Techwiki:Win32k/security

From ReactOS Wiki
Revision as of 22:47, 22 March 2015 by Smiley (talk | contribs)
Jump to: navigation, search

Calls from winlogon that initialize security in win32k

kd> kb ChildEBP RetAddr Args to Child f7ea6d40 80885614 0006f868 02000000 000000c4 win32k!NtUserCreateWindowStation f7ea6d40 7c82845c 0006f868 02000000 000000c4 nt!KiSystemServicePostCall 0006f828 77384086 77384025 0006f868 02000000 ntdll!KiFastSystemCallRet 0006fb74 77383e8e 0006fb8c 02000000 00000000 USER32!NtUserCreateWindowStation+0xc 0006fb94 01030c70 01012734 00000000 02000000 USER32!CreateWindowStationW+0x26 0006ff0c 010317db ffffffff 00000004 00000000 winlogon!CreatePrimaryTerminal+0x13e 0006ff50 0103e33b 01000000 00000000 000724e4 winlogon!WUNotify+0x1bd 0006fff4 00000000 7ffda000 000000c8 000001a6 winlogon!__report_gsfailure+0x267


kd> kb ChildEBP RetAddr Args to Child 0006fb64 010277ea 000000c8 0006fb8c 0007cf80 USER32!SetUserObjectSecurity 0006fb80 0102792a 0007ca70 00000004 000000c8 winlogon!AceListSetWinstaSecurity+0x30 0006fba0 01030c88 00020166 77e62f8d 77e42014 winlogon!InitializeWinstaSecurity+0x130 0006ff0c 010317db ffffffff 00000004 00000000 winlogon!CreatePrimaryTerminal+0x156 0006ff50 0103e33b 01000000 00000000 000724e4 winlogon!WUNotify+0x1bd 0006fff4 00000000 7ffda000 000000c8 000001c6 winlogon!__report_gsfailure+0x267 kd> dps esp 0006fb68 010277ea winlogon!AceListSetWinstaSecurity+0x30 0006fb6c 000000c8 0006fb70 0006fb8c 0006fb74 0007cf80 0006fb78 0007c090 0006fb7c 0007ca70 0006fb80 0006fba0 0006fb84 0102792a winlogon!InitializeWinstaSecurity+0x130


kd> kb ChildEBP RetAddr Args to Child f7ea6d48 80885614 0006fb3c 00000000 00000000 win32k!NtUserCreateDesktop f7ea6d48 7c82845c 0006fb3c 00000000 00000000 nt!KiSystemServicePostCall 0006fb1c 77384147 77384132 0006fb3c 00000000 ntdll!KiFastSystemCallRet 0006fb54 773840d0 0006fb7c 00000000 00000000 USER32!NtUserCreateDesktop+0xc 0006fb8c 01030ca1 01011ccc 00000000 00000000 USER32!CreateDesktopW+0x42 0006ff0c 010317db ffffffff 00000004 00000000 winlogon!CreatePrimaryTerminal+0x16f 0006ff50 0103e33b 01000000 00000000 000724e4 winlogon!WUNotify+0x1bd 0006fff4 00000000 7ffda000 000000c8 000001a6 winlogon!__report_gsfailure+0x267 kd> dps esp f7ea6d4c 80885614 nt!KiSystemServicePostCall f7ea6d50 0006fb3c f7ea6d54 00000000 f7ea6d58 00000000 f7ea6d5c 00000000 f7ea6d60 02000000 f7ea6d64 0006fb54 f7ea6d68 7c82845c ntdll!KiFastSystemCallRet


