Techwiki:Win32k/security

From ReactOS Wiki
Revision as of 23:14, 22 March 2015 by Preston (talk | contribs) (Calls from winlogon that initialize security in win32k)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Calls from winlogon that initialize security in win32k

kd> kb
ChildEBP RetAddr Args to Child
f7ea6d40 80885614 0006f868 02000000 000000c4 win32k!NtUserCreateWindowStation
f7ea6d40 7c82845c 0006f868 02000000 000000c4 nt!KiSystemServicePostCall
0006f828 77384086 77384025 0006f868 02000000 ntdll!KiFastSystemCallRet
0006fb74 77383e8e 0006fb8c 02000000 00000000 USER32!NtUserCreateWindowStation+0xc
0006fb94 01030c70 01012734 00000000 02000000 USER32!CreateWindowStationW+0x26
0006ff0c 010317db ffffffff 00000004 00000000 winlogon!CreatePrimaryTerminal+0x13e
0006ff50 0103e33b 01000000 00000000 000724e4 winlogon!WUNotify+0x1bd
0006fff4 00000000 7ffda000 000000c8 000001a6 winlogon!__report_gsfailure+0x267


kd> kb
ChildEBP RetAddr Args to Child
0006fb64 010277ea 000000c8 0006fb8c 0007cf80 USER32!SetUserObjectSecurity
0006fb80 0102792a 0007ca70 00000004 000000c8 winlogon!AceListSetWinstaSecurity+0x30
0006fba0 01030c88 00020166 77e62f8d 77e42014 winlogon!InitializeWinstaSecurity+0x130
0006ff0c 010317db ffffffff 00000004 00000000 winlogon!CreatePrimaryTerminal+0x156
0006ff50 0103e33b 01000000 00000000 000724e4 winlogon!WUNotify+0x1bd
0006fff4 00000000 7ffda000 000000c8 000001c6 winlogon!__report_gsfailure+0x267
kd> dps esp
0006fb68 010277ea winlogon!AceListSetWinstaSecurity+0x30
0006fb6c 000000c8
0006fb70 0006fb8c
0006fb74 0007cf80
0006fb78 0007c090
0006fb7c 0007ca70
0006fb80 0006fba0
0006fb84 0102792a winlogon!InitializeWinstaSecurity+0x130


kd> kb
ChildEBP RetAddr Args to Child
f7ea6d48 80885614 0006fb3c 00000000 00000000 win32k!NtUserCreateDesktop
f7ea6d48 7c82845c 0006fb3c 00000000 00000000 nt!KiSystemServicePostCall
0006fb1c 77384147 77384132 0006fb3c 00000000 ntdll!KiFastSystemCallRet
0006fb54 773840d0 0006fb7c 00000000 00000000 USER32!NtUserCreateDesktop+0xc
0006fb8c 01030ca1 01011ccc 00000000 00000000 USER32!CreateDesktopW+0x42
0006ff0c 010317db ffffffff 00000004 00000000 winlogon!CreatePrimaryTerminal+0x16f
0006ff50 0103e33b 01000000 00000000 000724e4 winlogon!WUNotify+0x1bd
0006fff4 00000000 7ffda000 000000c8 000001a6 winlogon!__report_gsfailure+0x267
kd> dps esp
f7ea6d4c 80885614 nt!KiSystemServicePostCall
f7ea6d50 0006fb3c
f7ea6d54 00000000
f7ea6d58 00000000
f7ea6d5c 00000000
f7ea6d60 02000000
f7ea6d64 0006fb54
f7ea6d68 7c82845c ntdll!KiFastSystemCallRet


