mstscax!CTD::TDConnectFSMProc函数调试记录启动程序连接没有登录直接断开连接—-mstsc的有限状态机–和win7–winlogon状态机类似
mstscax!CTD::TDConnectFSMProc函数调试记录启动程序连接没有登录直接断开连接
0: kd> g
(s: 0 0xa40.a50 explorer.exe) USRK-[Wrn] ZOrderByOwner: Topmost change while using SWP_NOOWNERZORDER. pwndRoot:BC677694 pwndOriginal:BC677694
(s: 0 0xa40.d28 Explorer.EXE) USER-[Wrn=1400] HMValidateHandle: Invalid:00000000 Type:0x1
(s: 0 0xa40.d28 explorer.exe) USRK-[Wrn=1400] ValidateHwnd: Invalid hwnd (00000000)
(s: 0 0xd84.d88 mstsc.exe) USRK-[Wrn] IMECOMPAT_HYDRACLIENT is set to ppi=0XE88E0890
Breakpoint 17 hit
kernel32!BaseProcessStart:
001b:77e62c11 6a0c push 0Ch
1: kd> g
### Trace initialized (0d84:0d88) at 21:02:08.06 01/11/2025 ###
### Loading symbols (0d84:0d88) at 21:02:08.06 01/11/2025 ###
### Symbols loaded (0d84:0d88) at 21:02:08.06 01/11/2025 ###
### Trace initialized (0d84:0d88) at 21:02:08.07 01/11/2025 ###
### Loading symbols (0d84:0d88) at 21:02:08.07 01/11/2025 ###
### Symbols loaded (0d84:0d88) at 21:02:08.07 01/11/2025 ###
(s: 0 0xd84.d88 mstsc.exe) USRK-[Wrn=1400] ValidateHwnd: Invalid hwnd (00000000)
(s: 0 0xd84.d88 mstsc.exe) USER-[Wrn=1400] HMValidateHandle: Invalid:00000000 Type:0x1
(s: 0 0xd84.d88 mstsc.exe) USRK-[Wrn=1400] ValidateHwnd: Invalid hwnd (00000000)
(s: 0 0xd84.d88 mstsc.exe) USRK-[Wrn=1400] ValidateHwnd: Invalid hwnd (00000000)
(s: 0 0xd84.d88 mstsc.exe) USER-[Wrn=1400] HMValidateHandle: Invalid:00000000 Type:0x1
(s: 0 0xd84.d88 mstsc.exe) USRK-[Wrn=1400] ValidateHwnd: Invalid hwnd (00000000)
(s: 0 0xd84.d88 mstsc.exe) USRK-[Wrn=1400] ValidateHwnd: Invalid hwnd (00000000)
(s: 0 0xd84.d88 mstsc.exe) USER-[Wrn=1400] HMValidateHandle: Invalid:00000000 Type:0x1
21:02:13.64*0d84:0d94*SLInitSecuri*1936*GP setting for FIPS is 0
Breakpoint 24 hit
mstscax!CTD::TDConnectFSMProc:
001b:5cff1960 55 push ebp
1: kd> dv
this = 0x00a4e550
fsmEvent = 0
eventData = 0
trc_fn = 0x00d7fea0
trc_file = 0x00000001
action = 1
__fnname = unsigned short [17]
1: kd> kc
#
00 mstscax!CTD::TDConnectFSMProc
01 mstscax!CTD::TD_Init
02 mstscax!CXT::XT_Init
03 mstscax!CMCS::MCS_Init
04 mstscax!CNC::NC_Init
05 mstscax!CNC::NC_Main
06 mstscax!CNC::NC_StaticMain
07 mstscax!CUT::UTStaticThreadEntry
08 mstscax!_threadstartex
09 kernel32!BaseThreadStart
1: kd> g
GDI: mstsc.exe or DLL gave bad handle 0x00000000 as an HPALETTE.
GDI: mstsc.exe or DLL gave bad handle 0x00000000 as an HPALETTE.