kd> kb ChildEBP RetAddr Args to Child f7ea6d48 80885614 0006fb3c 00000000 00000000 win32k!NtUserCreateDesktop f7ea6d48 7c82845c 0006fb3c 00000000 00000000 nt!KiSystemServicePostCall 0006fb1c 77384147 77384132 0006fb3c 00000000 ntdll!KiFastSystemCallRet 0006fb54 773840d0 0006fb7c 00000000 00000000 USER32!NtUserCreateDesktop+0xc 0006fb8c 01030cbc 01011cbc 00000000 00000000 USER32!CreateDesktopW+0x42 0006ff0c 010317db ffffffff 00000004 00000000 winlogon!CreatePrimaryTerminal+0x18a 0006ff50 0103e33b 01000000 00000000 000724e4 winlogon!WUNotify+0x1bd 0006fff4 00000000 7ffda000 000000c8 000001a6 winlogon!__report_gsfailure+0x267 kd> dps esp f7ea6d4c 80885614 nt!KiSystemServicePostCall f7ea6d50 0006fb3c f7ea6d54 00000000 f7ea6d58 00000000 f7ea6d5c 00000000 f7ea6d60 02000000 f7ea6d64 0006fb54 f7ea6d68 7c82845c ntdll!KiFastSystemCallRet


kd> kb ChildEBP RetAddr Args to Child 0006fb68 01027e5e 000000c0 0006fba8 0007cf60 USER32!SetUserObjectSecurity 0006fb9c 01030cd5 000000c0 00000004 77e62f8d winlogon!SetWinlogonDesktopSecurity+0x54 0006ff0c 010317db ffffffff 00000004 00000000 winlogon!CreatePrimaryTerminal+0x1a3 0006ff50 0103e33b 01000000 00000000 000724e4 winlogon!WUNotify+0x1bd 0006fff4 00000000 7ffda000 000000c8 000001c6 winlogon!__report_gsfailure+0x267 kd> dps esp 0006fb6c 01027e5e winlogon!SetWinlogonDesktopSecurity+0x54 0006fb70 000000c0 0006fb74 0006fba8 0006fb78 0007cf60 0006fb7c 02000000 0006fb80 0007c090 0006fb84 00079800 0006fb88 000f01ff 0006fb8c 0006ff00 0006fb90 00079e78 0006fb94 000f0040 0006fb98 00000004 0006fb9c 0006ff0c 0006fba0 01030cd5 winlogon!CreatePrimaryTerminal+0x1a3


kd> kb ChildEBP RetAddr Args to Child 0006fb48 01027f05 000000d0 0006fba8 0007cf40 USER32!SetUserObjectSecurity 0006fb98 01030ce4 000000d0 00000000 00000004 winlogon!SetUserDesktopSecurity+0x97 0006ff0c 010317db ffffffff 00000004 00000000 winlogon!CreatePrimaryTerminal+0x1b2 0006ff50 0103e33b 01000000 00000000 000724e4 winlogon!WUNotify+0x1bd 0006fff4 00000000 7ffda000 000000c8 000001c6 winlogon!__report_gsfailure+0x267 kd> dps esp 0006fb4c 01027f05 winlogon!SetUserDesktopSecurity+0x97 0006fb50 000000d0 0006fb54 0006fba8 0006fb58 0007cf40 0006fb5c 02000000 0006fb60 0007c090 0006fb64 00000000 0006fb68 00079800 0006fb6c 000f01ff 0006fb70 0006fb00 0006fb74 00079e78 0006fb78 200000c7 0006fb7c 02000000 0006fb80 0007aaf0 0006fb84 000f01ff 0006fb88 000f0100 0006fb8c 0006ff00 0006fb90 00079e78 0006fb94 000f0040 0006fb98 0006ff0c 0006fb9c 01030ce4 winlogon!CreatePrimaryTerminal+0x1b2


kd> kb ChildEBP RetAddr Args to Child 0006fe80 01027f05 000000d0 0006fee0 0007cf20 USER32!SetUserObjectSecurity 0006fed0 0102800a 000000d0 00079800 00000004 winlogon!SetUserDesktopSecurity+0x97 0006fef8 01031868 0007abc8 00000000 00000000 winlogon!SecurityChangeUser+0x51 0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x24a 0006fff4 00000000 7ffda000 000000c8 000001c6 winlogon!__report_gsfailure+0x267 kd> dps esp 0006fe84 01027f05 winlogon!SetUserDesktopSecurity+0x97 0006fe88 000000d0 0006fe8c 0006fee0 0006fe90 0007cf20 0006fe94 0007abc8 0006fe98 0007c090 0006fe9c 00000000 0006fea0 00079800 0006fea4 000f01ff 0006fea8 00000000 0006feac 00079e78 0006feb0 200000c7 0006feb4 0006ff00 0006feb8 0007aaf0 0006febc 000f01ff 0006fec0 ffffff00 0006fec4 00079800 0006fec8 000f01ff 0006fecc 00000000 0006fed0 0006fef8 0006fed4 0102800a winlogon!SecurityChangeUser+0x51



