winlogon源代码分析之USER32!InternalCreateDialog创建对话框MSGINA!UnlockDlg的调试记录–重要

内容分享11小时前发布
1 0 0

winlogon源代码分析之USER32!InternalCreateDialog创建对话框MSGINA!UnlockDlg的调试记录

winlogon源代码分析之USER32!InternalCreateDialog创建对话框MSGINA!UnlockDlg的调试记录--重要
0: kd> t
Breakpoint 34 hit
eax=00000001 ebx=77cab154 ecx=00000000 edx=00000000 esi=ffffffff edi=000003a5
eip=77cff351 esp=0006f944 ebp=0006f960 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
USER32!InternalDialogBox:
001b:77cff351 55              push    ebp
0: kd> kc
 #
00 USER32!InternalDialogBox
01 USER32!DialogBoxIndirectParamAorW
02 USER32!DialogBoxParamW
03 USER32!DialogBoxParamW_wrapper
04 winlogon!Fusion_DialogBoxParam
05 winlogon!TimeoutDialogBoxParam
06 winlogon!WlxDialogBoxParam
07 MSGINA!WlxWkstaLockedSAS
08 winlogon!DoLockWksta
09 winlogon!DoScreenSaver
0a winlogon!LoggedonDlgProc
0b winlogon!RootDlgProc
0c USER32!InternalCallWinProc
0d USER32!UserCallDlgProcCheckWow
0e USER32!DefDlgProcWorker
0f USER32!DefDlgProcW
10 USER32!InternalCallWinProc
11 USER32!UserCallWinProcCheckWow
12 USER32!DispatchMessageWorker
13 USER32!DispatchMessageW
14 USER32!IsDialogMessageW
15 USER32!DialogBox2
16 USER32!InternalDialogBox
17 USER32!DialogBoxIndirectParamAorW
18 USER32!DialogBoxParamW
19 USER32!DialogBoxParamW_wrapper
1a winlogon!Fusion_DialogBoxParam
1b winlogon!TimeoutDialogBoxParam
1c winlogon!WlxDialogBoxParam
1d winlogon!BlockWaitForUserAction
1e winlogon!MainLoop
1f winlogon!WinMain
20 winlogon!WinMainCRTStartup
0: kd> dv
        hModule = 0x75080000
           lpdt = 0x750b7580
      hwndOwner = 0x00000000
      pfnDialog = 0x0102c230
         lParam = 0n457284
    fSCDLGFlags = 1
      fDisabled = 0n457040

    if (hwndOwner) {
        if ((pwndOwner = ValidateHwnd(hwndOwner)) == NULL) {
            return (0L);
        }

    /*
     * Don't show cursors on a mouseless system. Put up an hour glass while
     * the dialog comes up.
     */
    if (SYSMET(MOUSEPRESENT)) {
        NtUserSetCursor(LoadCursor(NULL, IDC_WAIT));
    }

0: kd> p
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserFindExistingCursorIcon, retval = 10007
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetCursor, retval = 10007
eax=00010007 ebx=00000000 ecx=0006f924 edx=7ffe0304 esi=00000000 edi=00000000
eip=77cff41c esp=0006f930 ebp=0006f940 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
USER32!InternalDialogBox+0xcb:
001b:77cff41c ff751c          push    dword ptr [ebp+1Ch] ss:0023:0006f95c=00000001

   /*
     * Creates the dialog.  Frees the menu if this routine fails.
     */
    hwnd = InternalCreateDialog(hModule, lpdt, 0, hwndOwner,
            pfnDialog, lParam, fSCDLGFlags);

