从RDPDD!DrvEscape到RDPWD!ShareClass::UPSendOrders

sitelist2025-10-28 16:03

从RDPDD!DrvEscape到RDPWD!ShareClass::UPSendOrders

Breakpoint 7 hit

RDPWD!ShareClass::UPSendOrders+0x643:

b9eb3bf3 8945e4 mov dword ptr [ebp-1Ch],eax

0: kd> kc

00 RDPWD!ShareClass::UPSendOrders
01 RDPWD!ShareClass::UP_SendUpdates
02 RDPWD!ShareClass::DCS_TimeToDoStuff
03 RDPWD!WD_Ioctl

04 termdd!_IcaCallSd

05 termdd!_IcaCallStack

06 termdd!IcaCallDriver

07 termdd!IcaDeviceControlVirtual

08 termdd!IcaDeviceControlChannel

09 termdd!IcaDeviceControl

0a termdd!IcaDispatch

0b nt!IofCallDriver

0c win32k!CtxDeviceIoControlFile

0d win32k!EngFileIoControl
0e RDPDD!SCH_DDOutputAvailable
0f RDPDD!DrvEscape
10 win32k!HDXDrvEscape

11 win32k!RawInputThread

12 win32k!xxxCreateSystemThreads

13 win32k!NtUserCallOneParam

14 nt!_KiSystemService

15 SharedUserData!SystemCallStub

16 winsrv!NtUserCallOneParam

0: kd> kv

ChildEBP RetAddr Args to Child

00 b91d054c b9eb2e6b edbe7a90 b91d0594 b9ec4144 RDPWD!ShareClass::UPSendOrders+0x643 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\rdp\rdpwd\aupint.cpp @ 214]

01 b91d0570 b9e9d096 edbe7a90 bc640000 00000780 RDPWD!ShareClass::UP_SendUpdates+0x16b (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\rdp\rdpwd\aupapi.cpp @ 140]

02 b91d05c4 b9e62bfc edbe7a90 b91d09c8 b91d09f4 RDPWD!ShareClass::DCS_TimeToDoStuff+0x1a6 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\rdp\rdpwd\adcsapi.cpp @ 321]

03 b91d07b0 bac481f2 edbec010 b91d0844 89081020 RDPWD!WD_Ioctl+0x54c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\rdp\rdpwd\nwdwcpp.cpp @ 327]

04 b91d07c8 bac48b30 896eefa0 00000005 b91d0844 termdd!_IcaCallSd+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\stack.c @ 2690]

05 b91d07e4 bac49b66 89081020 00000005 b91d0844 termdd!_IcaCallStack+0x48 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\stack.c @ 2490]

06 b91d0808 bac4b230 89097418 00000005 b91d0844 termdd!IcaCallDriver+0x94 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\stack.c @ 1204]

07 b91d0898 bac40fed 89097418 8958d7c0 8958d830 termdd!IcaDeviceControlVirtual+0x374 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\virtual.c @ 281]

08 b91d08f4 bac4399c 89097418 8958d7c0 8958d830 termdd!IcaDeviceControlChannel+0x263 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\channel.c @ 1113]

09 b91d0908 bac443a3 8958d7c0 8958d830 898aaf10 termdd!IcaDeviceControl+0x24 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\dispatch.c @ 721]

0a b91d0924 80a2675c 898aaf10 0058d7c0 8907f6b8 termdd!IcaDispatch+0x253 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\dispatch.c @ 179]

0b b91d0940 bf98dd1c 00000000 00000000 8966cd58 nt!IofCallDriver+0x62 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\io\iomgr\iosubs.c @ 2237]

0c b91d0954 bf91de63 8907f6b8 0038144f b91d09c8 win32k!CtxDeviceIoControlFile+0x99 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntgdi\gre\muio.c @ 344]

0d b91d098c bff3832f 8907f6b8 0038144f b91d09c8 win32k!EngFileIoControl+0x25 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntgdi\gre\helpers.cxx @ 91]

0e b91d09fc bff435a0 edc20028 00000001 8966cd58 RDPDD!SCH_DDOutputAvailable+0xdf (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\rdp\rdpdd\nschdisp.c @ 191]

0f b91d0a88 bf968192 edc32e90 00000001 00000000 RDPDD!DrvEscape+0xc0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\rdp\rdpdd\nddapi.c @ 1058]

10 b91d0ab0 bf891d7c edc34018 00000001 00000000 win32k!HDXDrvEscape+0x9f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntgdi\gre\misc.cxx @ 176]