kd> kb ChildEBP RetAddr Args to Child f7ea6d54 80885614 00000000 00000000 0006fe9c win32k!NtUserUpdatePerUserSystemParameters f7ea6d54 7c82845c 00000000 00000000 0006fe9c nt!KiSystemServicePostCall 0006fe60 773850b2 77385078 00000000 00000000 ntdll!KiFastSystemCallRet 0006fe9c 0101eaa8 00000000 00000000 77e62409 USER32!NtUserUpdatePerUserSystemParameters+0xc 0006febc 0102daa4 0007abc8 00000000 0007abc8 winlogon!InitSystemParametersInfo+0x6d 0006fed8 0102806f 0007abc8 77e62f8d 77e42014 winlogon!ResetEnvironment+0xba 0006fef8 01031868 0007abc8 00000000 00000000 winlogon!SecurityChangeUser+0xb6 0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x24a 0006fff4 00000000 7ffda000 000000c8 000001a6 winlogon!__report_gsfailure+0x267


kd> kb ChildEBP RetAddr Args to Child f7ea6d4c 80885614 000000c8 0006fef0 00000000 win32k!NtUserSetWindowStationUser f7ea6d4c 7c82845c 000000c8 0006fef0 00000000 nt!KiSystemServicePostCall 0006feac 77384934 77384e9f 000000c8 0006fef0 ntdll!KiFastSystemCallRet 0006fecc 0102807e 000000c8 0006fef0 00000000 USER32!NtUserSetWindowStationUser+0xc 0006fef8 01031868 0007abc8 00000000 00000000 winlogon!SecurityChangeUser+0xc5 0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x24a 0006fff4 00000000 7ffda000 000000c8 000001a6 winlogon!__report_gsfailure+0x267 kd> dps esp f7ec6d50 80885614 nt!KiSystemServicePostCall f7ec6d54 000000c8 f7ec6d58 0006fef0 f7ec6d5c 00000000 f7ec6d60 00000000 f7ec6d64 0006fecc f7ec6d68 7c82845c ntdll!KiFastSystemCallRet


LOGIN HERE


kd> kb ChildEBP RetAddr Args to Child 0006f778 010277ea 000000c8 0006f7a0 00bbd908 USER32!SetUserObjectSecurity 0006f794 01027cbe 0007ca70 00000004 000000c8 winlogon!AceListSetWinstaSecurity+0x30 0006f84c 01027ff9 0007c090 00bb0f68 00000154 winlogon!AddUserToWinsta+0x154 0006f874 01035c5e 0007abc8 00000154 00000000 winlogon!SecurityChangeUser+0x40 0006fee4 01037887 0007abc8 77e62f8d 77e42014 winlogon!LogonAttempt+0x675 0006ff08 01031b33 0007abc8 ffffffff 00000004 winlogon!MainLoop+0x1dd 0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x515 0006fff4 00000000 7ffda000 000000c8 000001c6 winlogon!__report_gsfailure+0x267 kd> dps esp 0006f77c 010277ea winlogon!AceListSetWinstaSecurity+0x30 0006f780 000000c8 0006f784 0006f7a0 0006f788 00bbd908 0006f78c 0007c090 0006f790 00bbd368 0006f794 0006f84c 0006f798 01027cbe winlogon!AddUserToWinsta+0x154 0006f79c 0007ca70 0006f7a0 00000004 0006f7a4 000000c8 0006f7a8 0007abc8 0006f7ac 0007c090 0006f7b0 00000154 0006f7b4 00000024 0006f7b8 0da0b4a4 0006f7bc 00bbd368 0006f7c0 00bbd5d0 0006f7c4 0007c090 0006f7c8 0006f7d0 0006f7cc 00000000 0006f7d0 00000501 0006f7d4 05000000 0006f7d8 00000015 0006f7dc a3f04f18 0006f7e0 ea205f0e 0006f7e4 0ff25102 0006f7e8 000003eb 0006f7ec 00bb0a68 0006f7f0 00000000 0006f7f4 00070000 0006f7f8 00000000