0: kd> p
(s: 0 0x3d8.238 explorer.exe) USRK-[StubCallback] Callback SfnINSTRINGNULL, Unknown(WM_WININICHANGE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USER-[IMM(s: 0 0x3d8.238 explorer.exe) USRK-[StubReturn] NtUserPeekMessage, retval = 1
] CreateDlgFont: fUseShellFont2=TRUE
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] SetDialogPointer, retval = 1230408
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINOUTNCCALCSIZE, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINOUTNCCALCSIZE, Unknown(WM_NCCALCSIZE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_CREATE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_SIZE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_MOVE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = 1800e0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_CREATE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = 1300b6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x3d8.238 explorer.exe) USRK-[StubReturn] NtUserGetDC, retval = 1010055
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x3d8.238 explorer.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_CREATE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = c00b0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_CREATE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = d00b2
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 4
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 6501020a
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 6501020a
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_CREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserInvalidateRect, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_SIZE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = e00d4
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 92010211
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x3d8.238 explorer.exe) USRK-[StubReturn] NtUserGetUpdateRect, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_CREATE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = 900ae
(s: 0 0x3d8.238 explorer.exe) USRK-[StubReturn] NtUserBeginPaint, retval = 46010155
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 4
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 6501020a
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 6501020a
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 6501020a
(s: 0 0x3d8.238 explorer.exe) USRK-[StubReturn] NtUserEndPaint, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_CREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserInvalidateRect, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_SIZE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = 800ec
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 7c01022a
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 7c01022a
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x3d8.238 explorer.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_PAINT), retval = 0
(s: 0 0x3d8.238 explorer.exe) USRK-[StubReturn] NtUserDispatchMessage, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_CREATE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = 600aa
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 8
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] SetWindowState, retval = bc644c4d
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] ClearWindowState, retval = bc644c4e
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] ClearWindowState, retval = bc644c49
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 6501020a
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = a0010230
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserPostMessage, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_CREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetScrollInfo, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGED), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetScrollInfo, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_SIZE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = d00d6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowWindow, retval = 10
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGED), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetParent, retval = 1000d8
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowWindow, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserInvalidateRect, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_SIZE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMoveWindow, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_CREATE), retval = 7d4c2c
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_SIZE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = 1000d8
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = a0010230
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetScrollInfo, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 6501020a
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowWindow, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserInvalidateRect, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_SIZE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGED), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMoveWindow, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_CREATE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = a00f0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = c0092
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = 900fa
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = a00ea
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetAtomName, retval = 6
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINLPCREATESTRUCT, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_NCCREATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPCREATESTRUCT, Unknown(WM_CREATE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateWindowEx, retval = a00ee
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0

Breakpoint 33 hit
eax=0006fa78 ebx=001800e0 ecx=001800e0 edx=7ffe0304 esi=000774bc edi=00077418
eip=0102c1b3 esp=0006f718 ebp=0006f730 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
winlogon!EnableSasMessages:
001b:0102c1b3 55              push    ebp
1: kd> kc
 #
00 winlogon!EnableSasMessages
01 winlogon!RootDlgProc
02 USER32!InternalCallWinProc
03 USER32!UserCallDlgProcCheckWow
04 USER32!DefDlgProcWorker
05 USER32!SendMessageWorker
06 USER32!InternalCreateDialog
07 USER32!InternalDialogBox
08 USER32!DialogBoxIndirectParamAorW
09 USER32!DialogBoxParamW
0a USER32!DialogBoxParamW_wrapper
0b winlogon!Fusion_DialogBoxParam
0c winlogon!TimeoutDialogBoxParam
0d winlogon!WlxDialogBoxParam
0e MSGINA!WlxWkstaLockedSAS
0f winlogon!DoLockWksta
10 winlogon!DoScreenSaver
11 winlogon!LoggedonDlgProc
12 winlogon!RootDlgProc
13 USER32!InternalCallWinProc
14 USER32!UserCallDlgProcCheckWow
15 USER32!DefDlgProcWorker
16 USER32!DefDlgProcW
17 USER32!InternalCallWinProc
18 USER32!UserCallWinProcCheckWow
19 USER32!DispatchMessageWorker
1a USER32!DispatchMessageW
1b USER32!IsDialogMessageW
1c USER32!DialogBox2
1d USER32!InternalDialogBox
1e USER32!DialogBoxIndirectParamAorW
1f USER32!DialogBoxParamW
20 USER32!DialogBoxParamW_wrapper
21 winlogon!Fusion_DialogBoxParam
22 winlogon!TimeoutDialogBoxParam
23 winlogon!WlxDialogBoxParam
24 winlogon!BlockWaitForUserAction
25 winlogon!MainLoop
26 winlogon!WinMain
27 winlogon!WinMainCRTStartup