21:02:13.64*0d84:0d94*UHReadFromCa*0426*ReadFile failed with err 0x0
KD: write to 0x5D01EAB0 ok
Breakpoint 23 hit
mstscax!CCC::CCFSMProc:
001b:5d01eab0 55 push ebp
0: kd> dv
this = 0x00a495c8
event = 0
data = 0x14f7f4
dataLen = 0x270
trc_fn = 0x5cfe47a0
trc_file = 0x77e64294
hr = 0n2
action = 0
desktopSize = struct tagDCSIZE
sendRc = 0n2011579116
__fnname = unsigned short [10]
pConnect = 0x00000001
0: kd> kc
#
00 mstscax!CCC::CCFSMProc
01 mstscax!CCC::CC_Connect
02 mstscax!CCC::MACROGENERATED_Static_CC_Connect
03 mstscax!CCD::CDWndProc
04 mstscax!CCD::CDStaticWndProc
05 USER32!InternalCallWinProc
06 USER32!UserCallWinProcCheckWow
07 USER32!DispatchMessageWorker
08 USER32!DispatchMessageW
09 mstscax!CSND::SND_Main
0a mstscax!CSND::SND_StaticMain
0b mstscax!CUT::UTStaticThreadEntry
0c mstscax!_threadstartex
0d kernel32!BaseThreadStart
0: kd> g
Breakpoint 24 hit
mstscax!CTD::TDConnectFSMProc:
001b:5cff1960 55 push ebp
1: kd> dv
this = 0x00a4e550
fsmEvent = 2
eventData = 0x1c1a8c0
trc_fn = 0x00000000
trc_file = 0x00000001
action = 1
__fnname = unsigned short [17]
1: kd> kc
#
00 mstscax!CTD::TDConnectFSMProc
01 mstscax!CTD::TD_Connect
02 mstscax!CXT::XT_Connect
03 mstscax!CMCS::MCS_Connect
04 mstscax!CNC::NC_Connect
05 mstscax!CNC::MACROGENERATED_Static_NC_Connect
06 mstscax!CCD::CDWndProc
07 mstscax!CCD::CDStaticWndProc
08 USER32!InternalCallWinProc
09 USER32!UserCallWinProcCheckWow
0a USER32!DispatchMessageWorker
0b USER32!DispatchMessageW
0c mstscax!CNC::NC_Main
0d mstscax!CNC::NC_StaticMain
0e mstscax!CUT::UTStaticThreadEntry
0f mstscax!_threadstartex
10 kernel32!BaseThreadStart
1: kd> g
Breakpoint 24 hit
mstscax!CTD::TDConnectFSMProc:
001b:5cff1960 55 push ebp
1: kd> dv
this = 0x00a4e550
fsmEvent = 6
eventData = 0
trc_fn = 0x00000001
trc_file = 0x00000001
action = 1
__fnname = unsigned short [17]
1: kd> kc
#
00 mstscax!CTD::TDConnectFSMProc
01 mstscax!CTD::TDWndProc
02 mstscax!CTD::StaticTDWndProc
03 USER32!InternalCallWinProc
04 USER32!UserCallWinProcCheckWow
05 USER32!DispatchMessageWorker
06 USER32!DispatchMessageW
07 mstscax!CNC::NC_Main
08 mstscax!CNC::NC_StaticMain
09 mstscax!CUT::UTStaticThreadEntry
0a mstscax!_threadstartex
0b kernel32!BaseThreadStart
1: kd> g
Breakpoint 23 hit
mstscax!CCC::CCFSMProc:
001b:5d01eab0 55 push ebp
0: kd> dv
this = 0x00a495c8
event = 1
data = 0
dataLen = 0
trc_fn = 0x77cbdf9b
trc_file = 0x005fe6c4
hr = 0n-21
action = 0
desktopSize = struct tagDCSIZE
sendRc = 0n10787224
__fnname = unsigned short [10]
pConnect = 0x00000001
0: kd> kc
#
00 mstscax!CCC::CCFSMProc
01 mstscax!CCC::CC_Event
02 mstscax!CCC::MACROGENERATED_Static_CC_Event
03 mstscax!CCD::CDWndProc
04 mstscax!CCD::CDStaticWndProc
05 USER32!InternalCallWinProc
06 USER32!UserCallWinProcCheckWow
07 USER32!DispatchMessageWorker
08 USER32!DispatchMessageW
09 mstscax!CSND::SND_Main
0a mstscax!CSND::SND_StaticMain
0b mstscax!CUT::UTStaticThreadEntry
0c mstscax!_threadstartex
