winlogon!WinMain+0x456:
001b:0057e5a9 8945e4 mov dword ptr [ebp-1Ch],eax
kd> p
winlogon!WinMain+0x459:
001b:0057e5ac 6860175700 push offset winlogon!WLEvt_CreatePrimaryTerminal_Stop (00571760)
kd> p
winlogon!WinMain+0x45e:
001b:0057e5b1 e875faffff call winlogon!WLEventWrite (0057e02b)
kd> p
winlogon!WinMain+0x463:
001b:0057e5b6 397de4 cmp dword ptr [ebp-1Ch],edi
kd> p
winlogon!WinMain+0x466:
001b:0057e5b9 742d je winlogon!WinMain+0x495 (0057e5e8)
kd> p
winlogon!WinMain+0x495:
001b:0057e5e8 c705604b5b000e000000 mov dword ptr [winlogon!g_WinlogonStage (005b4b60)],0Eh
kd> p
winlogon!WinMain+0x49f:
001b:0057e5f2 e8592a0000 call winlogon!CanRunSetup (00581050)
kd> p
winlogon!WinMain+0x4a4:
001b:0057e5f7 85c0 test eax,eax
kd> p
winlogon!WinMain+0x4a6:
001b:0057e5f9 7461 je winlogon!WinMain+0x509 (0057e65c)
kd> p
winlogon!WinMain+0x4a8:
001b:0057e5fb e8342a0000 call winlogon!IsSetup (00581034)
kd> p
winlogon!WinMain+0x4ad:
001b:0057e600 85c0 test eax,eax
kd> p
winlogon!WinMain+0x4af:
001b:0057e602 7458 je winlogon!WinMain+0x509 (0057e65c)
kd> p
winlogon!WinMain+0x509:
001b:0057e65c 57 push edi
kd> p
winlogon!WinMain+0x50a:
001b:0057e65d 6870165700 push offset winlogon!WLEvt_UpdatePerUserSystemParameters_Start (00571670)
kd> p
winlogon!WinMain+0x50f:
001b:0057e662 e8c9e3ffff call winlogon!WLEventWrite (0057ca30)
kd> p
winlogon!WinMain+0x514:
001b:0057e667 57 push edi
kd> p
winlogon!WinMain+0x515:
001b:0057e668 ff15e8125700 call dword ptr [winlogon!_imp__UpdatePerUserSystemParameters (005712e8)]
kd> p
winlogon!WinMain+0x51b:
001b:0057e66e 57 push edi
kd> p
winlogon!WinMain+0x51c:
001b:0057e66f 6880165700 push offset winlogon!WLEvt_UpdatePerUserSystemParameters_Stop (00571680)
kd> p
winlogon!WinMain+0x521:
001b:0057e674 e8b7e3ffff call winlogon!WLEventWrite (0057ca30)
kd> p
winlogon!WinMain+0x526:
001b:0057e679 c705604b5b000f000000 mov dword ptr [winlogon!g_WinlogonStage (005b4b60)],0Fh
kd> p
winlogon!WinMain+0x530:
001b:0057e683 a100475b00 mov eax,dword ptr [winlogon!xGlobalContext+0x8 (005b4700)]
kd> p
winlogon!WinMain+0x535:
001b:0057e688 397870 cmp dword ptr [eax+70h],edi
kd> p
winlogon!WinMain+0x538:
001b:0057e68b 0f84c8000000 je winlogon!WinMain+0x606 (0057e759)
kd> p
winlogon!WinMain+0x606:
001b:0057e759 8b0d00475b00 mov ecx,dword ptr [winlogon!xGlobalContext+0x8 (005b4700)]
kd> p
winlogon!WinMain+0x60c:
001b:0057e75f e825be0000 call winlogon!CSession::GetSessionType (0058a589)
kd> p
winlogon!WinMain+0x611:
001b:0057e764 83f801 cmp eax,1
kd> p
winlogon!WinMain+0x614:
001b:0057e767 740f je winlogon!WinMain+0x625 (0057e778)
kd> p
winlogon!WinMain+0x616:
001b:0057e769 e8e6d90200 call winlogon!BaseInitAppcompatCacheSupport (005ac154)
kd> p
winlogon!WinMain+0x61b:
001b:0057e76e c705604b5b0012000000 mov dword ptr [winlogon!g_WinlogonStage (005b4b60)],12h
kd> p
winlogon!WinMain+0x625:
001b:0057e778 e8d3280000 call winlogon!CanRunSetup (00581050)
kd> p
winlogon!WinMain+0x62a:
001b:0057e77d 85c0 test eax,eax
kd> p
winlogon!WinMain+0x62c:
001b:0057e77f 0f84cf010000 je winlogon!WinMain+0x801 (0057e954)
kd> p
winlogon!WinMain+0x632:
001b:0057e785 e8aa280000 call winlogon!IsSetup (00581034)
kd> p
winlogon!WinMain+0x637:
001b:0057e78a 85c0 test eax,eax
kd> p
winlogon!WinMain+0x639:
001b:0057e78c 0f84c2010000 je winlogon!WinMain+0x801 (0057e954)
kd> p
winlogon!WinMain+0x801:
001b:0057e954 8b0df8465b00 mov ecx,dword ptr [winlogon!xGlobalContext (005b46f8)]
kd> p
winlogon!WinMain+0x807:
001b:0057e95a e878db0000 call winlogon!CUser::GetUserSid (0058c4d7)
kd> p
winlogon!WinMain+0x80c:
001b:0057e95f 85c0 test eax,eax
kd> p
winlogon!WinMain+0x80e:
001b:0057e961 7565 jne winlogon!WinMain+0x875 (0057e9c8)
kd> p
winlogon!WinMain+0x810:
001b:0057e963 393d7c4b5b00 cmp dword ptr [winlogon!g_fWinPEMode (005b4b7c)],edi
kd> p
winlogon!WinMain+0x816:
001b:0057e969 755d jne winlogon!WinMain+0x875 (0057e9c8)
kd> p
winlogon!WinMain+0x818:
001b:0057e96b a100475b00 mov eax,dword ptr [winlogon!xGlobalContext+0x8 (005b4700)]
kd> p
winlogon!WinMain+0x81d:
001b:0057e970 397870 cmp dword ptr [eax+70h],edi
kd> p
winlogon!WinMain+0x820:
001b:0057e973 7453 je winlogon!WinMain+0x875 (0057e9c8)
kd> p
winlogon!WinMain+0x875:
001b:0057e9c8 c705604b5b0013000000 mov dword ptr [winlogon!g_WinlogonStage (005b4b60)],13h
kd> p
winlogon!WinMain+0x87f:
001b:0057e9d2 e892f4ffff call winlogon!RemoveTokenPrivileges (0057de69)
kd> p
winlogon!WinMain+0x884:
001b:0057e9d7 3bc7 cmp eax,edi
kd> p
winlogon!WinMain+0x886:
001b:0057e9d9 7d37 jge winlogon!WinMain+0x8bf (0057ea12)
kd> p
winlogon!WinMain+0x8bf:
001b:0057ea12 c705604b5b0014000000 mov dword ptr [winlogon!g_WinlogonStage (005b4b60)],14h
kd> p
winlogon!WinMain+0x8c9:
001b:0057ea1c 8b0df8465b00 mov ecx,dword ptr [winlogon!xGlobalContext (005b46f8)]
kd> p
winlogon!WinMain+0x8cf:
001b:0057ea22 e85cc90000 call winlogon!CGlobalStore::CreateLessPrivilegedToken (0058b383)
kd> p
winlogon!WinMain+0x8d4:
001b:0057ea27 8945e4 mov dword ptr [ebp-1Ch],eax
kd> p
winlogon!WinMain+0x8d7:
001b:0057ea2a 3bc7 cmp eax,edi
kd> p
winlogon!WinMain+0x8d9:
001b:0057ea2c 742b je winlogon!WinMain+0x906 (0057ea59)
kd> p
winlogon!WinMain+0x906:
001b:0057ea59 c705604b5b0015000000 mov dword ptr [winlogon!g_WinlogonStage (005b4b60)],15h
kd> p
winlogon!WinMain+0x910:
001b:0057ea63 68f8465b00 push offset winlogon!xGlobalContext (005b46f8)
kd> p
winlogon!WinMain+0x915:
001b:0057ea68 e827740100 call winlogon!WlAccessibilityOnBoot (00595e94)
kd> p
winlogon!WinMain+0x91a:
001b:0057ea6d 8945e4 mov dword ptr [ebp-1Ch],eax
kd> p
winlogon!WinMain+0x91d:
001b:0057ea70 3bc7 cmp eax,edi
kd> p
winlogon!WinMain+0x91f:
001b:0057ea72 7429 je winlogon!WinMain+0x94a (0057ea9d)
kd> p
winlogon!WinMain+0x94a:
001b:0057ea9d c705604b5b0016000000 mov dword ptr [winlogon!g_WinlogonStage (005b4b60)],16h
kd> p
winlogon!WinMain+0x954:
001b:0057eaa7 6870175700 push offset winlogon!WLEvt_StartLogonUI_Start (00571770)
kd> p
winlogon!WinMain+0x959:
001b:0057eaac e87af5ffff call winlogon!WLEventWrite (0057e02b)
kd> p
winlogon!WinMain+0x95e:
001b:0057eab1 68f8465b00 push offset winlogon!xGlobalContext (005b46f8)
kd> p
winlogon!WinMain+0x963:
001b:0057eab6 e8c2dbffff call winlogon!StartLogonUI (0057c67d)