rdpwsx!WsxIcaStackIoControl调试记录其中Class: ff Enable: 3f
通过网盘分享的文件:rdpwsx!WsxIcaStackIoControl调试记录其中Class=ff Enable=3f.txt
链接: https://pan.baidu.com/s/1ck9OJ20pZo5JErDotDMn3A?pwd=3790 提取码: 3790
--来自百度网盘超级会员v8的分享
Breakpoint 19 hit
rdpwsx!WsxIcaStackIoControl:
001b:70fbf35c 55 push ebp
0: kd> g
21:19:13.687 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl entry
21:19:13.687 892767D4.E11B61D0 TShrSRV: 00D75938:00000000 IoctlDetail: Ioctl 0x38002b (IOCTL_ICA_STACK_PUSH)
21:19:13.703 892767D4.E11B61D0 TShrSRV: pvContext=00D75938, hIca=0000041C, hStack=000E27A8
21:19:13.703 892767D4.E11B61D0 TShrSRV: pInBuffer=0248EB18, InBufferSize=0x49c, pOutBuffer=00000000, OutBufferSize=0x0
21:19:13.703 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 10 (enter)
21:19:13.703 892767D4.E11B61D0 TermDD: _IcaPushStack, type 0, name tdtcp (enter)
21:19:13.703 892767D4.E11B61D0 TdOpen: success
21:19:13.703 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 10, 0x0
21:19:13.703 892767D4.E11B61D0 TShrSRV: Return from IcaStackIoControl - 0x0
21:19:13.703 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl exit - 0x0
21:19:13.703 892767D4.E11B61D0 TSAPI: _IcaPushPd, tdtcp, 0x0
21:19:13.703 892767D4.E11B61D0 TSAPI: _IcaPushWd, rdpwd
21:19:13.703 892767D4.E11B61D0 TERMSRV: Enter WsxIcaIoControl, IoControlCode=10
Breakpoint 19 hit
rdpwsx!WsxIcaStackIoControl:
001b:70fbf35c 55 push ebp
0: kd> g
21:19:13.703 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl entry
21:19:13.703 892767D4.E11B61D0 TShrSRV: 00D75938:00000000 IoctlDetail: Ioctl 0x38002b (IOCTL_ICA_STACK_PUSH)
21:19:13.703 892767D4.E11B61D0 TShrSRV: pvContext=00D75938, hIca=0000041C, hStack=000E27A8
21:19:13.703 892767D4.E11B61D0 TShrSRV: pInBuffer=0248EB20, InBufferSize=0x49c, pOutBuffer=00000000, OutBufferSize=0x0
21:19:13.703 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 10 (enter)
21:19:13.703 892767D4.E11B61D0 TermDD: _IcaPushStack, type 1, name rdpwd (enter)
RDPWD: **** Note SHM_SHARED_MEMORY fre size is wasting at least 7/8 of a page - page size=4096, SHM=266400, wasting 3936
RDPWD: WDWLoad: Alloc TSWD=1976 + NM/SM=2716 (= 4692) bytes for TSWd
RDPWD: **** Note TSWd allocation is above page size 4096, wasting 3500
RDPWD: pTSWd=E10C2010, pSM=E10C27C8, pNM=E10C2E30, sizeof(TSWd)=1976, sizeof(SM)=1640
RDPWD: WDWLoad: Alloc 3476 bytes for InfoPkt
RDPWD: WDWLoad done
21:19:13.718 892767D4.E11B61D0 RDP+E10C2010+WD_Open +0093+Stack class (0)
21:19:13.718 892767D4.E11B61D0 RDP E10C2010 WD_Open 0096 Protocol counters are at 895FFBE8
21:19:13.718 892767D4.E11B61D0 RDP E10C2010 WD_Open 0102 Our name is >rdpwd<
21:19:13.718 892767D4.E11B61D0 RDP E10C2010 COM_OpenRegi 0080 Opened key '\Registry\Machine\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\'
21:19:13.718 892767D4.E11B61D0 RDP E10C2010 COMReadEntry 0229 Couldn't read key 'FlowControlSleepInterval', rc = 0xc0000034
21:19:13.718 892767D4.E11B61D0 RDP E10C2010 COM_ReadProf 0176 Failed to read int32 from 'FlowControlSleepInterval'. Using default.
21:19:13.718 892767D4.E11B61D0 RDP E10C2010 COM_ReadProf 0181 Returning 'FlowControlSleepInterval' = 2000 (0x7d0)
21:19:13.718 892767D4.E11B61D0 RDP E10C2010 WD_Open 0189 Flow control sleep interval 2000
21:19:13.718 892767D4.E11B61D0 RDP E10C2010 COMReadEntry 0229 Couldn't read key 'BreakOnMemoryLeak', rc = 0xc0000034
21:19:13.718 892767D4.E11B61D0 RDP E10C2010 COM_ReadProf 0176 Failed to read int32 from 'BreakOnMemoryLeak'. Using default.
21:19:13.718 892767D4.E11B61D0 RDP E10C2010 COM_ReadProf 0181 Returning 'BreakOnMemoryLeak' = 0 (0x0)
21:19:13.718 892767D4.E11B61D0 RDP E10C2010 WD_Open 0201 Break on memory leak ? no
21:19:13.718 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 10, 0x0
21:19:13.718 892767D4.E11B61D0 TShrSRV: Return from IcaStackIoControl - 0x0
21:19:13.734 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl exit - 0x0
21:19:13.734 892767D4.E11B61D0 TSAPI: _IcaPushWd, rdpwd, 0x0
21:19:13.734 892767D4.E11B61D0 TSAPI: _IcaPushStack, success
21:19:13.734 892767D4.E11B61D0 TERMSRV: Enter WsxIcaIoControl, IoControlCode=14
Breakpoint 19 hit
rdpwsx!WsxIcaStackIoControl:
001b:70fbf35c 55 push ebp
0: kd>
21:19:13.734 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl entry
21:19:13.734 892767D4.E11B61D0 TShrSRV: 00D75938:00000000 IoctlDetail: Ioctl 0x38003b (IOCTL_ICA_STACK_OPEN_ENDPOINT)
21:19:13.734 892767D4.E11B61D0 TShrSRV: pvContext=00D75938, hIca=0000041C, hStack=000E27A8
21:19:13.734 892767D4.E11B61D0 TShrSRV: pInBuffer=000E2140, InBufferSize=0x4, pOutBuffer=00000000, OutBufferSize=0x0
21:19:13.734 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 14 (enter)
21:19:13.734 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_STACK_OPEN_ENDPOINT (14)
21:19:13.734 892767D4.E11B61D0 TermDD: IcaCallNextDriver, ProcIndex=5 (enter)
21:19:13.734 892767D4.E11B61D0 TDTDI: DeviceOpenEndpoint, copying existing endpoint
_TcpSetNagle: Flag 0x0, Result 0x0
TdiDeviceOpenEndpoint: SetNagle 0x0 Result 0x0
21:19:13.734 892767D4.E11B61D0 TermDD: IcaCreateThread (enter)
21:19:13.734 892767D4.E11B61D0 TD: StackOpenEndpoint, success
21:19:13.734 892767D4.E11B61D0 TdIoctl(0x0038003b): Status=0x00000000
21:19:13.734 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 2422 Chaining on IOCtl 0x38003b (function 14): status 0
21:19:13.734 89311F14.00000000 TdInputThread (entry)
TdInBufAlloc: pInBuf=0x89260160
21:19:13.734 89311F14.00000000 TermDD: IcaRawInput, bc=39 (enter)
21:19:13.734 89311F14.00000000 TermDD: IcaWaitForSingleObject, -1 (enter)
21:19:13.734 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 14, 0x0
21:19:13.734 892767D4.E11B61D0 TShrSRV: Return from IcaStackIoControl - 0x0
21:19:13.734 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl exit - 0x0