0d kernel32!BaseThreadStart
0: kd> g
Breakpoint 23 hit
mstscax!CCC::CCFSMProc:
001b:5d01eab0 55 push ebp
0: kd> dv
this = 0x00a495c8
event = 2
data = 0x15139c
dataLen = 0x18f
trc_fn = 0xffffffeb
trc_file = 0x00000000
hr = 0n13893104
action = 0x800a
desktopSize = struct tagDCSIZE
sendRc = 0n1
__fnname = unsigned short [10]
pConnect = 0x00000001
0: kd> kc
#
00 mstscax!CCC::CCFSMProc
01 mstscax!CCC::CC_OnDemandActivePDU
02 mstscax!CCC::MACROGENERATED_Static_CC_OnDemandActivePDU
03 mstscax!CCD::CDWndProc
04 mstscax!CCD::CDStaticWndProc
05 USER32!InternalCallWinProc
06 USER32!UserCallWinProcCheckWow
07 USER32!DispatchMessageWorker
08 USER32!DispatchMessageW
09 mstscax!CSND::SND_Main
0a mstscax!CSND::SND_StaticMain
0b mstscax!CUT::UTStaticThreadEntry
0c mstscax!_threadstartex
0d kernel32!BaseThreadStart
0: kd> g
21:02:13.65*0d84:0d98*UHAllocDrawE*9893*Can't load GdipPlayTSClientRecord
Breakpoint 23 hit
mstscax!CCC::CCFSMProc:
001b:5d01eab0 55 push ebp
0: kd> dv
this = 0x00a495c8
event = 3
data = 0
dataLen = 0
trc_fn = 0x5d0d0790
trc_file = 0x5cf2c720
hr = 0n1559413024
action = 1
desktopSize = struct tagDCSIZE
sendRc = 0n10787224
__fnname = unsigned short [10]
pConnect = 0x000a4c3a
0: kd> kc
#
00 mstscax!CCC::CCFSMProc
01 mstscax!CCC::CCSendPDU
02 mstscax!CCC::CCFSMProc
03 mstscax!CCC::CC_OnDemandActivePDU
04 mstscax!CCC::MACROGENERATED_Static_CC_OnDemandActivePDU
05 mstscax!CCD::CDWndProc
06 mstscax!CCD::CDStaticWndProc
07 USER32!InternalCallWinProc
08 USER32!UserCallWinProcCheckWow
09 USER32!DispatchMessageWorker
0a USER32!DispatchMessageW
0b mstscax!CSND::SND_Main
0c mstscax!CSND::SND_StaticMain
0d mstscax!CUT::UTStaticThreadEntry
0e mstscax!_threadstartex
0f kernel32!BaseThreadStart
0: kd> g
Breakpoint 23 hit
mstscax!CCC::CCFSMProc:
001b:5d01eab0 55 push ebp
0: kd> dv
this = 0x00a495c8
event = 3
data = 0
dataLen = 0
trc_fn = 0x00000001
trc_file = 0x5cf2c720
hr = 0n1559413024
action = 1
desktopSize = struct tagDCSIZE
sendRc = 0n10787224
__fnname = unsigned short [10]
pConnect = 0x000a4c36
0: kd> kc
#
00 mstscax!CCC::CCFSMProc
01 mstscax!CCC::CCSendPDU
02 mstscax!CCC::CCFSMProc
03 mstscax!CCC::CCSendPDU
04 mstscax!CCC::CCFSMProc
05 mstscax!CCC::CC_OnDemandActivePDU
06 mstscax!CCC::MACROGENERATED_Static_CC_OnDemandActivePDU
07 mstscax!CCD::CDWndProc
08 mstscax!CCD::CDStaticWndProc
09 USER32!InternalCallWinProc
0a USER32!UserCallWinProcCheckWow
0b USER32!DispatchMessageWorker
0c USER32!DispatchMessageW
0d mstscax!CSND::SND_Main
0e mstscax!CSND::SND_StaticMain
0f mstscax!CUT::UTStaticThreadEntry
10 mstscax!_threadstartex
11 kernel32!BaseThreadStart
0: kd> g
Breakpoint 23 hit
mstscax!CCC::CCFSMProc:
001b:5d01eab0 55 push ebp
0: kd> dv
this = 0x00a495c8
event = 3
data = 0
dataLen = 0
trc_fn = 0x00000001
trc_file = 0x5cf2c720
hr = 0n1559413024
action = 1
desktopSize = struct tagDCSIZE
sendRc = 0n10787224
__fnname = unsigned short [10]
pConnect = 0x000a4c36
0: kd> kc
#
00 mstscax!CCC::CCFSMProc