VOID
EnableSasMessages(HWND  hWnd, PTERMINAL pTerm)
{
    DWORD   SasType;
    SasMessages = TRUE;

    ASSERT(pTerm);
    if (!pTerm)
        return;

    while (FetchPendingSas(&SasType, pTerm))
    {
        if (hWnd)
        {
#if DBG
            DebugLog((DEB_TRACE, “Posting queued Sas %d to window %x
“,
                        SasType, hWnd ));
#endif

            pTerm->SasType = SasType;
            PostMessage(hWnd, WLX_WM_SAS, (WPARAM) SasType, 0);
        }
    }
}

    [+0x394] PendingSasHead   : 0x9 [Type: unsigned long]
    [+0x398] PendingSasTail   : 0x9 [Type: unsigned long]

1: kd> bp 77cff432
breakpoint 15 redefined
1: kd> g
03:41:08.593 897515E4.E2FD7070 TERMSRV: -|——————————————–|-
03:41:08.593 897515E4.E2FD7070 TERMSRV: Client SPN: NT AUTHORITYSYSTEM
03:41:08.593 897515E4.E2FD7070 TERMSRV: Authentication level: RPC_C_AUTHN_LEVEL_PKT_PRIVACY
03:41:08.593 897515E4.E2FD7070 TERMSRV: Authentication service: RPC_C_AUTHN_WINNT
03:41:08.593 897515E4.E2FD7070 TERMSRV: -|——————————————–|-
03:41:08.609 897515E4.E2FD7070 TERMSRV: WinStationQueryInformation LogonId=0, Class=6
03:41:08.609 897515E4.E2FD7070 TERMSRV: RpcCheckClientAccess, AccessCheckAndAuditAlarm(0) returned no error
03:41:08.609 897515E4.E2FD7070 TERMSRV: WinStationQueryInformation LogonId=0, Class=6, Status=0x0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserKillTimer, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetTimer, retval = 7ede
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserDefSetText, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetIconSize, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetCursorFrameInfo, retval = 2005b
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserInvalidateRect, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _GetKeyboardLayout, retval = 4090409
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetKeyboardLayoutList, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINOUTLPWINDOWPOS, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINOUTLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGING), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINOUTNCCALCSIZE, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINOUTNCCALCSIZE, Unknown(WM_NCCALCSIZE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] FAllowForegroundActivate FRemoveForegroundActivate 0XE1404C50
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] FRemoveForegroundActivate clear TIF 0XE1404C50
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] FRemoveForegroundActivate clear W32PF 0XE1619070
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] FAllowForegroundActivate FALSE due to addtional checks
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINOUTLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGING), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGED), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ACTIVATEAPP), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ACTIVATEAPP), retval = 0
Breakpoint 16 hit
eax=c0000000 ebx=00000000 ecx=00000000 edx=00000000 esi=01019e08 edi=0006f36c
eip=01019e08 esp=0006f2f8 ebp=0006f320 iopl=0         nv up ei pl nz na pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000207
winlogon!SASWndProc:
001b:01019e08 55              push    ebp
1: kd> kc
 #
00 winlogon!SASWndProc
01 USER32!InternalCallWinProc
02 USER32!UserCallWinProcCheckWow
03 USER32!DispatchClientMessage
04 USER32!__fnDWORD
05 ntdll!KiUserCallbackDispatcher
06 nt!KiCallUserMode
07 nt!KeUserModeCallback
08 win32k!SfnDWORD
09 win32k!xxxSendMessageToClient
0a win32k!xxxSendMessageTimeout
0b win32k!xxxSendMessage
0c win32k!xxxActivateApp
0d win32k!xxxInternalEnumWindow
0e win32k!xxxActivateThisWindow
0f win32k!xxxActivateWindow
10 win32k!xxxSwpActivate
11 win32k!xxxEndDeferWindowPosEx
12 win32k!xxxSetWindowPos
13 win32k!NtUserSetWindowPos
14 nt!_KiSystemService
15 SharedUserData!SystemCallStub
16 ntdll!KiUserCallbackDispatcher
17 USER32!NtUserSetWindowPos
18 MSGINA!SizeForBranding
19 MSGINA!UnlockDlgInit
1a MSGINA!UnlockDlgProc
1b winlogon!RootDlgProc
1c USER32!InternalCallWinProc
1d USER32!UserCallDlgProcCheckWow
1e USER32!DefDlgProcWorker
1f USER32!SendMessageWorker
20 USER32!InternalCreateDialog
21 USER32!InternalDialogBox
22 USER32!DialogBoxIndirectParamAorW
23 USER32!DialogBoxParamW
24 USER32!DialogBoxParamW_wrapper
25 winlogon!Fusion_DialogBoxParam
26 winlogon!TimeoutDialogBoxParam
27 winlogon!WlxDialogBoxParam
28 MSGINA!WlxWkstaLockedSAS
29 winlogon!DoLockWksta
2a winlogon!DoScreenSaver
2b winlogon!LoggedonDlgProc
2c winlogon!RootDlgProc
2d USER32!InternalCallWinProc
2e USER32!UserCallDlgProcCheckWow
2f USER32!DefDlgProcWorker
30 USER32!DefDlgProcW
31 USER32!InternalCallWinProc
32 USER32!UserCallWinProcCheckWow
33 USER32!DispatchMessageWorker
34 USER32!DispatchMessageW
35 USER32!IsDialogMessageW
36 USER32!DialogBox2
37 USER32!InternalDialogBox
38 USER32!DialogBoxIndirectParamAorW
39 USER32!DialogBoxParamW
3a USER32!DialogBoxParamW_wrapper
3b winlogon!Fusion_DialogBoxParam
3c winlogon!TimeoutDialogBoxParam
3d winlogon!WlxDialogBoxParam
3e winlogon!BlockWaitForUserAction
3f winlogon!MainLoop
40 winlogon!WinMain
41 winlogon!WinMainCRTStartup

1: kd> dv
           hwnd = 0x0001001c
        message = 0x1c
         wParam = 1
         lParam = 0n0

WM_ActivateApp=0x1c!!!

1: kd> g
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ACTIVATEAPP), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnDWORD, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_NCACTIVATE), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ACTIVATE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[Vrbs=5] Access denied in UT_CaretSet to current queue's caret
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserHideCaret, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 6501020a
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[Vrbs=5] Access denied in UT_CaretSet to current queue's caret
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowCaret, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_KILLFOCUS), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 6501020a
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateCaret, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] zzzSetCaretPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowCaret, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_SETFOCUS), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetFocus, retval = 1800e0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_SETFOCUS), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGED), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINOUTLPWINDOWPOS, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINOUTLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGING), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINOUTNCCALCSIZE, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINOUTNCCALCSIZE, Unknown(WM_NCCALCSIZE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGED), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] xxxEnableWindow, retval = 0
(s: 0 0x3d8.41c explorer.exe) USRK-[StubReturn] NtUserWaitMessage, retval = 1
(s: 0 0x3d8.41c explorer.exe) USRK-[StubReturn] NtUserPeekMessage, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowWindow, retval = 10
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowWindow, retval = 10
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowWindow, retval = 10
03:41:11.953 897515E4.E2FD7070 TERMSRV: -|——————————————–|-
03:41:11.953 897515E4.E2FD7070 TERMSRV: Client SPN: NT AUTHORITYSYSTEM
03:41:11.953 897515E4.E2FD7070 TERMSRV: Authentication level: RPC_C_AUTHN_LEVEL_PKT_PRIVACY
03:41:11.953 897515E4.E2FD7070 TERMSRV: Authentication service: RPC_C_AUTHN_WINNT
03:41:11.953 897515E4.E2FD7070 TERMSRV: -|——————————————–|-
03:41:11.953 897515E4.E2FD7070 TERMSRV: WinStationQueryInformation LogonId=0, Class=6
03:41:11.953 897515E4.E2FD7070 TERMSRV: RpcCheckClientAccess, AccessCheckAndAuditAlarm(0) returned no error
03:41:11.953 897515E4.E2FD7070 TERMSRV: WinStationQueryInformation LogonId=0, Class=6, Status=0x0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINOUTLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGING), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGED), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] FAllowForegroundActivate FRemoveForegroundActivate 0XE1404C50
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] xxxStubSetForegroundWindow, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINOUTLPWINDOWPOS, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINOUTLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGING), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnINOUTNCCALCSIZE, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINOUTNCCALCSIZE, Unknown(WM_NCCALCSIZE), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGED), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowWindow, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowWindow, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowWindow, retval = 10
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserDefSetText, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] xxxEnableWindow, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetProp, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] xxxWOWGetProcModule, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 77d0126c
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetProp, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] xxxWOWGetProcModule, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowLongPtr, retval = 77d0126c
(s: 0 0x1c8.1cc winlogon.exe) USER-[Vrbs=1421]
(s: 0 0x1c8.1cc winlogon.exe) USER-[Vrbs=1421]
(s: 0 0x1c8.1cc winlogon.exe) USER-[Vrbs=1421]
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] zzzDestroyCaret, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_KILLFOCUS), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetDC, retval = 6501020a
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCreateCaret, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] zzzSetCaretPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] _ReleaseDC, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowCaret, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_SETFOCUS), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetFocus, retval = e00d4
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_SHOWWINDOW), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] FAllowForegroundActivate FRemoveForegroundActivate 0XE1404C50
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINOUTLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGING), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnOUTSTRING, Unknown(WM_GETTEXT), retval = f