kd> kb
ChildEBP RetAddr Args to Child
f7ea6d48 80885614 0006fb3c 00000000 00000000 win32k!NtUserCreateDesktop
f7ea6d48 7c82845c 0006fb3c 00000000 00000000 nt!KiSystemServicePostCall
0006fb1c 77384147 77384132 0006fb3c 00000000 ntdll!KiFastSystemCallRet
0006fb54 773840d0 0006fb7c 00000000 00000000 USER32!NtUserCreateDesktop+0xc
0006fb8c 01030cbc 01011cbc 00000000 00000000 USER32!CreateDesktopW+0x42
0006ff0c 010317db ffffffff 00000004 00000000 winlogon!CreatePrimaryTerminal+0x18a
0006ff50 0103e33b 01000000 00000000 000724e4 winlogon!WUNotify+0x1bd
0006fff4 00000000 7ffda000 000000c8 000001a6 winlogon!__report_gsfailure+0x267
kd> dps esp
f7ea6d4c 80885614 nt!KiSystemServicePostCall
f7ea6d50 0006fb3c
f7ea6d54 00000000
f7ea6d58 00000000
f7ea6d5c 00000000
f7ea6d60 02000000
f7ea6d64 0006fb54
f7ea6d68 7c82845c ntdll!KiFastSystemCallRet


kd> kb
ChildEBP RetAddr Args to Child
0006fb68 01027e5e 000000c0 0006fba8 0007cf60 USER32!SetUserObjectSecurity
0006fb9c 01030cd5 000000c0 00000004 77e62f8d winlogon!SetWinlogonDesktopSecurity+0x54
0006ff0c 010317db ffffffff 00000004 00000000 winlogon!CreatePrimaryTerminal+0x1a3
0006ff50 0103e33b 01000000 00000000 000724e4 winlogon!WUNotify+0x1bd
0006fff4 00000000 7ffda000 000000c8 000001c6 winlogon!__report_gsfailure+0x267
kd> dps esp
0006fb6c 01027e5e winlogon!SetWinlogonDesktopSecurity+0x54
0006fb70 000000c0
0006fb74 0006fba8
0006fb78 0007cf60
0006fb7c 02000000
0006fb80 0007c090
0006fb84 00079800
0006fb88 000f01ff
0006fb8c 0006ff00
0006fb90 00079e78
0006fb94 000f0040
0006fb98 00000004
0006fb9c 0006ff0c
0006fba0 01030cd5 winlogon!CreatePrimaryTerminal+0x1a3


kd> kb
ChildEBP RetAddr Args to Child
0006fb48 01027f05 000000d0 0006fba8 0007cf40 USER32!SetUserObjectSecurity
0006fb98 01030ce4 000000d0 00000000 00000004 winlogon!SetUserDesktopSecurity+0x97
0006ff0c 010317db ffffffff 00000004 00000000 winlogon!CreatePrimaryTerminal+0x1b2
0006ff50 0103e33b 01000000 00000000 000724e4 winlogon!WUNotify+0x1bd
0006fff4 00000000 7ffda000 000000c8 000001c6 winlogon!__report_gsfailure+0x267
kd> dps esp
0006fb4c 01027f05 winlogon!SetUserDesktopSecurity+0x97
0006fb50 000000d0
0006fb54 0006fba8
0006fb58 0007cf40
0006fb5c 02000000
0006fb60 0007c090
0006fb64 00000000
0006fb68 00079800
0006fb6c 000f01ff
0006fb70 0006fb00
0006fb74 00079e78
0006fb78 200000c7
0006fb7c 02000000
0006fb80 0007aaf0
0006fb84 000f01ff
0006fb88 000f0100
0006fb8c 0006ff00
0006fb90 00079e78
0006fb94 000f0040
0006fb98 0006ff0c
0006fb9c 01030ce4 winlogon!CreatePrimaryTerminal+0x1b2


kd> kb
ChildEBP RetAddr Args to Child
0006fe80 01027f05 000000d0 0006fee0 0007cf20 USER32!SetUserObjectSecurity
0006fed0 0102800a 000000d0 00079800 00000004 winlogon!SetUserDesktopSecurity+0x97
0006fef8 01031868 0007abc8 00000000 00000000 winlogon!SecurityChangeUser+0x51
0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x24a
0006fff4 00000000 7ffda000 000000c8 000001c6 winlogon!__report_gsfailure+0x267
kd> dps esp
0006fe84 01027f05 winlogon!SetUserDesktopSecurity+0x97
0006fe88 000000d0
0006fe8c 0006fee0
0006fe90 0007cf20
0006fe94 0007abc8
0006fe98 0007c090
0006fe9c 00000000
0006fea0 00079800
0006fea4 000f01ff
0006fea8 00000000
0006feac 00079e78
0006feb0 200000c7
0006feb4 0006ff00
0006feb8 0007aaf0
0006febc 000f01ff
0006fec0 ffffff00
0006fec4 00079800
0006fec8 000f01ff
0006fecc 00000000
0006fed0 0006fef8
0006fed4 0102800a winlogon!SecurityChangeUser+0x51