21:19:13.734 892767D4.E11B61D0 TSAPI: _IcaPushStackAndOpenEndpoint, success
21:19:13.734 892767D4.E11B61D0 ICADD: IcaDeviceControlConnection, fc 0 (enter)
21:19:13.734 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_SET_TRACE (0)
RDPWD: New trace config for E10C2010:
RDPWD: Class: ff
RDPWD: Enable: 3f
RDPWD: Prefix info:
RDPWD: None
21:19:13.734 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0678 Got Set Trace IOCtl
21:19:13.734 892767D4.E11B61D0 ICADD: IcaDeviceControlConnection, fc 0, 0x0
21:19:13.734 892767D4.E11B61D0 TERMSRV: Enter WsxIcaIoControl, IoControlCode=49
Breakpoint 19 hit
rdpwsx!WsxIcaStackIoControl:
001b:70fbf35c 55 push ebp
0: kd> g
21:19:13.734 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl entry
21:19:13.734 892767D4.E11B61D0 TShrSRV: 00D75938:00000000 IoctlDetail: Ioctl 0x3800c7 (UNKNOWN_ICA_IOCTL)
21:19:13.734 892767D4.E11B61D0 TShrSRV: pvContext=00D75938, hIca=0000041C, hStack=000E27A8
21:19:13.734 892767D4.E11B61D0 TShrSRV: pInBuffer=0248F5F4, InBufferSize=0x4, pOutBuffer=00000000, OutBufferSize=0x0
21:19:13.734 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 49 (enter)
21:19:13.734 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 Unknown Ioctl (49)
21:19:13.734 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0774 Got stack config data
21:19:13.734 892767D4.E11B61D0 RDP E10C2010 WDWSetConfig 3613 Max Color Depth support: 16
21:19:13.734 892767D4.E11B61D0 RDP E10C2010 WDWSetConfig 3619 Encryption after logon: 0
21:19:13.734 892767D4.E11B61D0 RDP E10C2010 WDWSetConfig 3620 Encryption level: 2
21:19:13.734 892767D4.E11B61D0 RDP E10C2010 WDWSetConfig 3623 AutoReconnect disabled: 0
21:19:13.750 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 49, 0x0
21:19:13.750 892767D4.E11B61D0 TShrSRV: Return from IcaStackIoControl - 0x0
21:19:13.750 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl exit - 0x0
21:19:13.750 892767D4.E11B61D0 TERMSRV: Enter WsxIcaIoControl, IoControlCode=18
Breakpoint 19 hit
rdpwsx!WsxIcaStackIoControl:
001b:70fbf35c 55 push ebp
0: kd> g
21:19:13.750 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl entry
21:19:13.750 892767D4.E11B61D0 TShrSRV: 00D75938:00000000 IoctlDetail: Ioctl 0x38004b (IOCTL_ICA_STACK_WAIT_FOR_ICA)
21:19:13.765 892767D4.E11B61D0 TShrSRV: pvContext=00D75938, hIca=0000041C, hStack=000E27A8
21:19:13.765 892767D4.E11B61D0 TShrSRV: pInBuffer=00000000, InBufferSize=0x0, pOutBuffer=0248EA44, OutBufferSize=0x5bc
21:19:13.765 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 18 (enter)
21:19:13.765 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_STACK_WAIT_FOR_ICA (18)
21:19:13.765 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0785 Stack wait for ICA
TERMSRV: IcaDeviceControlStack: Binding vchannels
21:19:13.765 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_VIRTUAL_QUERY_BINDINGS (68)
21:19:13.765 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 1308 2 Virtual Channels (first time)
21:19:13.765 892767D4.E11B61D0 TermDD: IcaBindVirtualChannels: MS_T120 -> 31 Flags=84100000
21:19:13.781 892767D4.E11B61D0 TermDD: _IcaFindVcBind: vn MS_T120 (not found)
21:19:13.781 892767D4.E11B61D0 TermDD: _IcaRegisterVcBind: MS_T120 -> 31
21:19:13.781 892767D4.E11B61D0 TermDD: IcaFindChannelByName: vn MS_T120 (not found)
21:19:13.781 892767D4.E11B61D0 TermDD: IcaBindVirtualChannels: CTXTW -> 7 Flags=18
21:19:13.781 892767D4.E11B61D0 TermDD: _IcaFindVcBind: vn CTXTW (not found)
21:19:13.781 892767D4.E11B61D0 TermDD: _IcaRegisterVcBind: CTXTW -> 7
21:19:13.781 892767D4.E11B61D0 TermDD: IcaFindChannelByName: vn CTXTW (not found)
21:19:13.781 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 18, 0x0
21:19:13.781 892767D4.E11B61D0 TShrSRV: Return from IcaStackIoControl - 0x0
21:19:13.781 892767D4.E11B61D0 TShrSRV: TSrvStackConnect entry
21:19:13.781 892767D4.E11B61D0 TShrSRV: TSrvAllocInfo entry
21:19:13.781 892767D4.E11B61D0 TShrSRV: TSrvAllocInfoNew entry
21:19:13.781 892767D4.E11B61D0 TShrSRV: TSrvReferenceInfo entry
21:19:13.781 892767D4.E11B61D0 TShrSRV: TSrvReferenceInfo exit
21:19:13.781 892767D4.E11B61D0 TShrSRV: New info object allocated 00D75C00, workEvent 000002FC
21:19:13.796 892767D4.E11B61D0 TShrSRV: TSrvAllocInfoNew exit - 00D75C00
21:19:13.796 892767D4.E11B61D0 TShrSRV: TSrvBindStack entry
21:19:13.796 892767D4.E11B61D0 TShrSRV: Binding Ica stack
21:19:13.796 892767D4.E11B61D0 GCC: GCCConferenceInit entry
21:19:13.796 892767D4.E11B61D0 GCC: Calling MCSCreateDomain - hIca 0x41c, hStack 0xe27a8, pvContext 0xd75c00, phDomain 0xd75c1c
21:19:13.796 892767D4.E11B61D0 TermDD: IcaCreateChannel: cc 5, vn MS_T120
21:19:13.796 892767D4.E11B61D0 TermDD: IcaFindChannelByName: vn MS_T120 (not found)
21:19:13.796 892767D4.E11B61D0 TermDD: _IcaAllocateChannel: cc 5, vn MS_T120, 892e6bf8
21:19:13.796 892767D4.E11B61D0 TermDD: IcaReferenceChannel: cc 0, vc 0, ref 1
21:19:13.796 892767D4.E11B61D0 TermDD: _IcaFindVcBind: vn MS_T120 -> vc 31
21:19:13.796 892767D4.E11B61D0 TermDD: _IcaBindChannel: cc 5, vn MS_T120 vc 31
21:19:13.812 892767D4.E11B61D0 TermDD: IcaDefeferenceChannel: cc 5, vc 31, ref 2
21:19:13.812 892767D4.E11B61D0 TSAPI: IcaChannelOpen, 5/MS_T120, 1092, success
21:19:13.812 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 1280 (enter)
21:19:13.812 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_T120_REQUEST (1280)
21:19:13.812 892767D4.E11B61D0 TermDD: IcaBufferAlloc: 0x892c6bf8, Status=0x0
21:19:13.812 892767D4.E11B61D0 TermDD: IcaCallNextDriver, ProcIndex=2 (enter)
21:19:13.812 892767D4.E11B61D0 TdRawWrite 0011, 892c6bf8
21:19:13.812 89311F14.00000000 TermDD: IcaRawInput, bc=412 (enter)
21:19:13.812 89311F14.00000000 TermDD: IcaChannelInput, bc=1076 (enter)
