termsrv调试指南和调试记录第六版开机3389登录退出关机
来源:     阅读:3
易浩激活码
发布于 2025-11-05 16:42
查看主页

通过网盘分享的文件:termsrv调试指南和调试记录第六版开机3389登录退出关机.txt
链接: https://pan.baidu.com/s/1ChTJELDF83IK1TYkrgaUaQ?pwd=3790 提取码: 3790
--来自百度网盘超级会员v8的分享

rdpwsx!WsxInitialize下断点后termsrv!FindWinStationExtensionDll的两次调用有什么不同


     0 e Disable Clear  74882420  [d:srv03rtm ermsrvwinstaservericasrv.c @ 178]     0001 (0001) termsrv!DllMain
     1 e Disable Clear  74882b24  [d:srv03rtm ermsrvwinstaservericasrv.c @ 453]     0001 (0001) termsrv!ServiceMain


bp    termsrv!DllMain

bp    termsrv!ServiceMain


0: kd> x nt!kd_term*
80b189ec          nt!Kd_TERMSRV_Mask = 0
0: kd> ed 80b189ec  ffffffff

bp    termsrv!InitializeSystemTrace
bp    ICAAPI!IcaOpen
bp    termdd!IcaTraceFormat

gu

bp    termsrv!FindWinStationExtensionDll
bp    rdpwsx!WsxInitialize
0: kd> x rdpwsx!g_hIcaTrace
70fcfa18          rdpwsx!g_hIcaTrace = 0x00000000
0: kd> x termsrv!htrace
748b5008          termsrv!hTrace = 0x000005b0
0: kd> ed 70fcfa18 5b0
0: kd> x rdpwsx!g_hIcaTrace
70fcfa18          rdpwsx!g_hIcaTrace = 0x000005b0


0: kd> p
rdpwsx!WsxInitialize+0x4:
001b:70fbe121 a118fafc70      mov     eax,dword ptr [rdpwsx!g_hIcaTrace (70fcfa18)]
0: kd> p
04:47:22.343 898061FC.E1757188 TShrSRV: WsxInitialize entry        //显示出了rdpwsx.dll第一条调试信息!!!

[NETLOGON] Cannot write to log file - file not open
512.516> SPM-Error: EfsServerInit - EFS Init Recovery Policy failed 0x2

KD: write to 0x74882420 ok
KD: write to 0x74882B24 ok
Breakpoint 0 hit
termsrv!DllMain:
001b:74882420 55              push    ebp
0: kd> g
Breakpoint 1 hit
termsrv!ServiceMain:
001b:74882b24 55              push    ebp
0: kd> bp    termsrv!InitializeSystemTrace
0: kd> bl
     0 e Disable Clear  74882420  [d:srv03rtm ermsrvwinstaservericasrv.c @ 178]     0001 (0001) termsrv!DllMain
     1 e Disable Clear  74882b24  [d:srv03rtm ermsrvwinstaservericasrv.c @ 453]     0001 (0001) termsrv!ServiceMain
     2 e Disable Clear  74896bfb  [d:srv03rtm ermsrvwinstaservermisc.c @ 87]     0001 (0001) termsrv!InitializeSystemTrace
    23 e Disable Clear u             0001 (0001) (authui!WluirRequestCredentials)

