当您尝试使用 ePO
Pre-Installation Auditor工具运行检查时,PIA 会在事件日志中出现以下错误:
Faulting application name: ePIP.exe, version: 3.1.0.144, time stamp: 0x5bf2a91f
Faulting module name: ePIP.exe, version: 3.1.0.144, time stamp: 0x5bf2a91f
Exception code: 0xc0000409
Fault offset: 0x0017828c
Faulting process ID: 0x22a4
Faulting application start time: 0x01d4f17b3c32c140
Faulting application path: C:\Users\lsard-a\Desktop\ePOIP310_144R3\ePIP.exe
Faulting module path: C:\Users\lsard-a\Desktop\ePOIP310_144R3\ePIP.exe
Report ID: 8a6c0802-5d6e-11e9-8173-00215a9b5458
Faulting package full name:
Faulting package-relative application ID:
ePIPAPI.log记录数据库磁盘空间检查过程中的最后一个活动:
I Database in drive l with type ROWS current size 20763.00 MB space and extra required is 0.00.
I Database in drive n with type LOG current size 14336.00 MB space and extra required is 0.00.
对进程转储的基本分析显示
FAST_FAIL_INVALID_ARG 例外情况:
CONTEXT: (.ecxr)
eax=00000001 ebx=00e6b518 ecx=00000005 edx=00000000 esi=00000000 edi=00e6b5a0
eip=0051828c esp=04d0f134 ebp=04d0f154 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ePIP+0x17828c:
0051828c cd29 int 29h
Resetting default scope
FAULTING_IP:
ePIP+17828c
0051828c cd29 int 29h
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 0051828c (ePIP+0x0017828c)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 00000005
Subcode: 0x5 FAST_FAIL_INVALID_ARG
DEFAULT_BUCKET_ID: FAIL_FAST_INVALID_ARG
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
PROBLEM_CLASSES:
ID: [0n282]
Type: [FAIL_FAST]
...
ID: [0n269]
Type: [INVALID_ARG]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [Unspecified]
Frame: [0]
LAST_CONTROL_TRANSFER: from 0051825d to 0051828c
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
...
FOLLOWUP_IP:
ePIP+17828c
0051828c cd29 int 29h
FAULT_INSTR_CODE: 6a5629cd
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: ePIP+17828c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ePIP
IMAGE_NAME: ePIP.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5bf2a91f
STACK_COMMAND: ~8s ; .ecxr ; kb
BUCKET_ID: FAIL_FAST_INVALID_ARG_ePIP+17828c
FAILURE_EXCEPTION_CODE: c0000409
FAILURE_IMAGE_NAME: ePIP.exe