21:19:13.812 89311F14.00000000 TermDD: IcaChannelInputInternal: cc 5, vc 31, bc 1076
21:19:13.812 89311F14.00000000 TermDD: IcaReferenceChannel: cc 5, vc 31, ref 1
21:19:13.812 89311F14.00000000 TermDD: IcaFindChannel, cc 5, vc 31 -> MS_T120
21:19:13.812 89311F14.00000000 TermDD: IcaReferenceChannel: cc 5, vc 31, ref 2
21:19:13.812 89311F14.00000000 TermDD: IcaDefeferenceChannel: cc 5, vc 31, ref 3
21:19:13.812 89311F14.00000000 TermDD: IcaDefeferenceChannel: cc 5, vc 31, ref 2
21:19:13.812 89311F14.00000000 TermDD: IcaWaitForSingleObject, -1 (enter)
21:19:13.828 89DD11FC.00000000 _TdWriteCompleteWorker: 892c6bf8
21:19:13.828 89DD11FC.00000000 TermDD: IcaBufferFree: 0x892c6bf8
21:19:13.828 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 1280, 0x0
21:19:13.828 892767D4.E11B61D0 GCC: MCSCreateDomain - MCSError 0x0 (MCS_NO_ERROR)
21:19:13.828 892767D4.E11B61D0 GCC: MCSCreateDomain: domain 0xd75c98
21:19:13.828 892CDCFC.E13610C8 TermDD: IcaReferenceChannel: cc 5, vc 31, ref 1
21:19:13.828 892CDCFC.E13610C8 TermDD: IcaDefeferenceChannel: cc 5, vc 31, ref 2
21:19:13.828 892767D4.E11B61D0 GCC: gccMapMcsError: mcsError 0x0 (MCS_NO_ERROR), gbbError 0x0 (GCC_NO_ERROR)
21:19:13.828 892CDCFC.E13610C8 GCC: mcsCallback entry
21:19:13.828 892767D4.E11B61D0 GCC: GCCConferenceInit exit - 0x0
21:19:13.828 892CDCFC.E13610C8 GCC: Message 0x0, pvParam 0xe3ff40, pvContext 0xd75c00
21:19:13.843 892767D4.E11B61D0 TShrSRV: Ica stack bound successfully
21:19:13.843 892CDCFC.E13610C8 GCC: gccConnectProviderIndication entry (MCS userDataLength = 0x12f)
21:19:13.843 892767D4.E11B61D0 TShrSRV: TSrvBindStack exit - 0x0
21:19:13.843 892CDCFC.E13610C8 GCC: gccDecodeUserData entry
21:19:13.843 892767D4.E11B61D0 TShrSRV: TSrvAllocInfo exit - 0x0
21:19:13.843 892CDCFC.E13610C8 GCC: gccDecodeUserData (len=0x118) exit - 0x0
21:19:13.843 892767D4.E11B61D0 TShrSRV: TSrvDoConnect entry
21:19:13.843 892CDCFC.E13610C8 GCC: Performing GCC_CREATE_INDICATION callout
21:19:13.843 892767D4.E11B61D0 TShrSRV: TSrvReferenceInfo entry
21:19:13.843 892CDCFC.E13610C8 TShrSRV: TSrvGCCCallBack entry
21:19:13.843 892767D4.E11B61D0 TShrSRV: TSrvReferenceInfo exit
21:19:13.843 892CDCFC.E13610C8 TShrSRV: GCCCallback message 0x0 (GCC_CREATE_INDICATION) received
21:19:13.843 892767D4.E11B61D0 TShrSRV: Waiting for connection Ind signal for pTSrvInfo 0xd75c00
21:19:13.843 892CDCFC.E13610C8 TShrSRV: TSrvHandleCreateInd entry
21:19:13.843 892CDCFC.E13610C8 TShrSRV: Accepting create indication - Domain 00D75C98
21:19:13.843 892CDCFC.E13610C8 TShrSRV: Conductor privilege list is NULL
21:19:13.843 892CDCFC.E13610C8 TShrSRV: Conducted mode privilege list is NULL
21:19:13.843 892CDCFC.E13610C8 TShrSRV: Non-conducted mode privilege list is NULL
21:19:13.843 892CDCFC.E13610C8 TShrSRV: NULL conf name
21:19:13.843 892CDCFC.E13610C8 TShrSRV: Attempting to save CreateInd userData
21:19:13.843 892CDCFC.E13610C8 TShrSRV: TSrvSaveUserData entry
21:19:13.843 892CDCFC.E13610C8 TShrSRV: TSrvCalculateUserDataSize entry
21:19:13.843 892CDCFC.E13610C8 TShrSRV: number_of_user_data_members = 0x1
21:19:13.843 892CDCFC.E13610C8 TShrSRV: Key_type = 0x2 (GCC_H221_NONSTANDARD_KEY)
21:19:13.843 892CDCFC.E13610C8 TShrSRV: key long_string_length = 0x4
21:19:13.843 892CDCFC.E13610C8 TShrSRV: data long_string_length = 0x118
21:19:13.843 892CDCFC.E13610C8 TShrSRV: TSrvCalculateUserDataSize exit - 0x124
21:19:13.843 892CDCFC.E13610C8 TShrSRV: Allocated 0x154 bytes for UserData save space
21:19:13.843 892CDCFC.E13610C8 TShrSRV: Saving each UserDataMenber to save space
21:19:13.843 892CDCFC.E13610C8 TShrSRV: TSrvSaveUserDataMember entry
21:19:13.843 892CDCFC.E13610C8 TShrSRV: TSrvSaveUserDataMember exit
21:19:13.843 892CDCFC.E13610C8 TShrSRV: TSrvSaveUserData exit - 0x0
21:19:13.843 892CDCFC.E13610C8 TShrSRV: Save userData was successful
21:19:13.843 892CDCFC.E13610C8 TShrSRV: TSrvSignalIndication entry
21:19:13.843 892CDCFC.E13610C8 TShrSRV: Signaling workEvent 000002FC, status 0x0
21:19:13.843 892CDCFC.E13610C8 TShrSRV: TSrvSignalIndication exit
21:19:13.843 892767D4.E11B61D0 TShrSRV: Connection Ind signal received for pTSrvInfo 00D75C00 - 0x0
21:19:13.843 892CDCFC.E13610C8 TShrSRV: TSrvHandleCreateInd exit
21:19:13.843 892767D4.E11B61D0 TShrSRV: TSrvDoConnectResponse entry
21:19:13.843 892CDCFC.E13610C8 TShrSRV: TSrvGCCCallBack exit - GCC_CALLBACK_PROCESSED
21:19:13.843 892767D4.E11B61D0 TShrSRV: TSrvConfCreateResp entry
21:19:13.843 892CDCFC.E13610C8 GCC: Returned from GCC_CREATE_INDICATION callout
21:19:13.843 892767D4.E11B61D0 TShrSRV: Attempting ConfCreate response
21:19:13.843 892CDCFC.E13610C8 GCC: gccConnectProviderIndication exit - 0x0
21:19:13.843 892767D4.E11B61D0 TShrSRV: TSrvInitWD entry
21:19:13.843 892CDCFC.E13610C8 GCC: mcsCallback exit - 0x0
21:19:13.843 892767D4.E11B61D0 TShrSRV: Performing WDTShare connection info exchange
21:19:13.843 892767D4.E11B61D0 TShrSRV: TSrvInitWDConnectInfo entry
21:19:13.843 892767D4.E11B61D0 TShrSRV: Allocated 0x80 bytes to recieve WDTShare return data
21:19:13.843 892767D4.E11B61D0 TShrSRV: Performing connect (size=128)
21:19:13.843 892CDCFC.E13610C8 TermDD: IcaReferenceChannel: cc 5, vc 31, ref 1
21:19:13.859 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 2304 (enter)
21:19:13.859 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_TSHARE_CONF_CONNECT (2304)
21:19:13.859 892CDCFC.E13610C8 TermDD: IcaDefeferenceChannel: cc 5, vc 31, ref 2
21:19:13.859 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0816 Got TSHARE_CONF_CONNECT IOCtl
21:19:13.859 892767D4.E11B61D0 RDP E10C2010 WDWParseUser 1484 GCC_H221_NONSTANDARD_KEY
44 75 63 61 Duca
21:19:13.859 892767D4.E11B61D0 RDP E10C2010 WDWParseUser 1615 Our client's User Data
