000001 00000000 8adbb040 nt!PopPolicyWorkerThread+0x8a
8aa63c38 81763c32 85980ce0 6fe5ccbe 00000000 nt!ExpWorkerThread+0xf8
8aa63c70 81808d6d 81722fa0 85980ce0 00000000 nt!PspSystemThreadStartup+0x4a
8aa63c7c 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x15


SYMBOL_NAME:  nt!PopTransitionSystemPowerStateEx+ab4a

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  ab4a

FAILURE_BUCKET_ID:  0xC0000145_nt!PopTransitionSystemPowerStateEx

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x86

OSNAME:  Windows 10

FAILURE_ID_HASH:  {82d39f6b-e96d-578f-1f7d-c19db99fcfcb}

Followup:     MachineOwner
---------

kd> !process
PROCESS 8c1ea680  SessionId: none  Cid: 01b8    Peb: 005c8000  ParentCid: 0004
    DirBase: 7e1ef080  ObjectTable: 89ca2cc0  HandleCount:   1.
    Image: Testempty.exe
    VadRoot 8b9fa8d0 Vads 12 Clone 0 Private 28. Modified 0. Locked 0.
    DeviceMap 00000000
    Token                             89cb6cc8
    elapsedtime                       00:01:36.461
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         8104
    QuotaPoolUsage[NonPagedPool]      1016
    Working Set Sizes (Now,min,max)  (132,50,345) (528KB,200KB,1380KB)
    PeakWorkingSetSize                121
    VirtualSize                       5 Mb
    PeakVirtualSize                   5 Mb
    PageFaultCount                    132
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      74

        THREAD 8a44e900  Cid 01b8.01bc  Teb: 005c9000 Win32Thread: 00000000 WAIT: (Suspended) KernelMode Alertable
            8bf67de0  NotificationEvent

你能帮我吗？

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。