01 mstscax!CCC::CCSendPDU
02 mstscax!CCC::CCFSMProc
03 mstscax!CCC::CCSendPDU
04 mstscax!CCC::CCFSMProc
05 mstscax!CCC::CCSendPDU
06 mstscax!CCC::CCFSMProc
07 mstscax!CCC::CC_OnDemandActivePDU
08 mstscax!CCC::MACROGENERATED_Static_CC_OnDemandActivePDU
09 mstscax!CCD::CDWndProc
0a mstscax!CCD::CDStaticWndProc
0b USER32!InternalCallWinProc
0c USER32!UserCallWinProcCheckWow
0d USER32!DispatchMessageWorker
0e USER32!DispatchMessageW
0f mstscax!CSND::SND_Main
10 mstscax!CSND::SND_StaticMain
11 mstscax!CUT::UTStaticThreadEntry
12 mstscax!_threadstartex
13 kernel32!BaseThreadStart
0: kd> g
Breakpoint 23 hit
mstscax!CCC::CCFSMProc:
001b:5d01eab0 55 push ebp
0: kd> dv
this = 0x00a495c8
event = 3
data = 0
dataLen = 0
trc_fn = 0x00000001
trc_file = 0x5cf2c720
hr = 0n1559413024
action = 1
desktopSize = struct tagDCSIZE
sendRc = 0n10787224
__fnname = unsigned short [10]
pConnect = 0x000a4c36
0: kd> kc
#
00 mstscax!CCC::CCFSMProc
01 mstscax!CCC::CCSendPDU
02 mstscax!CCC::CCFSMProc
03 mstscax!CCC::CCSendPDU
04 mstscax!CCC::CCFSMProc
05 mstscax!CCC::CCSendPDU
06 mstscax!CCC::CCFSMProc
07 mstscax!CCC::CCSendPDU
08 mstscax!CCC::CCFSMProc
09 mstscax!CCC::CC_OnDemandActivePDU
0a mstscax!CCC::MACROGENERATED_Static_CC_OnDemandActivePDU
0b mstscax!CCD::CDWndProc
0c mstscax!CCD::CDStaticWndProc
0d USER32!InternalCallWinProc
0e USER32!UserCallWinProcCheckWow
0f USER32!DispatchMessageWorker
10 USER32!DispatchMessageW
11 mstscax!CSND::SND_Main
12 mstscax!CSND::SND_StaticMain
13 mstscax!CUT::UTStaticThreadEntry
14 mstscax!_threadstartex
15 kernel32!BaseThreadStart
0: kd> g
(s: 0 0xd84.d88 mstsc.exe) USRK-[Wrn=1400] ValidateHwnd: Invalid hwnd (00000000)
(s: 0 0xd84.d88 mstsc.exe) USRK-[Wrn=1400] ValidateHwnd: Invalid hwnd (00000000)
(s: 0 0xd84.d94 mstsc.exe) USRK-[Wrn] xxxInternalToUnicode: VK_UNKNOWN, vsc=00
(s: 0 0xd84.d94 mstsc.exe) USRK-[Wrn] xxxInternalToUnicode: VK_UNKNOWN, vsc=c000
Breakpoint 23 hit
mstscax!CCC::CCFSMProc:
001b:5d01eab0 55 push ebp
0: kd> dv
this = 0x00a495c8
event = 5
data = 0
dataLen = 0
trc_fn = 0x00000197
trc_file = 0x00000001
hr = 0n1
action = 0xd3fd28
desktopSize = struct tagDCSIZE
sendRc = 0n13893080
__fnname = unsigned short [10]
pConnect = 0x00000001
0: kd> kc
#
00 mstscax!CCC::CCFSMProc
01 mstscax!CCC::CC_Event
02 mstscax!CCC::MACROGENERATED_Static_CC_Event
03 mstscax!CCD::CDWndProc
04 mstscax!CCD::CDStaticWndProc
05 USER32!InternalCallWinProc
06 USER32!UserCallWinProcCheckWow
07 USER32!DispatchMessageWorker
08 USER32!DispatchMessageW
09 mstscax!CSND::SND_Main
0a mstscax!CSND::SND_StaticMain
0b mstscax!CUT::UTStaticThreadEntry
0c mstscax!_threadstartex
0d kernel32!BaseThreadStart
0: kd> g
Breakpoint 24 hit
mstscax!CTD::TDConnectFSMProc:
001b:5cff1960 55 push ebp
1: kd> dv
this = 0x00a4e550
fsmEvent = 4
eventData = 1
trc_fn = 0x00d7fb6c
trc_file = 0x00000001
action = 1
__fnname = unsigned short [17]
1: kd> kc
#
00 mstscax!CTD::TDConnectFSMProc
01 mstscax!CTD::TD_Disconnect