01 C0 D4 00 04 00 08 00 40 06 38 04 01 CA 03 AA ........@.8.....
04 08 00 00 CE 0E 00 00 4F 00 53 00 2D 00 32 00 ........O.S.-.2.
30 00 32 00 35 00 30 00 37 00 30 00 31 00 58 00 0.2.5.0.7.0.1.X.
45 00 42 00 4C 00 00 00 04 00 00 00 00 00 00 00 E.B.L...........
0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 01 CA 01 00 00 00 00 00 18 00 07 00 ................
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 04 C0 0C 00 0D 00 00 00 00 00 00 00 ................
02 C0 0C 00 1B 00 00 00 00 00 00 00 03 C0 2C 00 ..............,.
03 00 00 00 72 64 70 64 72 00 00 00 00 00 80 80 ....rdpdr.......
63 6C 69 70 72 64 72 00 00 00 A0 C0 72 64 70 73 cliprdr.....rdps
6E 64 00 00 00 00 00 C0 nd......
21:19:13.859 892767D4.E11B61D0 RDP E10C2010 WDWParseUser 1631 Core data
01 C0 D4 00 04 00 08 00 40 06 38 04 01 CA 03 AA ........@.8.....
04 08 00 00 CE 0E 00 00 4F 00 53 00 2D 00 32 00 ........O.S.-.2.
30 00 32 00 35 00 30 00 37 00 30 00 31 00 58 00 0.2.5.0.7.0.1.X.
45 00 42 00 4C 00 00 00 04 00 00 00 00 00 00 00 E.B.L...........
0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 01 CA 01 00 00 00 00 00 18 00 07 00 ................
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 ....
21:19:13.859 892767D4.E11B61D0 RDP E10C2010 WDWParseUser 1674 Cluster data
04 C0 0C 00 0D 00 00 00 00 00 00 00 ............
21:19:13.859 892767D4.E11B61D0 RDP E10C2010 WDWParseUser 1650 Security data
02 C0 0C 00 1B 00 00 00 00 00 00 00 ............
21:19:13.859 892767D4.E11B61D0 RDP E10C2010 WDWParseUser 1662 Net data
03 C0 2C 00 03 00 00 00 72 64 70 64 72 00 00 00 ..,.....rdpdr...
00 00 80 80 63 6C 69 70 72 64 72 00 00 00 A0 C0 ....cliprdr.....
72 64 70 73 6E 64 00 00 00 00 00 C0 rdpsnd......
21:19:13.859 892767D4.E11B61D0 RDP E10C2010 WDWConnect 0305 Client version is 0x80004
21:19:13.859 892767D4.E11B61D0 RDP E10C2010 WDWConnect 0328 ErrorInfoPDU supported = 1
21:19:13.859 892767D4.E11B61D0 RDP E10C2010 WDWConnect 0346 Client requests color depth 24, server limit 16
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 WDWConnect 0350 Limiting requested color depth...
21:19:13.875 892767D4.E11B61D0 RDP+E10C2010+WDWConnect +0374+Restricted requested color depth 24 to 16
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 WDWConnect 0431 16 BPP (565)
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 WDWConnect 0502 Client supports load balance redirection
RDPWD: New: ShareClass at E88E0A90, size=1392
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 WDWNewShareC 2528 Created Share Class
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 SM_Init 0234 encryption level is 2
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 SM_Init 0265 Encrypting
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 SM_Init 0308 Encryption methods supported 0000001b: Level 2
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 SM_Init 0365 Set state from SM_STATE_STARTED to SM_STATE_INITIALIZED
21:19:13.875 892767D4.E11B61D0 RDP+E10C2010+SM_Connect +0500+Client supports encryption: 1b
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 SM_Connect 0502 Server supports encryption: 1b
21:19:13.875 892767D4.E11B61D0 RDP+E10C2010+SM_Connect +0639+Encryption Method=2, Level=2, Display=1
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 SM_Connect 0650 Init Fips succeed
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 SM_Connect 0689 Set state from SM_STATE_INITIALIZED to SM_STATE_NM_CONNECTING
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 SM_Connect 0691 Connect to Network Manager
21:19:13.875 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0181 Net User Data
03 C0 2C 00 03 00 00 00 72 64 70 64 72 00 00 00 ..,.....rdpdr...
00 00 80 80 63 6C 69 70 72 64 72 00 00 00 A0 C0 ....cliprdr.....
72 64 70 73 6E 64 00 00 00 00 00 C0 rdpsnd......
21:19:13.890 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0185 Protocol version 0x80004 (0x8/0x4)
21:19:13.890 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0247 Channel 0 (was 0): rdpdr
21:19:13.890 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0247 Channel 1 (was 1): cliprdr
21:19:13.890 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0247 Channel 2 (was 2): rdpsnd
21:19:13.890 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0289 Attach User
21:19:13.890 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0303 AttachUser OK, hUser E88724C8
21:19:13.890 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0312 Attached as user 3ea, hUser E88724C8
21:19:13.890 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0336 Joined broadcast channel 3eb (hChannel E167E190) OK
21:19:13.906 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0356 Joined user channel (hChannel E8872614) OK
21:19:13.906 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0394 Joined VC 0: 1004 (hChannel E1189EA0)
21:19:13.906 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0394 Joined VC 1: 1005 (hChannel E167E148)
21:19:13.906 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0394 Joined VC 2: 1006 (hChannel E118F638)
21:19:13.906 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0419 Copy 3 channels to user data out
21:19:13.906 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0428 Channel 0 (0) = 0x3ec
21:19:13.921 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0428 Channel 1 (1) = 0x3ed
21:19:13.921 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0428 Channel 2 (2) = 0x3ee
21:19:13.921 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0434 Tell SM we're connecting
21:19:13.921 892767D4.E11B61D0 RDP E10C2010 SM_OnConnect 0117 Connected OK as user 3ea
21:19:13.921 892767D4.E11B61D0 RDP E10C2010 SM_OnConnect 0132 Set state from SM_STATE_NM_CONNECTING to SM_STATE_SM_CONNECTING
21:19:13.921 892767D4.E11B61D0 RDP E10C2010 WDW_OnSMConn 0677 pOutData at 00D76148
21:19:13.937 892767D4.E11B61D0 RDP E10C2010 WDW_OnSMConn 0711 Key octet at 00D76168 (offs 00000020)
21:19:13.937 892767D4.E11B61D0 RDP E10C2010 WDW_OnSMConn 0719 Data octet pointer at 00D7616C (offs 00000024)
21:19:13.937 892767D4.E11B61D0 RDP E10C2010 WDW_OnSMConn 0733 Core data at 00D76174 (offs 0000002C)
21:19:13.937 892767D4.E11B61D0 RDP E10C2010 WDW_OnSMConn 0738 Net data at 00D7617C (offs 00000034)
21:19:13.937 892767D4.E11B61D0 RDP E10C2010 WDW_OnSMConn 0747 Sec data at 00D7618C (offs 00000044)
21:19:13.937 892767D4.E11B61D0 RDP E10C2010 WDW_OnSMConn 0757 Build 80 bytes of returned user data
21:19:13.937 892767D4.E11B61D0 RDP E10C2010 WDW_OnSMConn 0758 Returned user data
50 00 00 00 04 00 08 00 98 5C D7 00 01 00 00 00 P........\......