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnDWORD, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_NCPAINT), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ERASEBKGND), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGED), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowWindow, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnDWORD, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_PAINT), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ERASEBKGND), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserBeginPaint, retval = a0010230
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_CTLCOLORSTATIC), retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetControlBrush, retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserEndPaint, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_PAINT), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ERASEBKGND), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserBeginPaint, retval = a0010230
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_CTLCOLORSTATIC), retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetControlBrush, retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserEndPaint, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_PAINT), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ERASEBKGND), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserBeginPaint, retval = a0010230
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_CTLCOLORSTATIC), retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetControlBrush, retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserEndPaint, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_PAINT), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserHideCaret, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnDWORD, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_NCPAINT), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ERASEBKGND), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserBeginPaint, retval = a0010230
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserHideCaret, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowCaret, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserEndPaint, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowCaret, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_PAINT), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ERASEBKGND), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserBeginPaint, retval = a0010230
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_CTLCOLORSTATIC), retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetControlBrush, retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserEndPaint, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_PAINT), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserHideCaret, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] fnDWORD, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserMessageCall, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_NCPAINT), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ERASEBKGND), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserBeginPaint, retval = a0010230
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserHideCaret, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] zzzSetCaretPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowCaret, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserEndPaint, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserShowCaret, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_PAINT), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ERASEBKGND), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserBeginPaint, retval = a0010230
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_CTLCOLORBTN), retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetControlBrush, retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserEndPaint, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_PAINT), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ERASEBKGND), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserBeginPaint, retval = a0010230
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_CTLCOLORBTN), retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetControlBrush, retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserEndPaint, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_PAINT), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_ERASEBKGND), retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserBeginPaint, retval = a0010230
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_CTLCOLORSTATIC), retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserGetControlBrush, retval = 1100058
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserDrawIconEx, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserEndPaint, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_PAINT), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] xxxUpdateWindow, retval = 1
Breakpoint 15 hit
eax=001800e0 ebx=00000000 ecx=bbe70000 edx=00000200 esi=00000000 edi=00000000
eip=77cff432 esp=0006f930 ebp=0006f940 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
USER32!InternalDialogBox+0xe1:
001b:77cff432 3bc3            cmp     eax,ebx

第三部分:

    /*
     * Creates the dialog.  Frees the menu if this routine fails.
     */
    hwnd = InternalCreateDialog(hModule, lpdt, 0, hwndOwner,
            pfnDialog, lParam, fSCDLGFlags);//返回到这里:

    if (hwnd == NULL) {

        /*
         * The dialog creation failed.  Re-enable the window, destroy the
         * menu, ie., fail gracefully.
         */
        if (!fDisabled && hwndOwner != NULL)
            NtUserEnableWindow(hwndOwner, TRUE);

        if (fUnlockOwner)
            ThreadUnlock(&tlpwndOwner);
        return -1;
    }

    i = DialogBox2(hwnd, hwndOwner, fDisabled, fOwnerIsActiveWindow);

© 版权声明
文章版权归作者所有,未经允许请勿转载。

相关文章

暂无评论

none
暂无评论...