0: kd> g
TERMSRV : Not Personal Workstation
rpcss is running.
KD: write to 0x74896BFB ok
Breakpoint 2 hit
termsrv!InitializeSystemTrace:
001b:74896bfb 55              push    ebp
0: kd> bp    ICAAPI!IcaOpen
0: kd> bp    termdd!IcaTraceFormat
0: kd> g
Breakpoint 3 hit
icaapi!IcaOpen:
001b:74461cd8 55              push    ebp
0: kd> gu
WINMM(p456:t460): ClientUpdatePnpInfo: warning: called in winlogon before logged on
Breakpoint 4 hit
termdd!IcaTraceFormat:
bac4b6ec 55              push    ebp
0: kd> kc
 #
00 termdd!IcaTraceFormat
01 termdd!IcaDeviceControlConnection
02 termdd!IcaDeviceControl
03 termdd!IcaDispatch
04 nt!IofCallDriver
05 nt!IopSynchronousServiceTail
06 nt!IopXxxControlFile
07 nt!NtDeviceIoControlFile
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a ntdll!NtDeviceIoControlFile
0b icaapi!IcaIoControl
0c icaapi!IcaTrace
0d icaapi!IcaOpen
0e termsrv!InitializeSystemTrace
0f termsrv!ServiceMain
10 svchost!ServiceStarter
11 advapi32!ScSvcctrlThreadA
12 kernel32!BaseThreadStart
0: kd> dv
     pTraceInfo = 0x8941dda0
     TraceClass = 2
    TraceEnable = 1
          pData = 0x007ff970 "TSAPI: IcaOpen, success."
         Buffer = char [256] "00"
            len = 0n-2100932
0: kd> dx -r1 ((termdd!_ICA_TRACE_INFO *)0x8941dda0)
((termdd!_ICA_TRACE_INFO *)0x8941dda0)                 : 0x8941dda0 [Type: _ICA_TRACE_INFO *]
    [+0x000] TraceClass       : 0x0 [Type: unsigned long]
    [+0x004] TraceEnable      : 0x0 [Type: unsigned long]
    [+0x008] fTraceDebugger   : 0x0 [Type: unsigned char]
    [+0x009] fTraceTimestamp  : 0x0 [Type: unsigned char]
    [+0x00c] pTraceFileName   : 0x0 [Type: unsigned short *]
    [+0x010] pTraceFileObject : 0x0 [Type: _FILE_OBJECT *]
    [+0x014] pDeferredTrace   : 0x0 [Type: _DEFERRED_TRACE *]
0: kd> kv
 # ChildEBP RetAddr  Args to Child              
00 f76368ec bac42fef 8941dda0 00000002 00000001 termdd!IcaTraceFormat (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtm ermsrvdrivers ermdd race.c @ 360]
01 f7636bf0 bac4399c 8941dd40 89844760 898447d0 termdd!IcaDeviceControlConnection+0x3f3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtm ermsrvdrivers ermddconnect.c @ 290]
02 f7636c04 bac443a3 89844760 898447d0 89850780 termdd!IcaDeviceControl+0x24 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtm ermsrvdrivers ermdddispatch.c @ 721]
03 f7636c20 80a2675c 89850780 00844760 80a03598 termdd!IcaDispatch+0x253 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtm ermsrvdrivers ermdddispatch.c @ 179]
04 f7636c3c 80c70bed 898447d0 8941deb8 89844760 nt!IofCallDriver+0x62 (FPO: [Non-Fpo]) (CONV: fastcall) [d:srv03rtmase tosioiomgriosubs.c @ 2237]
05 f7636c54 80c71b0d 89850780 89844760 8941deb8 nt!IopSynchronousServiceTail+0x159 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmase tosioiomgrinternal.c @ 7384]
06 f7636cf4 80c673aa 000005b8 00000000 00000000 nt!IopXxxControlFile+0x665 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmase tosioiomgrinternal.c @ 9076]
07 f7636d28 80afbcb2 000005b8 00000000 00000000 nt!NtDeviceIoControlFile+0x28 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmase tosioiomgrdevctrl.c @ 113]
08 f7636d28 7ffe0304 000005b8 00000000 00000000 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ f7636d64) (CONV: cdecl) [d:srv03rtmase toskei386 rap.asm @ 1328]
09 007ff900 77f2ee88 74461b6f 000005b8 00000000 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
0a 007ff904 74461b6f 000005b8 00000000 00000000 ntdll!NtDeviceIoControlFile+0xc (FPO: [10,0,0]) [d:srv03rtmase tdlldaytonaobji386usrstubs.asm @ 675]
0b 007ff940 74461cce 000005b8 00380007 007ff964 icaapi!IcaIoControl+0x27 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtm ermsrvicaapiicaapi.c @ 321]
0c 007ffa74 74461d02 000005b8 00000002 00000001 icaapi!IcaTrace+0x62 (FPO: [Non-Fpo]) (CONV: cdecl) [d:srv03rtm ermsrvicaapiicaapi.c @ 255]
0d 007ffa90 74896d4a 748b5008 00000004 00000000 icaapi!IcaOpen+0x2a (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtm ermsrvicaapiicaapi.c @ 107]
0e 007fff44 74882e19 00000464 77e5e963 77e662fd termsrv!InitializeSystemTrace+0x14f (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtm ermsrvwinstaservermisc.c @ 146]
0f 007fff6c 01002ed6 00000001 00084870 00000000 termsrv!ServiceMain+0x2f5 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtm ermsrvwinstaservericasrv.c @ 699]
10 007fffa4 77dc0bd4 00000001 00084870 00000000 svchost!ServiceStarter+0x132 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmasescregscsvchostsvchost.c @ 1049]
11 007fffb8 77e41be7 00084868 00000000 00000000 advapi32!ScSvcctrlThreadA+0x10 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmasescregscclientscapi.cxx @ 2760]
12 007fffec 00000000 77dc0bc4 00084868 00000000 kernel32!BaseThreadStart+0x34 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmasewin32clientsupport.c @ 533]
windbg> .open -a 74461d02
0: kd> ed 0x8941dda0 f
0: kd> ed 0x8941dda0+4 1
0: kd> ed 0x8941dda0+8 1