02 00 00 00 04 00 00 00 20 00 00 00 24 00 00 00 ........ ...$...
4D 63 44 6E 24 00 00 10 2C 00 00 00 01 0C 08 00 McDn$...,.......
04 00 08 00 03 0C 10 00 EB 03 03 00 EC 03 ED 03 ................
EE 03 00 00 02 0C 0C 00 02 00 00 00 02 00 00 00 ................
21:19:13.937 892767D4.E11B61D0 RDP E10C2010 SM_OnConnect 0142 Free user data
21:19:13.937 892767D4.E11B61D0 RDP E10C2010 NM_Connect 0451 Free user data
21:19:13.937 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 2304, 0x0
21:19:13.937 892767D4.E11B61D0 TShrSRV: TSrvInitWDConnectInfo exit - 0x0
21:19:13.937 892767D4.E11B61D0 TShrSRV: TSrvInitWD exit - 0x0
21:19:13.937 892767D4.E11B61D0 TShrSRV: TSrvCreateGCCDataList entry
21:19:13.937 892767D4.E11B61D0 TShrSRV: Creating UserData list
21:19:13.937 892767D4.E11B61D0 TShrSRV: Allocated 0x4 bytes for 0x1 member UserData array
21:19:13.937 892767D4.E11B61D0 TShrSRV: TSrvCreateGCCDataList exit = 0xd73018
21:19:13.937 892767D4.E11B61D0 TShrSRV: Accepting conference domain 00D75C98
21:19:13.937 892767D4.E11B61D0 GCC: GCCConferenceCreateResponse entry
21:19:13.937 892767D4.E11B61D0 GCC: gccEncodeUserData entry
21:19:13.937 892767D4.E11B61D0 GCC: gccEncodeUserData exit - 0x0
21:19:13.937 892767D4.E11B61D0 GCC: Calling MCSConnectProviderResponse - hDomain 0xd75c98, result 0x0, pUserData 0xd73318, UserDataLength 0x11b
21:19:13.937 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 1280 (enter)
21:19:13.937 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_T120_REQUEST (1280)
21:19:13.937 892767D4.E11B61D0 TermDD: IcaBufferAlloc: 0x892c6bf8, Status=0x0
21:19:13.937 892767D4.E11B61D0 TermDD: IcaCallNextDriver, ProcIndex=2 (enter)
21:19:13.937 892767D4.E11B61D0 TdRawWrite 0333, 892c6bf8
21:19:13.937 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 1280, 0x0
21:19:13.937 89DD11FC.00000000 _TdWriteCompleteWorker: 892c6bf8
21:19:13.953 89DD11FC.00000000 TermDD: IcaBufferFree: 0x892c6bf8
21:19:13.953 892767D4.E11B61D0 GCC: MCSConnectProviderResponse - MCSError 0x0 (MCS_NO_ERROR)
21:19:13.953 892767D4.E11B61D0 GCC: gccMapMcsError: mcsError 0x0 (MCS_NO_ERROR), gbbError 0x0 (GCC_NO_ERROR)
21:19:13.953 892767D4.E11B61D0 GCC: GCCConferenceCreateResponse exit - 0x0
21:19:13.953 89311F14.00000000 TermDD: IcaRawInput, bc=20 (enter)
21:19:13.953 892767D4.E11B61D0 TShrSRV: GCCConferenceCreateResponse - GCC rc 0x0 (GCC_NO_ERROR)
21:19:13.953 89311F14.00000000 TermDD: IcaBufferAlloc: 0x892c6bf8, Status=0x0
21:19:13.953 892767D4.E11B61D0 TShrSRV: Waiting to receive client random: msec=60000
21:19:13.953 89311F14.00000000 TermDD: IcaCallNextDriver, ProcIndex=2 (enter)
21:19:13.953 89311F14.00000000 TdRawWrite 0011, 892c6bf8
21:19:13.953 89311F14.00000000 TermDD: IcaRawInput, bc=12 (enter)
21:19:13.953 89311F14.00000000 TermDD: IcaBufferAlloc: 0x892c6770, Status=0x0
21:19:13.953 89311F14.00000000 TermDD: IcaCallNextDriver, ProcIndex=2 (enter)
21:19:13.953 89311F14.00000000 TdRawWrite 0015, 892c6770
21:19:13.953 89311F14.00000000 TermDD: IcaRawInput, bc=12 (enter)
21:19:13.953 89311F14.00000000 TermDD: IcaBufferAlloc: 0x89253610, Status=0x0
21:19:13.953 89311F14.00000000 TermDD: IcaCallNextDriver, ProcIndex=2 (enter)
21:19:13.953 89311F14.00000000 TdRawWrite 0015, 89253610
21:19:13.953 89311F14.00000000 TermDD: IcaRawInput, bc=12 (enter)
21:19:13.953 89311F14.00000000 TermDD: IcaBufferAlloc: 0x892c56f8, Status=0x0
21:19:13.953 89311F14.00000000 TermDD: IcaCallNextDriver, ProcIndex=2 (enter)
21:19:13.953 89311F14.00000000 TdRawWrite 0015, 892c56f8
21:19:13.953 89311F14.00000000 TermDD: IcaRawInput, bc=12 (enter)
21:19:13.953 89311F14.00000000 TermDD: IcaBufferAlloc: 0x892c4890, Status=0x0
21:19:13.953 89311F14.00000000 TermDD: IcaCallNextDriver, ProcIndex=2 (enter)
21:19:13.953 89311F14.00000000 TdRawWrite 0015, 892c4890
21:19:13.953 89311F14.00000000 TermDD: IcaRawInput, bc=12 (enter)
21:19:13.953 89311F14.00000000 TermDD: IcaBufferAlloc: 0x892e5588, Status=0x0
21:19:13.953 89311F14.00000000 TermDD: IcaCallNextDriver, ProcIndex=2 (enter)
21:19:13.953 89311F14.00000000 TdRawWrite 0015, 892e5588
21:19:13.953 89311F14.00000000 TermDD: IcaRawInput, bc=515 (enter)
21:19:13.953 89311F14.00000000 RDP E10C2010 SM_MCSSendDa 0507 Encrypting=1: security packet
21:19:13.953 89311F14.00000000 RDP E10C2010 SM_MCSSendDa 0745 Security packet
21:19:13.953 89311F14.00000000 RDP E10C2010 SM_MCSSendDa 0507 Encrypting=1: security packet
21:19:13.953 89311F14.00000000 RDP E10C2010 SM_MCSSendDa 0745 Security packet
21:19:13.953 89311F14.00000000 RDP E10C2010 SMSecurityEx 0301 About to wait for session key creation
21:19:13.953 89311F14.00000000 TermDD: IcaWaitForMultipleObjects, -1 (enter)
21:19:13.953 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 2308 (enter)
21:19:13.968 89DD11FC.00000000 _TdWriteCompleteWorker: 892c6bf8