热门网站

日榜周榜月榜
立创商城

立创商城

立创商城(SZLCSC.COM) 一站式电子元器件采购自营商城,拥有13万+平米智能化仓储,现货SKU品类超64万种,正品保证,支持一键BOM配单,最快4小时发货,为用户提供一站式电子元器件线上采购服务。
致美化

致美化

致美化 - 视觉美化研究平台
重庆购物狂—找对象、办婚礼、搞装修、聊育儿、买房子,就上重庆购物狂论坛

重庆购物狂—找对象、办婚礼、搞装修、聊育儿、买房子,就上重庆购物狂论坛

重庆购物狂 重庆购物狂网 重庆论坛(cqmmgo.com,备用域名www.lianglukou.com、www.baibaiyu.com),起源于重庆第一家本土购物、打折交流论坛——重庆购物狂论坛,属于重庆本土化的都市生活消费信息类网站,包含购物、婚庆、美食、休闲、文化、运动、女性消费等一切跟生活消费有关的内容。目前重庆购物狂已经成为重庆最具人气的生活消费社区,为年轻人购物、美食、娱乐等消费行为提供了重要的参考与指导
巨量引擎官网|今日头条广告投放

巨量引擎官网|今日头条广告投放

巨量引擎是抖音集团旗下的官方营销服务品牌,整合了今日头条、抖音、西瓜视频等营销资源的广告投放平台,了解今日头条推广,抖音广告投放,抖音推广,抖音广告,抖音推广平台,帮您高效达成营销推广目标。
头歌实践教学平台

头歌实践教学平台

(EduCoder)是信息技术类实践教学平台。(EduCoder)涵盖了计算机、大数据、云计算、人工智能、软件工程、物联网等专业课程。超60000个实训案例,建立学、练、评、测一体化实验环境。
银行卡号归属地查询

银行卡号归属地查询

卡号网提供银行卡归属地、开户行、联行号查询以及最新的2025银联卡BIN表,可查询中行、农行、工行、建行、交行、招商、民生、兴业、中信、光大、邮政、浦发、广发、华夏、上海、浙商、大连、江苏、渤海、杭州、宁波、厦门、西安、恒丰、平安银行借记卡号归属地、信用卡基本信息查询,卡号网银行卡数据库每月更新。查卡号归属地就上卡号网chakahao.com。
查看完整榜单

热门文章

日榜周榜月榜
PX4-Autopilot代码解析(20)-手动控制界面

PX4-Autopilot代码解析(20)-手动控制界面

头像11小时前
9
金篆GoldenDB GDCA认证题库

金篆GoldenDB GDCA认证题库

头像7天前
19
毕业论文不会交叉引用?这篇文章给你讲清楚,只需两种方式解决

毕业论文不会交叉引用?这篇文章给你讲清楚,只需两种方式解决

头像16小时前
4
易懂案例:用班费记账来理解区块链Paxos算法、Basic Paxos算法、Cheap Paxos算法、Egalitarian Paxos算法、Fast Paxos算法、Multi-Paxos算法、B

易懂案例:用班费记账来理解区块链Paxos算法、Basic Paxos算法、Cheap Paxos算法、Egalitarian Paxos算法、Fast Paxos算法、Multi-Paxos算法、B

头像2个月前
13
AI云增长强于预期,但广告收入下滑,百度面临“AI转型阵痛”

AI云增长强于预期,但广告收入下滑,百度面临“AI转型阵痛”

头像1天前
2
logo设计|生物科技与字母的化学反应

logo设计|生物科技与字母的化学反应

头像2个月前
42
查看完整榜单

标签云