分类目录归档:Windows Troubleshooting

[2/2]解决Windows 8.1检查更新时发生的0x8024A008错误

昨天说到哪了,哦对,怎么把代码注入到别的进程里。

需要用的Windows API是WriteProcessMemory,然后我们还需要获取进程里kernel32.dll的基地址,因此还需要用EnumProcessModulesEx、EnumProcesses

最后为了防止修改进程内存的时候进程运行到OOBEComplete上,还需要两个未说明的API:NtSuspendProcess和NtResumeProcess

另外考虑到之后dll更新会引起函数地址变化,最好能从kernel32.dll的PE头里获取OOBEComplete的RVA再计算出实际地址进行修改

最后因为要修改的svchost.exe是系统进程,我们必须要提升到System级的权限才可以。这部分直接交给SysInternals的PsExec处理。

继续阅读

[1/2]解决Windows 8.1检查更新时发生的0x8024A008错误

DNTTAH => Do not try this at home.

故事还是从之前咱升级了操作系统开始的,因为一直没有收到Windows Update的通知所以咱觉得有点奇怪了。照道理来说每月至少都会有那么几个更新的,毕竟之前也说了,Windows 超复杂。

于是和上一次一样,拿出Process Monitor监测,但是这次什么区别都没看出来

问了Google,看到有几个人和我一样有这个问题,其中有一条是微软官方的回复:

Thank You for sharing the logs. I was able to reproduce the issue in my virtual environment. To understand more about this behavior, I engaged the Product Group and I have been informed that this behavior is By Design. WU uses the OOBEComplete() Windows API call to determine whether OOBE is in progress or not, and if so, it will not perform automatic or UI update searches. HRESULT code 0x8024a008 is the WU error code WU_E_AU_OOBE_IN_PROGRESS. WU automatic and UI updates won’t run while Setup reports that OOBE is still in progress. This is to prevent automatic updates from causing a system reboot during OOBE, which is – needless to say – a Very Bad Thing. This problem has always existed. Unfortunately, when the computer is in Sysprep audit mode, Setup will report to WU that OOBE is in progress even though it might not actually be so. This is the reason that updates from WU UIs are blocked in audit mode. On the plus side, this means that OEMs can better ensure that only the updates they want on their machines get installed in the factory floor image, even if they enable automatic updating in the image.

简而言之:Windows Update被设计为在OOBE模式下(也就是刚装完系统后出现的那个叫你设置用户的界面),是不会检查、安装更新的,以防止在OOBE过程中发生重启。

看来出于某些原因,操作系统认为我还没设置完,但实际上我都用了几个月了。

继续阅读