kd> kb
ChildEBP RetAddr Args to Child
f7ea6d54 80885614 00000000 00000000 0006fe9c win32k!NtUserUpdatePerUserSystemParameters
f7ea6d54 7c82845c 00000000 00000000 0006fe9c nt!KiSystemServicePostCall
0006fe60 773850b2 77385078 00000000 00000000 ntdll!KiFastSystemCallRet
0006fe9c 0101eaa8 00000000 00000000 77e62409 USER32!NtUserUpdatePerUserSystemParameters+0xc
0006febc 0102daa4 0007abc8 00000000 0007abc8 winlogon!InitSystemParametersInfo+0x6d
0006fed8 0102806f 0007abc8 77e62f8d 77e42014 winlogon!ResetEnvironment+0xba
0006fef8 01031868 0007abc8 00000000 00000000 winlogon!SecurityChangeUser+0xb6
0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x24a
0006fff4 00000000 7ffda000 000000c8 000001a6 winlogon!__report_gsfailure+0x267


kd> kb
ChildEBP RetAddr Args to Child
f7ea6d4c 80885614 000000c8 0006fef0 00000000 win32k!NtUserSetWindowStationUser
f7ea6d4c 7c82845c 000000c8 0006fef0 00000000 nt!KiSystemServicePostCall
0006feac 77384934 77384e9f 000000c8 0006fef0 ntdll!KiFastSystemCallRet
0006fecc 0102807e 000000c8 0006fef0 00000000 USER32!NtUserSetWindowStationUser+0xc
0006fef8 01031868 0007abc8 00000000 00000000 winlogon!SecurityChangeUser+0xc5
0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x24a
0006fff4 00000000 7ffda000 000000c8 000001a6 winlogon!__report_gsfailure+0x267
kd> dps esp
f7ec6d50 80885614 nt!KiSystemServicePostCall
f7ec6d54 000000c8
f7ec6d58 0006fef0
f7ec6d5c 00000000
f7ec6d60 00000000
f7ec6d64 0006fecc
f7ec6d68 7c82845c ntdll!KiFastSystemCallRet


-----------------------
 LOGIN HERE
-----------------------
kd> kb
ChildEBP RetAddr Args to Child
0006f778 010277ea 000000c8 0006f7a0 00bbd908 USER32!SetUserObjectSecurity
0006f794 01027cbe 0007ca70 00000004 000000c8 winlogon!AceListSetWinstaSecurity+0x30
0006f84c 01027ff9 0007c090 00bb0f68 00000154 winlogon!AddUserToWinsta+0x154
0006f874 01035c5e 0007abc8 00000154 00000000 winlogon!SecurityChangeUser+0x40
0006fee4 01037887 0007abc8 77e62f8d 77e42014 winlogon!LogonAttempt+0x675
0006ff08 01031b33 0007abc8 ffffffff 00000004 winlogon!MainLoop+0x1dd
0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x515
0006fff4 00000000 7ffda000 000000c8 000001c6 winlogon!__report_gsfailure+0x267
kd> dps esp
0006f77c 010277ea winlogon!AceListSetWinstaSecurity+0x30
0006f780 000000c8
0006f784 0006f7a0
0006f788 00bbd908
0006f78c 0007c090
0006f790 00bbd368
0006f794 0006f84c
0006f798 01027cbe winlogon!AddUserToWinsta+0x154
0006f79c 0007ca70
0006f7a0 00000004
0006f7a4 000000c8
0006f7a8 0007abc8
0006f7ac 0007c090
0006f7b0 00000154
0006f7b4 00000024
0006f7b8 0da0b4a4
0006f7bc 00bbd368
0006f7c0 00bbd5d0
0006f7c4 0007c090
0006f7c8 0006f7d0
0006f7cc 00000000
0006f7d0 00000501
0006f7d4 05000000
0006f7d8 00000015
0006f7dc a3f04f18
0006f7e0 ea205f0e
0006f7e4 0ff25102
0006f7e8 000003eb
0006f7ec 00bb0a68
0006f7f0 00000000
0006f7f4 00070000
0006f7f8 00000000