kd> kb ChildEBP RetAddr Args to Child 0006f7fc 01027f05 000000d0 0006f85c 00bbd690 USER32!SetUserObjectSecurity 0006f84c 0102800a 000000d0 00bb0f68 00000004 winlogon!SetUserDesktopSecurity+0x97 0006f874 01035c5e 0007abc8 00000154 00000000 winlogon!SecurityChangeUser+0x51 0006fee4 01037887 0007abc8 77e62f8d 77e42014 winlogon!LogonAttempt+0x675 0006ff08 01031b33 0007abc8 ffffffff 00000004 winlogon!MainLoop+0x1dd 0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x515 0006fff4 00000000 7ffda000 000000c8 000001c6 winlogon!__report_gsfailure+0x267 kd> dps esp 0006f800 01027f05 winlogon!SetUserDesktopSecurity+0x97 0006f804 000000d0 0006f808 0006f85c 0006f80c 00bbd690 0006f810 0007abc8 0006f814 0007c090 0006f818 00000154 0006f81c 00079800 0006f820 000f01ff 0006f824 0006f800 0006f828 00079e78 0006f82c 200000c7 0006f830 0007c000 0006f834 0007aaf0 0006f838 000f01ff 0006f83c 0106e000 winlogon!_NULL_IMPORT_DESCRIPTOR+0x880 0006f840 00bb0f68 0006f844 000f01ff 0006f848 00007e00 0006f84c 0006f874 0006f850 0102800a winlogon!SecurityChangeUser+0x51



kd> kb ChildEBP RetAddr Args to Child f7ec6d54 80885614 00000154 00000001 0006e700 win32k!NtUserUpdatePerUserSystemParameters f7ec6d54 7c82845c 00000154 00000001 0006e700 nt!KiSystemServicePostCall 0006e6c4 773850b2 77385078 00000154 00000001 ntdll!KiFastSystemCallRet 0006e700 0101eaa8 00000154 00000001 0007c090 USER32!NtUserUpdatePerUserSystemParameters+0xc 0006e720 0102e1f5 0007abc8 00000001 77e62409 winlogon!InitSystemParametersInfo+0x6d 0006f884 0103603b 0007abc8 00000002 0007abc8 winlogon!SetupUserEnvironment+0x26a 0006fee4 01037887 0007abc8 77e62f8d 77e42014 winlogon!LogonAttempt+0x7b2 0006ff08 01031b33 0007abc8 ffffffff 00000004 winlogon!MainLoop+0x1dd 0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x515 0006fff4 00000000 7ffde000 000000c8 000001b1 winlogon!__report_gsfailure+0x267


kd> kb ChildEBP RetAddr Args to Child f7ec6d4c 80885614 000000c8 0007c148 00ba9db8 win32k!NtUserSetWindowStationUser f7ec6d4c 7c82845c 000000c8 0007c148 00ba9db8 nt!KiSystemServicePostCall 0006f858 77384934 77384e9f 000000c8 0007c148 ntdll!KiFastSystemCallRet 0006f878 01036073 000000c8 0007c148 00ba9db8 USER32!NtUserSetWindowStationUser+0xc 0006fee4 01037887 0007abc8 77e62f8d 77e42014 winlogon!LogonAttempt+0x7ea 0006ff08 01031b33 0007abc8 ffffffff 00000004 winlogon!MainLoop+0x1dd 0006ff50 0103e33b 0007abc8 00000000 000724e4 winlogon!WUNotify+0x515 0006fff4 00000000 7ffde000 000000c8 000001b1 winlogon!__report_gsfailure+0x267 kd> dps esp f7ec6d50 80885614 nt!KiSystemServicePostCall f7ec6d54 000000c8 f7ec6d58 0007c148 f7ec6d5c 00ba9db8 f7ec6d60 00000014 f7ec6d64 0006f878 f7ec6d68 7c82845c ntdll!KiFastSystemCallRet


END.