0: kd> gu
E172DD2C.E174FEA0 TSAPI: IcaOpen, success
termdd!IcaDeviceControlConnection+0x3f3:
bac42fef 56              push    esi


0: kd> x termsrv!htrace
748b5008          termsrv!hTrace = 0x000005b8


0: kd> x termsrv!htrace
748b5008          termsrv!hTrace = 0x000005b8
0: kd> g
E172DD2C.E174FEA0 ICADD: IcaDeviceControlConnection, fc 2 (enter)
WINMM(p456:t460): ClientUpdatePnpInfo: warning: called in winlogon before logged on
WINMM(p456:t460): ClientUpdatePnpInfo: warning: called in winlogon before logged on
WINMM(p456:t472): ClientUpdatePnpInfo: warning: called in winlogon before logged on
WINMM(p456:t472): ClientUpdatePnpInfo: warning: called in winlogon before logged on
E172DD2C.E174FEA0 ICADD: IcaDeviceControlConnection, fc 2, 0x0
TRACE: C:WINDOWSICADD.log, c:ffffffff, e:ffffffff d:1, Status=0x0
SysParams: MouseThrottle=4800, KbdThrottle=2400, Status=0x0
KD: write to 0x7489FA0C ok
03:42:32.234 898F787C.E1739108 TERMSRV: WinStation LPC Service Thread got a message
03:42:32.234 898F787C.E1739108 TERMSRV: WinStation LPC Service Thread got connection message
03:42:32.234 898F787C.E1739108 TERMSRV: WinStationLpcHandleConnectionRequest called
03:42:32.234 898F787C.E1739108 TERMSRV: WSTAPI: Creating View memory
03:42:32.234 898F787C.E1739108 TERMSRV: WSTAPI: Calling AcceptConnectPort, Accept 1
03:42:32.234 898F787C.E1739108 TERMSRV: pContext 000BFEE0, ConnectionRequest 00A8FEAC, info 00A8FEC4
03:42:32.250 898F787C.E1739108 TERMSRV: ViewBase 00B10000, ViewSize 0x2000, ViewRemoteBase 00B20000
03:42:32.250 898F787C.E1739108 TERMSRV: WSTAPI: Calling CompleteConnect port 000005CC
03:42:32.250 898F787C.E1739108 TERMSRV: WinStation LPC Connection Accepted, Logonid 0 pContext 000BFEE0 Status 0x0
03:42:32.250 E172DD2C.E174FEA0 TERMSRV: FindWinStationByName: Console, (not found)
03:42:32.250 E172DD2C.E174FEA0 TERMSRV: Creating WinStation Console
03:42:32.250 E172DD2C.E174FEA0 TERMSRV: StartWinStationDeviceAndStack, Console (LogonId=0)
TERMSRV: InitializeTrace: LogonId 0, fListen 0, Status=0x0
03:42:32.250 E172DD2C.E174FEA0 TermDD: IcaLockStack: 0x8979f9e0
03:42:32.250 E172DD2C.E174FEA0 TermDD: IcaUnlockStack: 0x8979f9e0
03:42:32.250 E172DD2C.E174FEA0 TermDD: IcaUnlockConnection: 0x898c3454
03:42:32.250 E172DD2C.E174FEA0 ICADD: IcaDeviceControlConnection, fc 0, 0x0
TRACE: C:WINDOWS.log, c:ffffffff, e:ffffffff d:1, Status=0x0
03:42:32.250 E172DD2C.E174FEA0 TERMSRV: StartWinStationDeviceAndStack, Status = 0x0
03:42:32.250 E172DD2C.E174FEA0 TERMSRV: WinStationStart, Console (LogonId=0)
03:42:32.250 E172DD2C.E174FEA0 TERMSRV: WinStationStart Subsys PID=432 InitialProg PID=456, Status=0x0
03:42:32.250 E172DD2C.E174FEA0 TERMSRV: WinStationCreateComplete, Console (LogonId=0)
03:42:32.250 E172DD2C.E174FEA0 TERMSRV: WinStationCreateComplete, Console (LogonId=0) Status = 0x0
03:42:32.250 E172DD2C.E174FEA0 InitializeLoadMetrics():
03:42:32.250 E172DD2C.E174FEA0    Processors [     2], PageSize  [  4096], Physical [524155]
03:42:32.250 E172DD2C.E174FEA0    PtesAvail  [197170], PagedUsed [  1968], Commit   [ 16384]
03:42:32.250 E172DD2C.E174FEA0 RPC WinStationInitRPC
03:42:32.250 E172DD2C.E174FEA0 TERMSRV: IN RegisterRPCInterface Reregister=0 OldSecure= 0 Secure=0
03:42:32.250 8979F93C.E13DA648 TERMSRV: TerminateThread, Waiting for initial command exit (ArraySize=1)
03:42:32.250 8988DF7C.E1676AE8 TERMSRV: QueueWinStationCreate: RDP-Tcp