21:19:13.968 89DD11FC.00000000 TermDD: IcaBufferFree: 0x892c6bf8
21:19:13.968 89DD1F7C.00000000 _TdWriteCompleteWorker: 892c6770
21:19:13.968 89DD1F7C.00000000 TermDD: IcaBufferFree: 0x892c6770
21:19:13.968 89DD0F7C.00000000 _TdWriteCompleteWorker: 89253610
21:19:13.968 89DD0F7C.00000000 TermDD: IcaBufferFree: 0x89253610
21:19:13.968 89DD157C.00000000 _TdWriteCompleteWorker: 892c56f8
21:19:13.968 89DD157C.00000000 TermDD: IcaBufferFree: 0x892c56f8
21:19:13.968 89DD01FC.00000000 _TdWriteCompleteWorker: 892c4890
21:19:13.968 89DD01FC.00000000 TermDD: IcaBufferFree: 0x892c4890
21:19:13.968 89DD1A7C.00000000 _TdWriteCompleteWorker: 892e5588
21:19:13.968 89DD1A7C.00000000 TermDD: IcaBufferFree: 0x892e5588
21:19:13.968 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_TSHARE_GET_SEC_DATA (2308)
21:19:13.984 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0700 Got GetSecurityData IOCtl
21:19:13.984 892767D4.E11B61D0 RDP*E10C2010*SM_GetSecuri*1336*About to wait for security data
21:19:13.984 892767D4.E11B61D0 TermDD: IcaWaitForMultipleObjects, 60000 (enter)
21:19:13.984 892767D4.E11B61D0 RDP E10C2010 WDW_WaitForC 0920 Primary event hit
21:19:13.984 892767D4.E11B61D0 RDP E10C2010 SM_GetSecuri 1349 Back from wait for security data
21:19:13.984 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 2308, 0x0
21:19:13.984 892767D4.E11B61D0 TShrSRV: Received encrypted client random, rc=0
21:19:13.984 892767D4.E11B61D0 TShrSRV: Decrypted client random: rc=0
21:19:13.984 892767D4.E11B61D0 TShrSRV: Sending sec info to WD
21:19:13.984 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 2309 (enter)
21:19:13.984 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_TSHARE_SET_SEC_DATA (2309)
21:19:13.984 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0708 Got SetSecurityData IOCtl
21:19:13.984 892767D4.E11B61D0 RDP+E10C2010+SM_SetSecuri+1555+Primary stack -> encryption ON: level=2, method=2, display=1
21:19:13.984 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 2309, 0x0
21:19:13.984 89311F14.00000000 RDP E10C2010 WDW_WaitForC 0920 Primary event hit
21:19:13.984 89311F14.00000000 RDP E10C2010 SMSecurityEx 0304 Back from wait for session key creation
21:19:13.984 89311F14.00000000 RDP E10C2010 SMSecurityEx 0309 Decrypt the packet
21:19:13.984 892767D4.E11B61D0 TShrSRV: Session key transmission succeeded, PrevStatus=0
21:19:13.984 89311F14.00000000 RDP E10C2010 SMDecryptPac 0160 Data buffer before decryption
E8 3E 46 75 74 82 D5 82 29 A4 6E A7 F9 3F FA 9C .>Fut...).n..?..
F4 E9 3D 7E D8 0F B8 DF C5 D8 8F B0 AA E9 9D 16 ..=~............
D9 F9 69 9A 47 DE AD C3 D6 D9 A1 5B 99 EF CD 0C ..i.G......[....
03 12 52 CB A4 22 A8 3C C3 B4 22 6C 63 AC A5 F2 ..R..".<.."lc...
0E C3 B0 4A 9D D1 7C 47 54 8E 70 97 D5 29 6F FE ...J..|GT.p..)o.
1A DE 03 91 4C E9 34 BF AB 22 41 DF 36 C6 2A 79 ....L.4.."A.6.*y
42 37 B8 EF A6 F6 83 2F 6E B8 08 86 9A B2 C1 F3 B7...../n.......
31 29 7C BA B9 B6 33 F4 C8 EB AA 26 E6 97 F1 D4 1)|...3....&....
F4 B2 00 B2 CF EE AC A2 43 6A 5E E8 34 2E 2A D6 ........Cj^.4.*.
87 DB FF 3C 53 94 A5 F5 C2 63 C6 2F 29 2E D1 00 ...<S....c./)...
2F 9D 0F 3F 43 66 E7 5E F2 76 84 DE 1E 6A 1E A8 /..?Cf.^.v...j..
C6 A6 E5 49 B0 7A 7E 2C D2 14 05 9B 3D 77 F8 92 ...I.z~,....=w..
99 6F 8E 1C D6 48 C0 BD 99 D6 DB 3B 7B 5F 3B 38 .o...H.....;{_;8
B3 98 4E 43 01 24 F2 09 81 1C 74 B0 13 41 6C 5B ..NC.$....t..Al[
BD 34 B4 67 71 A5 DD 43 B5 2C 08 6E FD 4F C0 87 .4.gq..C.,.n.O..
21:19:13.984 892767D4.E11B61D0 TShrSRV: TSrvConfCreateResp exit = 0x0
C8 0E AB 41 AA 8E BC 79 D6 A3 38 E4 26 38 6A A7 ...A...y..8.&8j.
BC 2F FD 2C E5 40 F0 6C 5C B1 53 2E 09 23 77 02 ./.,.@.l\.S..#w.
07 54 37 F8 BB 70 E9 DE 3A 15 84 76 57 E0 DD D5 .T7..p..:..vW...
32 C1 34 BD F4 D9 73 AB 6C 43 49 83 1C BC 0C 08 2.4...s.lCI.....
BD 3D CA 35 A1 04 72 67 6E 82 D1 AB 6A 0B DA 12 .=.5..rgn...j...
83 AD 70 AE 26 9A 15 54 FB 12 19 CE A4 A2 52 38 ..p.&..T......R8
24 3F A0 F0 E7 96 6C A3 F5 CB 87 B3 7B 97 71 8A $?....l.....{.q.
76 DA 65 E1 0A 53 6B 41 15 5C 2B 32 DE 2D CD 36 v.e..SkA.\+2.-.6
B0 4C 8C 7C 9F 84 CC 71 F6 04 5E 6D B9 86 19 E5 .L.|...q..^m....
FD 7C 72 11 B9 AE FB CB F1 5F .|r......_
21:19:13.984 89311F14.00000000 RDP E10C2010 SMDecryptPac 0186 Data decrypted: 394
21:19:13.984 89311F14.00000000 RDP E10C2010 SMDecryptPac 0187 Data buffer after decryption
04 08 04 08 B3 43 00 00 1E 00 1A 00 00 00 00 00 .....C..........
00 00 43 00 48 00 2D 00 41 00 30 00 51 00 48 00 ..C.H.-.A.0.Q.H.
45 00 36 00 58 00 4A 00 38 00 39 00 57 00 45 00 E.6.X.J.8.9.W.E.
00 00 41 00 64 00 6D 00 69 00 6E 00 69 00 73 00 ..A.d.m.i.n.i.s.
74 00 72 00 61 00 74 00 6F 00 72 00 00 00 00 00 t.r.a.t.o.r.....
00 00 00 00 02 00 1C 00 31 00 39 00 32 00 2E 00 ........1.9.2...
31 00 36 00 38 00 2E 00 31 00 39 00 33 00 2E 00 1.6.8...1.9.3...
31 00 00 00 5E 00 45 00 3A 00 5C 00 62 00 69 00 1...^.E.:.\.b.i.
