BlackINT3
commented
1 year ago @waylau Remove C:\Users\wayla\AppData\Roaming\OpenArk\symbols\ folder, and try again.
Closed waylau closed 11 months ago
BlackINT3
commented
1 year ago @waylau Remove C:\Users\wayla\AppData\Roaming\OpenArk\symbols\ folder, and try again.
waylau
commented
1 year ago @BlackINT3
试了,变成另外一个问题了。
[UNONE::FsReadFileDataW] [WARN] C:\Users\wayla\AppData\Roaming\OpenArk\console\history.txt is empty file
[ArkDrvApi::Process::OpenProcess] [ERR] OpenProcess pid:0 err:87
[Kernel::InitKernelEntryView::::operator ()] [INFO] 操作系统 : Windows 11
[Kernel::InitKernelEntryView::::operator ()] [INFO] 主版本号 : 10
[Kernel::InitKernelEntryView::::operator ()] [INFO] 副版本号 : 0
[Kernel::InitKernelEntryView::::operator ()] [INFO] 发行编号 : 22H2
[Kernel::InitKernelEntryView::::operator ()] [INFO] 编译号 : 22621
[Kernel::InitKernelEntryView::::operator ()] [INFO] 主服务包 : 0
[Kernel::InitKernelEntryView::::operator ()] [INFO] 副服务包 : 0
[Kernel::InitKernelEntryView::::operator ()] [INFO] R3地址空间 : 0x10000 - 0x7FFFFFFEFFFF
[Kernel::InitKernelEntryView::::operator ()] [INFO] R0地址空间 : 0xFFFF080000000000 - 0xFFFFFFFFFFFFFFFF
[Kernel::InitKernelEntryView::::operator ()] [INFO] 页面大小 : 4 KB
[Kernel::InitKernelEntryView::::operator ()] [INFO] 物理内存 : 32 GB
[Kernel::InitKernelEntryView::::operator ()] [INFO] CPU核数 : 20
[Kernel::InitKernelEntryView::::operator ()] [INFO] 系统根目录 : C:\windows
[Kernel::InitKernelEntryView::::operator ()] [INFO] 启动时间 : 2023-07-12 15:36:10 (0Day/18Hour/53Min)
[Kernel::InitKernelEntryView::::operator ()] [INFO] BootInfo : UEFI & SecureBoot
[Kernel::InitKernelEntryView::::operator ()] [INFO] HVM : VT Enabled
[OpenArk::onActionCheckUpdate] [INFO] requset server:http://file.blackint3.com:88/openark/version.txt
[OpenArk::onActionCheckUpdate::::operator ()] [INFO] local appver:1.3.2, build:202305301420
[OpenArk::onActionCheckUpdate::::operator ()] [INFO] server responsed:{
"err": 0,
"appver": "1.3.0",
"appbd": "202302271420",
"appcl": "6L+b56iL566h55CG5aKe5by677yM6Ieq5Yqo5Yi35paw77yM5pSv5oyB5ouW5Yqo6YCJ5oup56qX5Y+jCuWGheaguOWinuWKoFNTRFQvU2hhZG93L1dGUC9GaWx0ZXIvTWluaWZpbHRlci9UaW1lcuetieWkmuenjeWbnuiwgwrng63plK7mlK/mjIFXaW4xMQrlt6XlhbflupPlkIjlubbvvIzmm7TmlrDmjaLku6PvvIzmlK/mjIHmn6Xor6IK5omr5o+P5Zmo5aKe5YqgRUxG44CB5pmu6YCa5paH5Lu25omr5o+PCuWinuWKoOaVsOWtpuiuoeeul+etiee8lueoi+WKqeaJiwrlkITnp41CVUfkv67lpI3vvIzlkITnp43orrDkuI3muIXnmoTlip/og70K5pe26ZqU5LiA5bm077yM5Y+q6IO96K+077yMR29vZCBMdWNrIDIwMjPvvIEKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCkltcG92ZWQgcHJvY2VzcyBtYW5hZ2VyLCByZWZyZXNoIGF1dG9tYXRpY2FsbHkuCkFkZGVkIGtlcm5lbCBmZWF0dXJlcywgU1NEVC9TaGFkb3cvV0ZQL0ZpbHRlci9NaW5pZmlsdGVyL1RpbWVyIGV0Yy4KQWRkZWQgZW51bSBob3RrZXkgZm9yIHdpbjExLgpBZGRlZCB0b29scyByZXBvLCBzZWFyY2ggc3VwcG9ydGVkLgpBZGRlZCBFTEYvRklMRSBzY2FubmVyIC4KQWRkZWQgbWF0Y2ggY2FjdWxhdG9yIGluIGNvZGVraXRzLgpCdWdmaXhlZCBhbmQgb3RoZXIgZmVhdHVyZXMuCkdvb2QgTHVjayAyMDIzIQo=",
"appurl": "https://github.com/BlackINT3/OpenArk/releases"
}
[OpenArk::onActionCheckUpdate::::operator ()] [INFO] OpenArk is latest.
[Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\wayla\AppData\Roaming\OpenArk\symbols\fltMgr.pdb\969A6F3F7B6B03139ED9D16D82046A491\fltMgr.pdb
[Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/fltMgr.pdb/969A6F3F7B6B03139ED9D16D82046A491/fltMgr.pdb
[Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\wayla\AppData\Roaming\OpenArk\symbols\netio.pdb\799807D5933281BEF94756ED241F8BFC1\netio.pdb
[Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/netio.pdb/799807D5933281BEF94756ED241F8BFC1/netio.pdb
[Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\wayla\AppData\Roaming\OpenArk\symbols\ntkrnlmp.pdb\A4FD849F9DB057DADB17916E3C0529DE1\ntkrnlmp.pdb
[Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/ntkrnlmp.pdb/A4FD849F9DB057DADB17916E3C0529DE1/ntkrnlmp.pdb
[Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\wayla\AppData\Roaming\OpenArk\symbols\win32kfull.pdb\91CAD3CDC03F87ED758E1AD49133BB711\win32kfull.pdb
[Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/win32kfull.pdb/91CAD3CDC03F87ED758E1AD49133BB711/win32kfull.pdb
[UNONE::ObLoadDriverW] [ERR] NtLoadDriver service:\Registry\Machine\System\CurrentControlSet\Services\OpenArkDrv64 err:c0000603
[Kernel::onClickKernelMode] [ERR] InstallDriver C:\Users\wayla\AppData\Roaming\OpenArk\kernel\OpenArkDrv64.sys err 
cnhuz
commented
1 year ago @BlackINT3
试了,变成另外一个问题了。
[UNONE::FsReadFileDataW] [WARN] C:\Users\wayla\AppData\Roaming\OpenArk\console\history.txt is empty file [ArkDrvApi::Process::OpenProcess] [ERR] OpenProcess pid:0 err:87 [Kernel::InitKernelEntryView::::operator ()] [INFO] 操作系统 : Windows 11 [Kernel::InitKernelEntryView::::operator ()] [INFO] 主版本号 : 10 [Kernel::InitKernelEntryView::::operator ()] [INFO] 副版本号 : 0 [Kernel::InitKernelEntryView::::operator ()] [INFO] 发行编号 : 22H2 [Kernel::InitKernelEntryView::::operator ()] [INFO] 编译号 : 22621 [Kernel::InitKernelEntryView::::operator ()] [INFO] 主服务包 : 0 [Kernel::InitKernelEntryView::::operator ()] [INFO] 副服务包 : 0 [Kernel::InitKernelEntryView::::operator ()] [INFO] R3地址空间 : 0x10000 - 0x7FFFFFFEFFFF [Kernel::InitKernelEntryView::::operator ()] [INFO] R0地址空间 : 0xFFFF080000000000 - 0xFFFFFFFFFFFFFFFF [Kernel::InitKernelEntryView::::operator ()] [INFO] 页面大小 : 4 KB [Kernel::InitKernelEntryView::::operator ()] [INFO] 物理内存 : 32 GB [Kernel::InitKernelEntryView::::operator ()] [INFO] CPU核数 : 20 [Kernel::InitKernelEntryView::::operator ()] [INFO] 系统根目录 : C:\windows [Kernel::InitKernelEntryView::::operator ()] [INFO] 启动时间 : 2023-07-12 15:36:10 (0Day/18Hour/53Min) [Kernel::InitKernelEntryView::::operator ()] [INFO] BootInfo : UEFI & SecureBoot [Kernel::InitKernelEntryView::::operator ()] [INFO] HVM : VT Enabled [OpenArk::onActionCheckUpdate] [INFO] requset server:http://file.blackint3.com:88/openark/version.txt [OpenArk::onActionCheckUpdate::::operator ()] [INFO] local appver:1.3.2, build:202305301420 [OpenArk::onActionCheckUpdate::::operator ()] [INFO] server responsed:{ "err": 0, "appver": "1.3.0", "appbd": "202302271420", "appcl": "6L+b56iL566h55CG5aKe5by677yM6Ieq5Yqo5Yi35paw77yM5pSv5oyB5ouW5Yqo6YCJ5oup56qX5Y+jCuWGheaguOWinuWKoFNTRFQvU2hhZG93L1dGUC9GaWx0ZXIvTWluaWZpbHRlci9UaW1lcuetieWkmuenjeWbnuiwgwrng63plK7mlK/mjIFXaW4xMQrlt6XlhbflupPlkIjlubbvvIzmm7TmlrDmjaLku6PvvIzmlK/mjIHmn6Xor6IK5omr5o+P5Zmo5aKe5YqgRUxG44CB5pmu6YCa5paH5Lu25omr5o+PCuWinuWKoOaVsOWtpuiuoeeul+etiee8lueoi+WKqeaJiwrlkITnp41CVUfkv67lpI3vvIzlkITnp43orrDkuI3muIXnmoTlip/og70K5pe26ZqU5LiA5bm077yM5Y+q6IO96K+077yMR29vZCBMdWNrIDIwMjPvvIEKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCkltcG92ZWQgcHJvY2VzcyBtYW5hZ2VyLCByZWZyZXNoIGF1dG9tYXRpY2FsbHkuCkFkZGVkIGtlcm5lbCBmZWF0dXJlcywgU1NEVC9TaGFkb3cvV0ZQL0ZpbHRlci9NaW5pZmlsdGVyL1RpbWVyIGV0Yy4KQWRkZWQgZW51bSBob3RrZXkgZm9yIHdpbjExLgpBZGRlZCB0b29scyByZXBvLCBzZWFyY2ggc3VwcG9ydGVkLgpBZGRlZCBFTEYvRklMRSBzY2FubmVyIC4KQWRkZWQgbWF0Y2ggY2FjdWxhdG9yIGluIGNvZGVraXRzLgpCdWdmaXhlZCBhbmQgb3RoZXIgZmVhdHVyZXMuCkdvb2QgTHVjayAyMDIzIQo=", "appurl": "https://github.com/BlackINT3/OpenArk/releases" } [OpenArk::onActionCheckUpdate::::operator ()] [INFO] OpenArk is latest. [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\wayla\AppData\Roaming\OpenArk\symbols\fltMgr.pdb\969A6F3F7B6B03139ED9D16D82046A491\fltMgr.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/fltMgr.pdb/969A6F3F7B6B03139ED9D16D82046A491/fltMgr.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\wayla\AppData\Roaming\OpenArk\symbols\netio.pdb\799807D5933281BEF94756ED241F8BFC1\netio.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/netio.pdb/799807D5933281BEF94756ED241F8BFC1/netio.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\wayla\AppData\Roaming\OpenArk\symbols\ntkrnlmp.pdb\A4FD849F9DB057DADB17916E3C0529DE1\ntkrnlmp.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/ntkrnlmp.pdb/A4FD849F9DB057DADB17916E3C0529DE1/ntkrnlmp.pdb [Kernel::ParseKernelSymbol] [INFO] PDB: C:\Users\wayla\AppData\Roaming\OpenArk\symbols\win32kfull.pdb\91CAD3CDC03F87ED758E1AD49133BB711\win32kfull.pdb [Kernel::ParseKernelSymbol] [INFO] Download: http://msdl.blackint3.com:88/download/symbols/win32kfull.pdb/91CAD3CDC03F87ED758E1AD49133BB711/win32kfull.pdb [UNONE::ObLoadDriverW] [ERR] NtLoadDriver service:\Registry\Machine\System\CurrentControlSet\Services\OpenArkDrv64 err:c0000603 [Kernel::onClickKernelMode] [ERR] InstallDriver C:\Users\wayla\AppData\Roaming\OpenArk\kernel\OpenArkDrv64.sys err
same error
waylau
commented
11 months ago 试了下群里的9月19日的OpenArk V1.3.2 Beta版本,问题已解。
Win11进入内核模式没有显示热键列表,使用的是群里的OpenArk V1.3.2 Beta版本。
看控制台报错日志如下:
之前一直在正常用,今天更新了下系统。重启后发现用不了了。 目前系统版本如下:
看了下系统更新日志,主要是更新了这两点: