我在这里有一个很好的问题.
有一个名为reg.exe的实用程序已经与Windows一起提供了很长时间.从脚本导入.reg文件,从脚本修改值等等非常方便.所以在为脚本场景制作副本时(“为什么不在system32中使用副本?” – >软件限制策略,个人pref等)我注意到重命名它会让它无声地失败:
Windows Server 2008 x64:
Microsoft Windows [Version 6.0.6001] Copyright (c) 2006 Microsoft Corporation. All rights reserved. C:\Windows\system32>reg.exe ERROR: Invalid syntax. Type "REG /?" for usage. C:\Windows\system32>copy reg.exe reg2.exe 1 file(s) copied. C:\Windows\system32>reg2.exe C:\Windows\system32>reg2.exe /? C:\Windows\system32>reg.exe /? REG Operation [Parameter List] Operation [ QUERY | ADD | DELETE | COPY | SAVE | LOAD | UNLOAD | RESTORE | COMPARE | EXPORT | IMPORT | FLAGS ] Return Code: (Except for REG COMPARE) 0 - Successful 1 - Failed For help on a specific operation type: REG Operation /? Examples: REG QUERY /? REG ADD /? REG DELETE /? REG COPY /? REG SAVE /? REG RESTORE /? REG LOAD /? REG UNLOAD /? REG COMPARE /? REG EXPORT /? REG IMPORT /? REG FLAGS /? C:\Windows\system32>
但是使用Windows XP x86:
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\chris>cd \WINDOWS\system32 C:\WINDOWS\system32>reg.exe Console Registry Tool for Windows - version 3.0 Copyright (C) Microsoft Corp. 1981-2001. All rights reserved REG Operation [Parameter List] Operation [ QUERY | ADD | DELETE | COPY | SAVE | LOAD | UNLOAD | RESTORE | COMPARE | EXPORT | IMPORT ] Return Code: (Except of REG COMPARE) 0 - Succussful 1 - Failed For help on a specific operation type: REG Operation /? Examples: REG QUERY /? REG ADD /? REG DELETE /? REG COPY /? REG SAVE /? REG RESTORE /? REG LOAD /? REG UNLOAD /? REG COMPARE /? REG EXPORT /? REG IMPORT /? C:\WINDOWS\system32>copy reg.exe reg2.exe 1 file(s) copied. C:\WINDOWS\system32>reg2.exe Console Registry Tool for Windows - version 3.0 Copyright (C) Microsoft Corp. 1981-2001. All rights reserved REG Operation [Parameter List] Operation [ QUERY | ADD | DELETE | COPY | SAVE | LOAD | UNLOAD | RESTORE | COMPARE | EXPORT | IMPORT ] Return Code: (Except of REG COMPARE) 0 - Succussful 1 - Failed For help on a specific operation type: REG Operation /? Examples: REG QUERY /? REG ADD /? REG DELETE /? REG COPY /? REG SAVE /? REG RESTORE /? REG LOAD /? REG UNLOAD /? REG COMPARE /? REG EXPORT /? REG IMPORT /? C:\WINDOWS\system32>
WinDbg似乎告诉我CRT正在杀死它:
Child-SP RetAddr Call Site 00000000`0016f798 00000000`779d2f8b ntdll!ZwTerminateProcess+0xa 00000000`0016f7a0 000007fe`fe97d832 ntdll!RtlExitUserProcess+0x8b 00000000`0016f7d0 00000000`ffe7f710 msvcrt!cinit+0x13b 00000000`0016f810 00000000`778a495d reg!DynArrayGetItemType2+0x1fc 00000000`0016f850 00000000`779d8791 kernel32!BaseThreadInitThunk+0xd 00000000`0016f880 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
但由于我对WinDbg不太熟悉(而且这个是64位,所以,Ollydbg失败了)我在这里不知所措.感谢您的任何信息.
编辑
感谢CyberShadow的帮助和一些谷歌搜索,我找到了解决方案:它在安装的当前语言的子文件夹中查找.mui(它的翻译).
Microsoft Windows [Version 6.0.6001] Copyright (c) 2006 Microsoft Corporation. All rights reserved. C:\Windows\system32>cd en-US C:\Windows\System32\en-US>copy reg.exe.mui reg2.exe.mui 1 file(s) copied. C:\Windows\System32\en-US>cd .. C:\Windows\System32>reg2 ERROR: Invalid syntax. Type "REG /?" for usage. C:\Windows\System32>del en-US\reg2.exe.mui C:\Windows\System32>reg2 C:\Windows\System32>
通过使用调试器稍微玩一下,我发现LoadString(用于获取用法和错误消息)返回ERROR_MUI_FILE_NOT_LOADED.我认为这有点解释:)
笔记:
>该堆栈跟踪似乎具有误导性(或者至少我们看到了同样效果的不同问题).复制/重命名时,应用程序正常退出而不打印任何内容.>除了无法显示消息之外,该实用程序继续正常工作.>这也会影响32位版本(可以在SysWOW64中找到).
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。