11 b91d0d1c bf8b21b0 00000006 00000002 b91d0d48 win32k!RawInputThread+0x8d1 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6429]

12 b91d0d2c bf806d52 b92004a0 b91d0d58 0095fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]

13 b91d0d48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]

14 b91d0d48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ b91d0d64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]

15 0095ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])

16 0095ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]

windbg> .open -a ffffffffbff3832f

0: kd> ?513

Evaluate expression: 1299 = 00000513

/****************************************************************************/

/* IOCTL_WDTS_DD_OUTPUT_AVAILABLE carries */

/* - TSHARE_DD_OUTPUT_IN as input data */

/* - TSHARE_DD_OUTPUT_OUT as output data */

/****************************************************************************/

#define IOCTL_WDTS_DD_OUTPUT_AVAILABLE \

_ICA_CTL_CODE( 0x513, METHOD_NEITHER )

0038144f

1 0100 0100 1111

1 0100 0100 11

1 01 00 01 00 11

513正确

NTSTATUS

IcaDispatch (

IN PDEVICE_OBJECT DeviceObject,

IN PIRP Irp

)

{

case IRP_MJ_DEVICE_CONTROL:

saveIrql = KeGetCurrentIrql();

Status = IcaDeviceControl( Irp, irpSp );

ASSERT( KeGetCurrentIrql( ) == saveIrql );

Irp->IoStatus.Status = Status;

IoCompleteRequest( Irp, IcaPriorityBoost );

return( Status );

NTSTATUS IcaDeviceControlChannel(

IN PICA_CHANNEL pChannel,

IN PIRP Irp,

IN PIO_STACK_LOCATION IrpSp)

{

case Channel_Virtual :

Status = IcaDeviceControlVirtual( pChannel, Irp, IrpSp );

break;

NTSTATUS

IcaDeviceControlVirtual(

IN PICA_CHANNEL pChannel,

IN PIRP Irp,

IN PIO_STACK_LOCATION IrpSp

)

{

/*

* Send request to WD

*/

SdIoctl.IoControlCode = code;

SdIoctl.OutputBuffer = pUserBuffer;

SdIoctl.OutputBufferLength = IrpSp->Parameters.DeviceIoControl.OutputBufferLength;

Status = IcaCallDriver( pChannel, SD$IOCTL, &SdIoctl );

NTSTATUS

IcaCallDriver(

IN PICA_CHANNEL pChannel,

IN ULONG ProcIndex,

IN PVOID pParms

)

{

if ( !(pStack->fIoDisabled ||

pStack->StackClass == Stack_Shadow &&

!(pChannel->Flags & CHANNEL_SHADOW_IO) ||

(pChannel->pConnect->fPassthruEnabled &&

pStack->StackClass == Stack_Passthru)) ) {

Status = _IcaCallStack( pStack, ProcIndex, pParms );

}

}

}

NTSTATUS

_IcaCallStack(

IN PICA_STACK pStack,

IN ULONG ProcIndex,

IN OUT PVOID pParms

)

{

ASSERT( pSdLink->pStack == pStack );

Status = _IcaCallSd( pSdLink, ProcIndex, pParms );

/****************************************************************************/

// WD_Ioctl

//

// Query/Set configuration information for the WD.

/****************************************************************************/

NTSTATUS WD_Ioctl(PTSHARE_WD pTSWd, PSD_IOCTL pSdIoctl)

{

NTSTATUS status = STATUS_SUCCESS;

UINT32 bufferLen;

unsigned fn;

PVIDEO_MODE_INFORMATION pVidInfo;

DC_BEGIN_FN("WD_Ioctl");

// Check if the framebuffer is valid

if (pOutputIn->pFrameBuf != NULL &&

pOutputIn->frameBufHeight != 0 &&

pOutputIn->frameBufWidth != 0) {

// For normal output IOCTLs, call DCS_TTDS.

if (!pOutputIn->schedOnly) {

TRC_DBG((TB, "Normal output"));

// Stop the timer (in the main we don't use it, so

// avoid excess context switches).

WDWStopRITTimer(pTSWd);

// Call the Share Core to do the work.

// need to return status code so caller can bail out

// in case of error

status = dcShare->DCS_TimeToDoStuff(pOutputIn,

&(pOutputOut->schCurrentMode), &milliSecs);

NTSTATUS RDPCALL SHCLASS DCS_TimeToDoStuff(PTSHARE_DD_OUTPUT_IN pOutputIn,

PUINT32 pSchCurrentMode,

PINT32 pNextTimer)

{

//

// *** Keep the code path but still return status code ***

//

status = UP_SendUpdates(pOutputIn->pFrameBuf, pOutputIn->frameBufWidth,

&pkgInfo);

/****************************************************************************/

// UP_SendUpdates

//

// Tries to send orders and bitmap data.