6E 00 61 00 72 00 69 00 65 00 73 00 2E 00 78 00 n.a.r.i.e.s...x.
38 00 36 00 63 00 68 00 6B 00 5C 00 62 00 69 00 8.6.c.h.k.\.b.i.
6E 00 61 00 72 00 69 00 65 00 73 00 2E 00 78 00 n.a.r.i.e.s...x.
38 00 36 00 63 00 68 00 6B 00 5C 00 6D 00 73 00 8.6.c.h.k.\.m.s.
74 00 73 00 63 00 61 00 78 00 2E 00 64 00 6C 00 t.s.c.a.x...d.l.
6C 00 00 00 20 FE FF FF 2D 4E FD 56 07 68 C6 51 l... ...-N.V.h.Q
F6 65 F4 95 00 00 7D 72 FE FF FF FF 36 34 3E 77 .e....}r....64>w
61 34 3E 77 CC 00 00 00 E0 00 00 00 5A 09 87 04 a4>w........Z...
58 09 87 04 00 D8 72 04 00 00 00 10 88 00 00 00 X.....r.........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 2D 4E FD 56 ............-N.V
0F 59 E4 4E F6 65 00 00 00 00 00 00 00 D8 72 04 .Y.N.e........r.
60 09 87 04 00 D8 72 04 4C D8 72 04 60 09 87 04 `.....r.L.r.`...
BC EF 40 04 EB 60 72 04 4C D8 72 04 00 D8 72 04 ..@..`r.L.r...r.
00 00 00 10 88 00 00 00 E4 EF 40 04 00 00 00 00 ..........@.....
00 00 00 00 00 00 00 00 00 00 00 00 C4 FF FF FF ................
01 00 00 00 07 00 00 00 00 00 ..........
21:19:13.984 89311F14.00000000 RDP E10C2010 SMSecurityEx 0459 Received Domain (len 30):'CH-A0QHE6XJ89WE'
21:19:13.984 89311F14.00000000 RDP E10C2010 SMSecurityEx 0476 Received UserName (len 26):'Administrator'
21:19:13.984 89311F14.00000000 RDP E10C2010 SMSecurityEx 0487 Received Password (len 0)
21:19:13.984 89311F14.00000000 RDP E10C2010 SMSecurityEx 0501 Received AlternateShell (len 0):''
21:19:13.984 89311F14.00000000 RDP E10C2010 SMSecurityEx 0514 Received WorkingDir (len 0):''
21:19:13.984 89311F14.00000000 RDP E10C2010 SMSecurityEx 0528 Client address family=2
21:19:13.984 89311F14.00000000 RDP E10C2010 SMSecurityEx 0556 Client address=192.168.193.1
21:19:13.984 89311F14.00000000 RDP E10C2010 SMSecurityEx 0596 Client directory: E:\binaries.x86chk\binaries.x86chk\mstscax.dll
21:19:13.984 89311F14.00000000 RDP E10C2010 SMSecurityEx 1009 Set state from SM_STATE_SM_CONNECTING to SM_STATE_SM_LICENSING
21:19:13.984 89311F14.00000000 RDP E10C2010 WDW_OnSMConn 0784 Got Connected Notification, rc 0
21:19:13.984 89311F14.00000000 TermDD: IcaWaitForSingleObject, -1 (enter)
21:19:13.984 892767D4.E11B61D0 TShrSRV: TSrvDoConnectResponse exit - 0x0
21:19:13.984 892767D4.E11B61D0 TShrSRV: TSrvDereferenceInfo entry
21:19:13.984 892767D4.E11B61D0 TShrSRV: TSrvDereferenceInfo exit
21:19:13.984 892767D4.E11B61D0 TShrSRV: TSrvDoConnect exit - 0x0
21:19:13.984 892767D4.E11B61D0 TShrSRV: TSrvStackConnect exit - 0x0
21:19:13.984 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl exit - 0x0
21:19:13.984 892767D4.E11B61D0 TSAPI: _IcaWaitForIca, success
21:19:13.984 892767D4.E11B61D0 TERMSRV: Enter WsxIcaIoControl, IoControlCode=19
Breakpoint 19 hit
rdpwsx!WsxIcaStackIoControl:
001b:70fbf35c 55 push ebp
0: kd> g
21:19:13.984 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl entry
21:19:13.984 892767D4.E11B61D0 TShrSRV: 00D75938:00D75C00 IoctlDetail: Ioctl 0x38004f (IOCTL_ICA_STACK_CONNECTION_QUERY)
21:19:13.984 892767D4.E11B61D0 TShrSRV: pvContext=00D75938, hIca=0000041C, hStack=000E27A8
21:19:14.000 892767D4.E11B61D0 TShrSRV: pInBuffer=00000000, InBufferSize=0x0, pOutBuffer=0248F028, OutBufferSize=0x5bc
21:19:14.000 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 19 (enter)
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_STACK_CONNECTION_QUERY (19)
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0862 Stack Connection Query
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_VIRTUAL_QUERY_BINDINGS (68)
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 NM_VirtualQu 1015 Assigned channel 0 to rdpdr
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 NM_VirtualQu 1015 Assigned channel 1 to cliprdr
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 NM_VirtualQu 1015 Assigned channel 2 to rdpsnd
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 1321 3 Virtual Channels (second time)
21:19:14.000 892767D4.E11B61D0 TermDD: IcaBindVirtualChannels: rdpdr -> 0 Flags=0
21:19:14.000 892767D4.E11B61D0 TermDD: _IcaFindVcBind: vn rdpdr (not found)
21:19:14.000 892767D4.E11B61D0 TermDD: _IcaRegisterVcBind: rdpdr -> 0
21:19:14.000 892767D4.E11B61D0 TermDD: IcaFindChannelByName: vn rdpdr (not found)
21:19:14.000 892767D4.E11B61D0 TermDD: IcaBindVirtualChannels: cliprdr -> 1 Flags=0
21:19:14.000 892767D4.E11B61D0 TermDD: _IcaFindVcBind: vn cliprdr (not found)
21:19:14.000 892767D4.E11B61D0 TermDD: _IcaRegisterVcBind: cliprdr -> 1
21:19:14.000 892767D4.E11B61D0 TermDD: IcaFindChannelByName: vn cliprdr (not found)
21:19:14.000 892767D4.E11B61D0 TermDD: IcaBindVirtualChannels: rdpsnd -> 2 Flags=0
21:19:14.000 892767D4.E11B61D0 TermDD: _IcaFindVcBind: vn rdpsnd (not found)
21:19:14.000 892767D4.E11B61D0 TermDD: _IcaRegisterVcBind: rdpsnd -> 2
21:19:14.000 892767D4.E11B61D0 TermDD: IcaFindChannelByName: vn rdpsnd (not found)
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_STACK_QUERY_BUFFER (45)
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0810 Stack query buffer, num 5, size 33000
21:19:14.000 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 19, 0x0
21:19:14.000 892767D4.E11B61D0 TShrSRV: Return from IcaStackIoControl - 0x0
21:19:14.000 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl exit - 0x0
21:19:14.000 892767D4.E11B61D0 TSAPI: IcaStackConnectionAccept: IOCTL_ICA_STACK_CONNECTION_QUERY success
21:19:14.000 892767D4.E11B61D0 TERMSRV: Enter WsxIcaIoControl, IoControlCode=20
Breakpoint 19 hit
rdpwsx!WsxIcaStackIoControl:
001b:70fbf35c 55 push ebp
0: kd> g
21:19:14.000 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl entry
21:19:14.000 892767D4.E11B61D0 TShrSRV: 00D75938:00D75C00 IoctlDetail: Ioctl 0x380053 (IOCTL_ICA_STACK_CONNECTION_SEND)
21:19:14.000 892767D4.E11B61D0 TShrSRV: pvContext=00D75938, hIca=0000041C, hStack=000E27A8
