termsrv初始化分析

sitelist2025-10-03 17:28

0: kd> g

WINMM(p468:t472): ClientUpdatePnpInfo: warning: called in winlogon before logged on

WINMM(p468:t484): ClientUpdatePnpInfo: warning: called in winlogon before logged on

rpcss is running.

KD: write to 0x74882B24 ok

Breakpoint 3 hit

termsrv!ServiceMain:

001b:74882b24 55 push ebp

0: kd> kc

00 termsrv!ServiceMain

01 svchost!ServiceStarter

02 ADVAPI32!ScSvcctrlThreadA

03 kernel32!BaseThreadStart

0: kd> bl

0 e Disable Clear u 0001 (0001) (winlogon!winmain)

1 e Disable Clear 80d3a1c0 [d:\srv03rtm\base\ntos\ps\create.c @ 1070] 0001 (0001) nt!

PspCreateProcess

3 e Disable Clear 74882b24 [d:\srv03rtm\termsrv\winsta\server\icasrv.c @ 453] 0001

(0001) termsrv!ServiceMain

4 e Disable Clear 7488c3d3 [d:\srv03rtm\termsrv\winsta\server\winsta.c @ 991] 0001

(0001) termsrv!StartAllWinStations

5 e Disable Clear 7488b6c8 [d:\srv03rtm\termsrv\winsta\server\winsta.c @ 3712] 0001

(0001) termsrv!WinStationCreateWorker

0: kd> g

TERMSRV : Not Personal Workstation

KD: write to 0x7488C3D3 ok

Breakpoint 4 hit

termsrv!StartAllWinStations:

001b:7488c3d3 55 push ebp

1: kd> kc

00 termsrv!StartAllWinStations

01 termsrv!ServiceMain

02 svchost!ServiceStarter

03 ADVAPI32!ScSvcctrlThreadA

04 kernel32!BaseThreadStart

1: kd> g

KD: write to 0x7488B6C8 ok

Breakpoint 5 hit

termsrv!WinStationCreateWorker:

001b:7488b6c8 55 push ebp

1: kd> kc

00 termsrv!WinStationCreateWorker
01 termsrv!StartAllWinStations

02 termsrv!ServiceMain

03 svchost!ServiceStarter

04 ADVAPI32!ScSvcctrlThreadA

05 kernel32!BaseThreadStart

1: kd> g

Breakpoint 2 hit

termsrv!WinStationStart:

001b:7488b16e 55 push ebp

0: kd> kc

00 termsrv!WinStationStart

01 termsrv!WinStationCreateWorker

02 termsrv!StartAllWinStations

03 termsrv!ServiceMain

04 svchost!ServiceStarter

05 ADVAPI32!ScSvcctrlThreadA

06 kernel32!BaseThreadStart

0: kd> g

Breakpoint 5 hit

termsrv!WinStationCreateWorker:

001b:7488b6c8 55 push ebp

0: kd> kc

00 termsrv!WinStationCreateWorker

01 termsrv!WinStationInternalCreate

02 termsrv!WinStationLpcThread

03 kernel32!BaseThreadStart

0: kd> g

Breakpoint 2 hit

termsrv!WinStationStart:

001b:7488b16e 55 push ebp

0: kd> kc

00 termsrv!WinStationStart

01 termsrv!WinStationCreateWorker

02 termsrv!WinStationInternalCreate

03 termsrv!WinStationLpcThread

04 kernel32!BaseThreadStart

0: kd> g

KD: write to 0x7488AA11 ok

KD: write to 0x7488A984 ok

Breakpoint 6 hit

termsrv!WinStationConnectThread:

001b:7488aa11 55 push ebp

0: kd> kc

00 termsrv!WinStationConnectThread

01 kernel32!BaseThreadStart

热门推荐
01KGG转MP3工具|非KGM文件|解密音频02GitHub 镜像站点03UV安装并设置国内源04OpenSpeedy简介05jdk21下载、安装(Windows、Linux、macOS)0646个Nano-banana 精选提示词,持续更新中07Spec-Kit 使用指南08Linux下V2Ray安装配置指南09最新b站加密关键字段的逆向(视频和评论爬取)10阿里最新开源Wan2.2-Animate-14B 本地部署教程:统一双模态框架,MoE架构赋能电影级角色动画与替换