03:42:32.250 8954BF7C.E17390F0 TERMSRV: WinStation LPC Service Thread got a message
03:42:32.250 8954BF7C.E17390F0 TERMSRV: WinStation LPC Service Thread got WinStationInternalCreate message
03:42:32.250 8954BF7C.E17390F0 TERMSRV: FindWinStationByName: RDP-Tcp, (not found)
03:42:32.250 8954BF7C.E17390F0 TERMSRV: Creating WinStation RDP-Tcp
03:42:32.265 E172DD2C.E174FEA0 TERMSRV: RpcServerRegisterAuthInfo OK!
03:42:32.265 E172DD2C.E174FEA0 TERMSRV: RpcServerRegisterIfEx OK!
03:42:32.265 8954BCFC.E17390D8 TERMSRV: WinStation LPC Service Thread got a message
03:42:32.265 8954BCFC.E17390D8 TERMSRV: WinStation LPC Service Thread got connection message
03:42:32.265 8954BCFC.E17390D8 TERMSRV: WinStationLpcHandleConnectionRequest called
03:42:32.265 8954BCFC.E17390D8 TERMSRV: WSTAPI: Creating View memory
03:42:32.265 8954BCFC.E17390D8 TERMSRV: WSTAPI: Calling AcceptConnectPort, Accept 1
03:42:32.265 8954BCFC.E17390D8 TERMSRV: pContext 000B49F8, ConnectionRequest 00B0FEAC, info 00B0FEC4
03:42:32.265 8954BCFC.E17390D8 TERMSRV: ViewBase 00D80000, ViewSize 0x2000, ViewRemoteBase 00DE0000
03:42:32.281 8954BCFC.E17390D8 TERMSRV: WSTAPI: Calling CompleteConnect port 00000754
03:42:32.281 8954BCFC.E17390D8 TERMSRV: WinStation LPC Connection Accepted, Logonid 0 pContext 000B49F8 Status 0x0
03:42:32.281 898F787C.E1739108 TERMSRV: WinStation LPC Service Thread got a message
03:42:32.281 898F787C.E1739108 TERMSRV: WinStation LPC Service Thread got WinStationGetSMCommand message
03:42:32.281 898F787C.E1739108 TERMSRV: WinStationGetSMCommand, LogonId=0
03:42:32.281 898F787C.E1739108 TERMSRV: WinStationGetSMCommand queue empty port 00000754
[SC] 1f8: PNP_SetActiveService failed 0x25 for service Eventlog
03:42:32.296 8954BF7C.E17390F0 TERMSRV: StartWinStationDeviceAndStack, RDP-Tcp (LogonId=65536)
TERMSRV: InitializeTrace: LogonId 65536, fListen 0, Status=0x0
03:42:32.296 8954BF7C.E17390F0 ICADD: IcaDeviceControlConnection, fc 0, 0x0
TRACE: C:WINDOWS65536.log, c:f, e:1 d:1, Status=0x0
03:42:32.296 8954BF7C.E17390F0 TERMSRV: StartWinStationDeviceAndStack, Status = 0x0
03:42:32.296 8954BF7C.E17390F0 TERMSRV: WinStationStart, RDP-Tcp (LogonId=65536)
03:42:32.296 8954BF7C.E17390F0 TERMSRV: WinStationStart Subsys PID=0 InitialProg PID=0, Status=0x0
03:42:32.296 8954BF7C.E17390F0 TERMSRV: WinStationCreateComplete, RDP-Tcp (LogonId=65536)
03:42:32.312 8954BF7C.E17390F0 TERMSRV: WinStationCreateComplete, RDP-Tcp (LogonId=65536) Status = 0x0
03:42:32.312 8954BF7C.E17390F0 TERMSRV: WinStationCreate, Status=0x0
03:42:32.312 8979F93C.E13DA648 TERMSRV: TerminateThread, WaitForMultipleObjects, rc=0
03:42:32.312 8979F93C.E13DA648 TERMSRV: TerminateThread, Waiting for initial command exit (ArraySize=1)
Breakpoint 5 hit
termsrv!FindWinStationExtensionDll:
001b:7489fa0c 55              push    ebp

0: kd> g
TERMSRV: FindWinStationExtensionDll(rdpwsx) succeeded
KD: write to 0x70FBE11D ok
Breakpoint 6 hit
rdpwsx!WsxInitialize:
001b:70fbe11d 55              push    ebp

0: kd> x rdpwsx!g_hIcaTrace
70fcfa18          rdpwsx!g_hIcaTrace = 0x00000000
0: kd> ed 70fcfa18 05b8
0: kd> x rdpwsx!g_hIcaTrace
70fcfa18          rdpwsx!g_hIcaTrace = 0x000005b8

免责声明:本文为用户发表,不代表网站立场,仅供参考,不构成引导等用途。 系统环境
相关推荐
vue的调色盘按钮
新手UI设计师必学的UI 交互动效制作准则
对话亲历者|鲁肃:我在支付宝“拧螺丝“的日子
Seo优化时,频繁的修改网站内容有没有影响?
“马”上新技能③ | 练好分腿腾跃横木马 你需要的秘笈都在这里
首页
搜索
订单
购物车
我的