02 mstscax!CXT::XT_Disconnect
03 mstscax!CMCS::MCSHandleControlPkt
04 mstscax!CMCS::MCS_OnXTDataAvailable
05 mstscax!CXT::XT_OnTDDataAvailable
06 mstscax!CTD::TDWndProc
07 mstscax!CTD::StaticTDWndProc
08 USER32!InternalCallWinProc
09 USER32!UserCallWinProcCheckWow
0a USER32!DispatchMessageWorker
0b USER32!DispatchMessageW
0c mstscax!CNC::NC_Main
0d mstscax!CNC::NC_StaticMain
0e mstscax!CUT::UTStaticThreadEntry
0f mstscax!_threadstartex
10 kernel32!BaseThreadStart
1: kd> g
Breakpoint 24 hit
mstscax!CTD::TDConnectFSMProc:
001b:5cff1960 55 push ebp
0: kd> dv
this = 0x00a4e550
fsmEvent = 7
eventData = 0x904
trc_fn = 0x00a4e660
trc_file = 0x00000001
action = 1
__fnname = unsigned short [17]
0: kd> kc
#
00 mstscax!CTD::TDConnectFSMProc
01 mstscax!CTD::TDWndProc
02 mstscax!CTD::StaticTDWndProc
03 USER32!InternalCallWinProc
04 USER32!UserCallWinProcCheckWow
05 USER32!DispatchMessageWorker
06 USER32!DispatchMessageW
07 mstscax!CNC::NC_Main
08 mstscax!CNC::NC_StaticMain
09 mstscax!CUT::UTStaticThreadEntry
0a mstscax!_threadstartex
0b kernel32!BaseThreadStart
0: kd> g
Breakpoint 23 hit
mstscax!CCC::CCFSMProc:
001b:5d01eab0 55 push ebp
0: kd> dv
this = 0x00a495c8
event = 7
data = 2
dataLen = 4
trc_fn = 0x0000000d
trc_file = 0x5d0d0790
hr = 0n0
action = 1
desktopSize = struct tagDCSIZE
sendRc = 0n13892928
__fnname = unsigned short [10]
pConnect = 0x00000001
0: kd> kc
#
00 mstscax!CCC::CCFSMProc
01 mstscax!CCC::CC_OnDisconnected
02 mstscax!CCC::MACROGENERATED_Static_CC_OnDisconnected
03 mstscax!CCD::CDWndProc
04 mstscax!CCD::CDStaticWndProc
05 USER32!InternalCallWinProc
06 USER32!UserCallWinProcCheckWow
07 USER32!DispatchMessageWorker
08 USER32!DispatchMessageW
09 mstscax!CSND::SND_Main
0a mstscax!CSND::SND_StaticMain
0b mstscax!CUT::UTStaticThreadEntry
0c mstscax!_threadstartex
0d kernel32!BaseThreadStart
0: kd> g
TSSNDC – WRN:InitEventFnEx: VirtualChannelClose returned 4
(s: 0 0xd84.d88 mstsc.exe) USRK-[Wrn=1400] ValidateHwnd: Invalid hwnd (00000000)
(s: 0 0xd84.d88 mstsc.exe) USRK-[Wrn=1400] ValidateHwnd: Invalid hwnd (00000000)
Break instruction exception – code 80000003 (first chance)
*******************************************************************************
* *
* You are seeing this message because you pressed either *
* CTRL+C (if you run console kernel debugger) or, *
* CTRL+BREAK (if you run GUI kernel debugger), *
* on your debugger machine's keyboard. *
* *
* THIS IS NOT A BUG OR A SYSTEM CRASH *
* *
* If you did not intend to break into the debugger, press the “g” key, then *
* press the “Enter” key now. This message might immediately reappear. If it *
* does, press “g” and “Enter” again. *
* *
*******************************************************************************
nt!RtlpBreakWithStatusInstruction:
80ae0d1c cc int 3
© 版权声明
文章版权归作者所有,未经允许请勿转载。
相关文章
暂无评论...
![深入探究 Java 应用日志中的 Starting ProtocolHandler [`http-nio-9001`] 启动机制](https://www.dunling.com/img/10.jpg)