/****************************************************************************/

NTSTATUS RDPCALL SHCLASS UP_SendUpdates(

BYTE *pFrameBuf,

UINT32 frameBufWidth,

PPDU_PACKAGE_INFO pPkgInfo)

{

#ifdef DC_HICOLOR

// test for hi color will avoid call into PM

if ((m_pTSWd->desktopBpp > 8) ||

PM_MaybeSendPalettePacket(pPkgInfo))

#else

if (PM_MaybeSendPalettePacket(pPkgInfo))

#endif

{

status = UPSendOrders(pPkgInfo);

NTSTATUS RDPCALL SHCLASS UPSendOrders(PPDU_PACKAGE_INFO pPkgInfo)

{

// Keep sending packets while there are some orders to do.

while (cbOrderBytesRemaining > 0) {

// Loop in case we need to use multiple packing sizes.

for (;;) {

// The encoded orders must not exceed the packing buffer

// bounds.

TRC_ASSERT(((pPkgInfo->cbInUse + (unsigned)ScaledSpaceAvail +

upUpdateHdrSize) <= pPkgInfo->cbLen),

(TB,"Target ScaledSpaceAvail %d exceeds the "

"encoding buffer - cbInUse=%u, cbLen=%u, "

"upHdrSize=%u",

ScaledSpaceAvail, pPkgInfo->cbInUse,

pPkgInfo->cbLen, upUpdateHdrSize));

// Transfer as many orders into the packet as will fit.

cbOrderBytes = (unsigned)ScaledSpaceAvail;

cbOrderBytesRemaining = UPFetchOrdersIntoBuffer(

pOrderBuffer, &NumOrders, &cbOrderBytes);

API FUNCTION: DCS_TimeToDoStuff

This function is called to send updates etc in the correct order.

PARAMETERS: IN - pOutputIn - input from TShareDD

OUT - pSchCurrentMode - current Scheduler mode

RETURNS: Millisecs to set the timer for (-1 means infinite).

Scheduling is the responsibility of the WDW, DD and SCH components.

These ensure that DCS_TimeToDoStuff() gets called. The Scheduler is in

one of three states: asleep, normal or turbo. When it is asleep, this

function is not called. When it is in normal mode, this function is

called at least once, but the scheduler is a lazy guy, so will fall

asleep again unless you keep prodding him. In turbo mode this function

is called repeatedly and rapidly, but only for a relatively short time,

after which the scheduler falls back into normal mode, and from there

falls asleep.

Hence when a component realises it has some processing to do later,

which is called from DCS_TimeToDoStuff(), it calls

SCH_ContinueScheduling(SCH_MODE_NORMAL) which guarantees that this

function will be called at least one more time. If the component wants

DCS_TimeToDoStuff() to be called again, it must make another call to

SCH_ContinueScheduling(), which prods the Scheduler again.

The objective is to only keep the scheduler awake when it is really

necessary.

调用此函数是为了按正确顺序发送更新等内容。

参数:IN - pOutputIn - 来自TShareDD的输入

输出 - pSchCurrentMode - 当前调度器模式

返回值:设置计时器的毫秒数(-1表示无限期)。

调度是WDW、DD和SCH组件的职责。

这些确保了DCS_TimeToDoStuff()函数被调用。

调度器位于

三种状态之一:休眠、正常或加速。当它处于休眠状态时,这

函数未被调用。

当它处于正常模式时,此函数是

至少被调用了一次,但调度器是个懒惰的家伙,

所以会失败

除非你一直刺激他,否则他就会再次入睡。在涡轮模式下,

此功能

它被反复且快速地调用,但仅持续相对较短的时间,

之后,调度器会退回到正常模式,并从该模式开始

睡着了。

因此,当一个组件意识到它稍后有处理工作要做时,

它是由DCS_TimeToDoStuff()函数调用的,

该函数会调用它

调用 SCH_ContinueScheduling(SCH_MODE_NORMAL) 可确保这一点

该函数至少还会被调用一次。

如果组件需要

若要再次调用DCS_TimeToDoStuff(),则必须再次调用

SCH_ContinueScheduling(),该函数会再次触发调度器。

目标是在调度器真正需要时才保持其唤醒状态

必要的。

调试记录:

Breakpoint 10 hit

RDPDD!DrvEscape:

bff434e0 55 push ebp

1: kd> kc

00 RDPDD!DrvEscape

01 win32k!HDXDrvEscape

02 win32k!RawInputThread

03 win32k!xxxCreateSystemThreads

04 win32k!NtUserCallOneParam

05 nt!_KiSystemService

06 SharedUserData!SystemCallStub

07 winsrv!NtUserCallOneParam

1: kd> dv

pso = 0xe19cd028

iEsc = 1

cjIn = 0

pvIn = 0x00000000

cjOut = 0

pvOut = 0x00000000

pPDev = 0x895bd270

trc_fn = 0x80a44126 "_^???"

trc_file = 0xffdff120 "???"

status = 0n-1990471056

timerInfo = struct tagTSHARE_DD_TIMER_INFO

outputIn = struct tagTSHARE_DD_OUTPUT_IN

bytesReturned = 0

escCode = 0xbff434e0

__fnname = char [10] "DrvEscape"

rc = 8

1: kd> g

22:26:30.234 895BD44C.00000000 TermDD: IcaDeviceControlChannel, fc 1299, ref 1 (enter)

22:26:30.234 895BD44C.00000000 ICADD: IcaDeviceControlVirtual, fc 1299, ref 1 (enter)

22:26:30.250 895BD44C.00000000 RDP E1511010 WD_Ioctl 0296 IOCTL_WDTS_DD_OUTPUT_AVAILABLE

22:26:30.250 895BD44C.00000000 RDP E1511010 WD_Ioctl 0299 OK to process the IOCtl

22:26:30.250 895BD44C.00000000 RDP E1511010 WD_Ioctl 0307 OutputAvailable IOCtl: force send=1

22:26:30.250 895BD44C.00000000 RDP E1511010 WD_Ioctl 0316 Normal output

22:26:30.250 895BD44C.00000000 RDP E1511010 IM_CheckUpda 0826 No move since last time through

22:26:30.250 895BD44C.00000000 RDP E1511010 DCS_TimeToDo 0315 Send updates

22:26:30.250 895BD44C.00000000 RDP E1511010 UP_SendUpdat 0111 New set of updates

22:26:30.250 895BD44C.00000000 RDP E1511010 SCH_Continue 0146 Continue scheduling (Asleep) -> (Normal), InTTDS(1)

22:26:30.250 895BD44C.00000000 RDP E1511010 UPSendOrders 0067 3272 order bytes to fetch

22:26:30.250 895BD44C.00000000 RDP E1511010 UPFetchOrder 0402 First order: EDE3F310

22:26:30.250 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F310, len 11

22:26:30.250 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F310)

22:26:30.250 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F334, len 13

22:26:30.250 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F334)

22:26:30.250 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F358, len 10

22:26:30.250 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F358)

22:26:30.250 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F37C, len 10

22:26:30.250 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F37C)

22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F3A0, len 8

22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F3A0)

22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F3C4, len 12

22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F3C4)

22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F3E8, len 10

22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F3E8)

22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F40C, len 10

22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F40C)

22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F430, len 8

22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F430)

22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F454, len 10

22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F454)

22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F478, len 8

22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F478)

22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F49C, len 6

22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F49C)

22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F4C0, len 10

22:26:30.281 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F4C0)

22:26:30.296 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F4E4, len 10

22:26:30.312 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F4E4)

22:26:30.328 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F508, len 6

22:26:30.328 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F508)

22:26:30.328 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F52C, len 51

22:26:30.328 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F52C)

22:26:30.328 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F578, len 53

22:26:30.328 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F578)

22:26:30.328 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F5D0, len 219

22:26:30.328 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F5D0)

22:26:30.328 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F6C0, len 20

22:26:30.343 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F6C0)

22:26:30.343 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F6EC, len 375

22:26:30.343 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F6EC)

22:26:30.343 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F878, len 5

22:26:30.343 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F878)

22:26:30.359 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F8A4, len 281

22:26:30.375 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F8A4)

22:26:30.375 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F9D4, len 3

22:26:30.375 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F9D4)

22:26:30.375 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FA00, len 118

22:26:30.390 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FA00)

22:26:30.406 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FA8C, len 3

22:26:30.406 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FA8C)

22:26:30.406 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FAB8, len 320

22:26:30.406 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FAB8)

22:26:30.406 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FC0C, len 3

22:26:30.406 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FC0C)

22:26:30.406 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FC38, len 342

22:26:30.406 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FC38)