kd> kb
ChildEBP RetAddr Args to Child
0006f7fc 01027f05 000000d0 0006f85c 00bbd690 USER32!SetUserObjectSecurity
0006f84c 0102800a 000000d0 00bb0f68 00000004 winlogon!SetUserDesktopSecurity+0x97
0006f874 01035c5e 0007abc8 00000154 00000000 winlogon!SecurityChangeUser+0x51
0006fee4 01037887 0007abc8 77e62f8d 77e42014 winlogon!LogonAttempt+0x675
0006ff08 01031b33 0007abc8 ffffffff 00000004 winlogon!MainLoop+0x1dd
0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x515
0006fff4 00000000 7ffda000 000000c8 000001c6 winlogon!__report_gsfailure+0x267
kd> dps esp
0006f800 01027f05 winlogon!SetUserDesktopSecurity+0x97
0006f804 000000d0
0006f808 0006f85c
0006f80c 00bbd690
0006f810 0007abc8
0006f814 0007c090
0006f818 00000154
0006f81c 00079800
0006f820 000f01ff
0006f824 0006f800
0006f828 00079e78
0006f82c 200000c7
0006f830 0007c000
0006f834 0007aaf0
0006f838 000f01ff
0006f83c 0106e000 winlogon!_NULL_IMPORT_DESCRIPTOR+0x880
0006f840 00bb0f68
0006f844 000f01ff
0006f848 00007e00
0006f84c 0006f874
0006f850 0102800a winlogon!SecurityChangeUser+0x51


kd> kb
ChildEBP RetAddr Args to Child
f7ec6d54 80885614 00000154 00000001 0006e700 win32k!NtUserUpdatePerUserSystemParameters
f7ec6d54 7c82845c 00000154 00000001 0006e700 nt!KiSystemServicePostCall
0006e6c4 773850b2 77385078 00000154 00000001 ntdll!KiFastSystemCallRet
0006e700 0101eaa8 00000154 00000001 0007c090 USER32!NtUserUpdatePerUserSystemParameters+0xc
0006e720 0102e1f5 0007abc8 00000001 77e62409 winlogon!InitSystemParametersInfo+0x6d
0006f884 0103603b 0007abc8 00000002 0007abc8 winlogon!SetupUserEnvironment+0x26a
0006fee4 01037887 0007abc8 77e62f8d 77e42014 winlogon!LogonAttempt+0x7b2
0006ff08 01031b33 0007abc8 ffffffff 00000004 winlogon!MainLoop+0x1dd
0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x515
0006fff4 00000000 7ffde000 000000c8 000001b1 winlogon!__report_gsfailure+0x267


kd> kb
ChildEBP RetAddr Args to Child
f7ec6d4c 80885614 000000c8 0007c148 00ba9db8 win32k!NtUserSetWindowStationUser
f7ec6d4c 7c82845c 000000c8 0007c148 00ba9db8 nt!KiSystemServicePostCall
0006f858 77384934 77384e9f 000000c8 0007c148 ntdll!KiFastSystemCallRet
0006f878 01036073 000000c8 0007c148 00ba9db8 USER32!NtUserSetWindowStationUser+0xc
0006fee4 01037887 0007abc8 77e62f8d 77e42014 winlogon!LogonAttempt+0x7ea
0006ff08 01031b33 0007abc8 ffffffff 00000004 winlogon!MainLoop+0x1dd
0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x515
0006fff4 00000000 7ffde000 000000c8 000001b1 winlogon!__report_gsfailure+0x267
kd> dps esp
f7ec6d50 80885614 nt!KiSystemServicePostCall
f7ec6d54 000000c8
f7ec6d58 0007c148
f7ec6d5c 00ba9db8
f7ec6d60 00000014
f7ec6d64 0006f878
f7ec6d68 7c82845c ntdll!KiFastSystemCallRet
-----------------------
END.