什么是特权指令?
我添加了一些可以干净编译的代码,并且刚刚收到此 Windows 错误:
---------------------------
(MonTel Administrator) 2.12.7: MtAdmin.exe - Application Error
---------------------------
The exception Privileged instruction.
(0xc0000096) occurred in the application at location 0x00486752.
我即将进行错误搜寻,并且我预计我所做的事情会很愚蠢,而这恰好会产生此消息。 该代码编译干净,没有错误或警告。 EXE 文件的大小已增长到 1,454,132 字节,并包含到 ODCS.lib 的链接,但它是 Win32 API 的纯 C 语言,并且启用了 DEBUG(在 Windows 2000 的 P4 上运行) 。
I have added some code which compiles cleanly and have just received this Windows error:
---------------------------
(MonTel Administrator) 2.12.7: MtAdmin.exe - Application Error
---------------------------
The exception Privileged instruction.
(0xc0000096) occurred in the application at location 0x00486752.
I am about to go on a bug hunt, and I am expecting it to be something silly that I have done which just happens to produce this message. The code compiles cleanly with no errors or warnings. The size of the EXE file has grown to 1,454,132 bytes and includes links to ODCS.lib, but it is otherwise pure C to the Win32 API, with DEBUG on (running on a P4 on Windows 2000).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(9)
过去 15 年制造的大多数处理器的 CPU 都有一些非常强大的特殊指令。 这些特权指令是为操作系统内核应用程序保留的,不能被用户编写的程序使用。
这限制了用户编写的程序对系统造成的损害,并减少了系统实际崩溃的次数。
The CPU of most processors manufactured in the last 15 years have some special instructions which are very powerful. These privileged instructions are kept for operating system kernel applications and are not able to be used by user written programs.
This restricts the damage that a user-written program can inflict upon the system and cuts down the number of times that the system actually crashes.
我在 2000 年使用 Visual c++ 6.0 看到了这一点。
调试 C++ 库在异常处理程序中调用了物理 I/O 指令。
如果我没记错的话,它会将状态转储到曾经用于 DMA 基址寄存器的 I/O 端口,我假设 Microsoft 的某个人将其用于调试器卡。
查找可能导致诊断代码运行的潜在错误情况。
我正在调试、回溯并阅读反汇编。 处理
std::string时出现异常,可能是索引超出了末尾。I saw this with Visual c++ 6.0 in the year 2000.
The debug C++ library had calls to physical I/O instructions in it, in an exception handler.
If I remember correctly, it was dumping status to an I/O port that used to be for DMA base registers, which I assume someone at Microsoft was using for a debugger card.
Look for some error condition that might be latent causing diagnostics code to run.
I was debugging, backtracked and read the dissassembly. It was an exception while processing
std::string, maybe indexing off the end.当在内核模式下执行时,操作系统可以不受限制地访问内核和用户程序的内存。
基址寄存器和限制寄存器的加载指令是特权指令。
When executing in kernel mode, the operating system has unrestricted access to both the kernel and the user program's memory.
The load instructions for the base and limit registers are privileged instructions.
错误位置 0x00486752 对我来说似乎非常小,位于可执行代码通常所在的位置之前。 我同意丹尼尔的观点,对我来说这看起来像是一个狂野的指针。
The error location 0x00486752 seems really small to me, before where executable code usually lives. I agree with Daniel, it looks like a wild pointer to me.
我能想到的第一个可能性是,您可能正在使用本地数组,并且它位于函数声明的顶部附近。 您的边界检查变得疯狂并覆盖返回地址,它指向某些仅允许内核执行的指令。
First probability that I can think of is, you may be using a local array and it is near the top of the function declaration. Your bounds checking gone insane and overwrite the return address and it points to some instruction that only kernel is allowed to execute.
正如我所怀疑的,我所做的事情很愚蠢。 我想我解决这个问题的速度是原来的两倍,因为上面消息中评论中的一些线索。 感谢那些人,特别是那些指出应用程序早期覆盖堆栈的内容的人。 实际上,我在这里发现了几个答案,它们比我标记为回答问题的帖子更有用,因为它们为我提供线索并让我排队去哪里查看,尽管我认为它最好地总结了答案。
事实证明,我刚刚添加了一个按钮,该按钮超过了保存一些工具栏按钮信息(位于堆栈上)的数组的最大大小。 我什至忘记了它的
存在!
As I suspected, it was something silly that I did. I think I solved this twice as fast because of some of the clues in comments in the messages above. Thanks to those, especially those who pointed to something early in the app overwriting the stack. I actually found several answers here more useful than the post I have marked as answering the question as they clued and queued me as to where to look, though I think it best sums up the answer.
As it turned out, I had just added a button that went over the maximum size of an array holding some toolbar button information (which was on the stack). I had forgotten that
even existed!
为了回答这个问题,特权指令是只能在“管理程序”(或 Ring-0)模式下执行的处理器操作码(汇编指令)。
这些类型的指令往往用于从 Windows 内核访问 I/O 设备和受保护的数据结构。
常规程序在“用户模式”(Ring-3)下执行,不允许直接访问 I/O 设备等...
正如其他人提到的,原因可能是堆栈损坏或函数指针调用混乱。
To answer the question, a privileged instruction is a processor op-code (assembler instruction) which can only be executed in "supervisor" (or Ring-0) mode.
These types of instructions tend to be used to access I/O devices and protected data structures from the windows kernel.
Regular programs execute in "user mode" (Ring-3) which disallows direct access to I/O devices, etc...
As others mentioned, the cause is probably a corrupted stack or a messed up function pointer call.
当使用指向无效数据的函数指针时,通常会发生这种情况。
如果您的代码破坏了返回堆栈,也可能会发生这种情况。 有时追踪此类错误可能非常棘手,因为它们通常很难重现。
This sort of thing usually happens when using function pointers that point to invalid data.
It can also happen if you have code that trashes your return stack. It can sometimes be quite tricky to track these sort of bugs down because they usually are hard to reproduce.
特权指令是一条IA-32指令,只允许在Ring-0(即内核模式)下执行。 如果您在用户空间中遇到此问题,则您要么得到了一个非常旧的 EXE,要么得到了损坏的二进制文件。
A privileged instruction is an IA-32 instruction that is only allowed to be executed in Ring-0 (i.e. kernel mode). If you're hitting this in userspace, you've either got a really old EXE, or a corrupted binary.