22:26:30.406 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FDA4, len 3

22:26:30.406 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FDA4)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FDD0, len 66

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FDD0)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FE28, len 4

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FE28)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FE54, len 15

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FE54)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FE80, len 6

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FE80)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FEAC, len 6

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FEAC)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FED8, len 6

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FED8)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FF04, len 6

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FF04)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FF30, len 6

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FF30)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FF5C, len 7

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FF5C)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FF88, len 13

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FF88)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FFB4, len 6

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FFB4)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FFE0, len 6

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FFE0)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE4000C, len 6

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE4000C)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40038, len 6

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40038)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40064, len 6

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40064)

22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40090, len 7

22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40090)

22:26:30.437 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE400BC, len 7

22:26:30.453 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE400BC)

22:26:30.468 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE400E0, len 10

22:26:30.484 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE400E0)

22:26:30.500 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40104, len 51

22:26:30.515 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40104)

22:26:30.515 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40150, len 42

22:26:30.515 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40150)

22:26:30.515 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE4019C, len 8

22:26:30.515 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE4019C)

22:26:30.531 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE401C0, len 12

22:26:30.531 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE401C0)

22:26:30.531 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE401E4, len 10

22:26:30.531 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE401E4)

22:26:30.531 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40208, len 10

22:26:30.546 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40208)

22:26:30.562 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE4022C, len 8

22:26:30.578 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE4022C)

22:26:30.593 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40250, len 12

22:26:30.593 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40250)

22:26:30.593 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40274, len 10

22:26:30.593 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40274)

22:26:30.593 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40298, len 10

22:26:30.593 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40298)

22:26:30.593 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE402BC, len 8

22:26:30.609 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE402BC)

22:26:30.609 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE402E0, len 6

22:26:30.609 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE402E0)

22:26:30.609 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40304, len 6

22:26:30.609 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40304)

22:26:30.609 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40328, len 20

22:26:30.625 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40328)

22:26:30.625 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE4035C, len 11

22:26:30.625 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE4035C)

22:26:30.625 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40380, len 36

22:26:30.625 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40380)

22:26:30.625 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE403BC, len 30

22:26:30.640 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE403BC)

22:26:30.656 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40408, len 8

22:26:30.656 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40408)

22:26:30.656 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE4042C, len 12

22:26:30.656 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE4042C)

22:26:30.656 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40450, len 10

22:26:30.656 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40450)

22:26:30.656 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40474, len 10

22:26:30.671 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40474)

22:26:30.687 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40498, len 8

22:26:30.687 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40498)

22:26:30.687 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE404BC, len 12

22:26:30.687 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE404BC)

22:26:30.703 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE404E0, len 10

22:26:30.718 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE404E0)

22:26:30.718 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40504, len 10

22:26:30.718 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40504)

22:26:30.718 895BD44C.00000000 RDP E1511010 UPFetchOrder 0448 Returned 72 orders in 2497 bytes

Breakpoint 7 hit

RDPWD!ShareClass::UPSendOrders+0x643:

b9eb3bf3 8945e4 mov dword ptr [ebp-1Ch],eax

1: kd> kc

00 RDPWD!ShareClass::UPSendOrders

01 RDPWD!ShareClass::UP_SendUpdates

02 RDPWD!ShareClass::DCS_TimeToDoStuff

03 RDPWD!WD_Ioctl

04 termdd!_IcaCallSd

05 termdd!_IcaCallStack

06 termdd!IcaCallDriver

07 termdd!IcaDeviceControlVirtual

08 termdd!IcaDeviceControlChannel

09 termdd!IcaDeviceControl

0a termdd!IcaDispatch

0b nt!IofCallDriver

0c win32k!CtxDeviceIoControlFile

0d win32k!EngFileIoControl

0e RDPDD!SCH_DDOutputAvailable

0f RDPDD!DrvEscape

10 win32k!HDXDrvEscape

11 win32k!RawInputThread

12 win32k!xxxCreateSystemThreads

13 win32k!NtUserCallOneParam

14 nt!_KiSystemService

15 SharedUserData!SystemCallStub

16 winsrv!NtUserCallOneParam

热门推荐
01GitHub 镜像站点02UV安装并设置国内源03BongoCat - 跨平台键盘猫动画工具04GitLab 零基础入门指南:从安装到项目管理全流程05Linux下V2Ray安装配置指南06Labelme从安装到标注:零基础完整指南07NVIDIA显卡驱动、CUDA、cuDNN 和 TensorRT 版本匹配指南08jdk21下载、安装(Windows、Linux、macOS)09安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)10在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)