21:19:14.000 892767D4.E11B61D0 TShrSRV: pInBuffer=00000000, InBufferSize=0x0, pOutBuffer=00000000, OutBufferSize=0x0
21:19:14.000 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 20 (enter)
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_STACK_CONNECTION_SEND (20)
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 1014 About to wait for connected indication
21:19:14.000 892767D4.E11B61D0 TermDD: IcaWaitForMultipleObjects, 60000 (enter)
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 WDW_WaitForC 0920 Primary event hit
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 1017 Back from wait for connected indication
21:19:14.000 892767D4.E11B61D0 TermDD: IcaCallNextDriver, ProcIndex=5 (enter)
Breakpoint 22 hit
TDTCP!StackConnectionSend:
b9896504 55 push ebp
0: kd> g
21:19:14.000 892767D4.E11B61D0 TdIoctl(0x00380053): Status=0x00000000
21:19:14.000 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 20, 0x0
21:19:14.000 892767D4.E11B61D0 TShrSRV: Return from IcaStackIoControl - 0x0
21:19:14.000 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl exit - 0x0
21:19:14.000 892767D4.E11B61D0 TSAPI: IcaStackConnectionAccept, success
21:19:14.000 892767D4.E11B61D0 TERMSRV: IcaStackConnectionAccept, Status=0x0
21:19:14.000 892767D4.E11B61D0 TERMSRV: Enter WsxIcaIoControl, IoControlCode=75
Breakpoint 19 hit
rdpwsx!WsxIcaStackIoControl:
001b:70fbf35c 55 push ebp
0: kd> g
21:19:14.000 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl entry
21:19:14.000 892767D4.E11B61D0 TShrSRV: 00D75938:00D75C00 IoctlDetail: Ioctl 0x38012f (UNKNOWN_ICA_IOCTL)
21:19:14.000 892767D4.E11B61D0 TShrSRV: pvContext=00D75938, hIca=0000041C, hStack=000E27A8
21:19:14.000 892767D4.E11B61D0 TShrSRV: pInBuffer=00000000, InBufferSize=0x0, pOutBuffer=0248F65C, OutBufferSize=0x610
21:19:14.000 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 75 (enter)
21:19:14.000 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_TS_STACK_QUERY_LOAD_BALANCE_INFO (75)
21:19:14.000 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 75, 0x0
21:19:14.000 892767D4.E11B61D0 TShrSRV: Return from IcaStackIoControl - 0x0
21:19:14.015 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl exit - 0x0
21:19:14.015 892767D4.E11B61D0 TERMSRV: Enter WsxIcaIoControl, IoControlCode=69
Breakpoint 19 hit
rdpwsx!WsxIcaStackIoControl:
001b:70fbf35c 55 push ebp
0: kd> g
21:19:14.015 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl entry
21:19:14.015 892767D4.E11B61D0 TShrSRV: 00D75938:00D75C00 IoctlDetail: Ioctl 0x380117 (IOCTL_ICA_STACK_QUERY_LICENSE_CAPABILITIES)
21:19:14.015 892767D4.E11B61D0 TShrSRV: pvContext=00D75938, hIca=0000041C, hStack=000E27A8
21:19:14.015 892767D4.E11B61D0 TShrSRV: pInBuffer=00000000, InBufferSize=0x0, pOutBuffer=0248F5B8, OutBufferSize=0x18
21:19:14.015 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 69 (enter)
21:19:14.015 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_STACK_QUERY_LICENSE_CAPABILITIES (69)
21:19:14.015 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 1402 Key Exchange Alg = 1
21:19:14.015 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 1403 License Protocol Version = 10003
21:19:14.015 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 69, 0x0
21:19:14.015 892767D4.E11B61D0 TShrSRV: Return from IcaStackIoControl - 0x0
21:19:14.015 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl exit - 0x0
21:19:14.015 892767D4.E11B61D0 TERMSRV: Enter WsxIcaIoControl, IoControlCode=71
Breakpoint 19 hit
rdpwsx!WsxIcaStackIoControl:
001b:70fbf35c 55 push ebp
0: kd> g
21:19:14.015 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl entry
21:19:14.015 892767D4.E11B61D0 TShrSRV: 00D75938:00D75C00 IoctlDetail: Ioctl 0x38011f (IOCTL_ICA_STACK_SEND_CLIENT_LICENSE)
21:19:14.015 892767D4.E11B61D0 TShrSRV: pvContext=00D75938, hIca=0000041C, hStack=000E27A8
21:19:14.015 892767D4.E11B61D0 TShrSRV: pInBuffer=000E2C08, InBufferSize=0x10, pOutBuffer=00000000, OutBufferSize=0x0
21:19:14.015 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 71 (enter)
21:19:14.015 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_STACK_SEND_CLIENT_LICENSE (71)
21:19:14.015 892767D4.E11B61D0 TermDD: IcaBufferAlloc: 0x892c4890, Status=0x0
21:19:14.015 892767D4.E11B61D0 RDP E10C2010 NM_AllocBuff 0576 Alloc 28 bytes OK
21:19:14.015 892767D4.E11B61D0 RDP E10C2010 SM_AllocBuff 0842 Alloc buffer size 28 at 892C4A1C
21:19:14.015 892767D4.E11B61D0 RDP E10C2010 SM_SendData 1160 Data buffer before encryption
FF 03 10 00 07 00 00 00 02 00 00 00 04 00 00 00 ................
21:19:14.015 892767D4.E11B61D0 RDP E10C2010 SM_SendData 1199 Data encrypted
21:19:14.015 892767D4.E11B61D0 RDP E10C2010 SM_SendData 1201 Data buffer after encryption
87 41 84 95 5A 87 15 8C 8B C2 FD 19 7E CB A0 C4 .A..Z.......~...
21:19:14.015 892767D4.E11B61D0 RDP E10C2010 NM_SendData 0766 Send data on channel 0
21:19:14.015 892767D4.E11B61D0 TermDD: IcaCallNextDriver, ProcIndex=2 (enter)
21:19:14.015 892767D4.E11B61D0 TdRawWrite 0042, 892c4890
21:19:14.015 892767D4.E11B61D0 RDP E10C2010 NM_SendData 0775 Send OK
40 00 00 00 00 00 00 00 54 E8 5E 89 54 E8 5E 89 @.......T.^.T.^.
0E 4A 2C 89 2A 00 00 00 40 00 00 00 .J,.*...@...
21:19:14.015 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 71, 0x0
21:19:14.015 892767D4.E11B61D0 TShrSRV: Return from IcaStackIoControl - 0x0
21:19:14.015 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl exit - 0x0
21:19:14.015 892767D4.E11B61D0 TERMSRV: Enter WsxIcaIoControl, IoControlCode=72
Breakpoint 19 hit
rdpwsx!WsxIcaStackIoControl:
001b:70fbf35c 55 push ebp
0: kd> g
21:19:14.015 89DD1A7C.00000000 _TdWriteCompleteWorker: 892c4890
21:19:14.015 89DD1A7C.00000000 TermDD: IcaBufferFree: 0x892c4890
21:19:14.015 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl entry
21:19:14.015 892767D4.E11B61D0 TShrSRV: 00D75938:00D75C00 IoctlDetail: Ioctl 0x380123 (IOCTL_ICA_STACK_LICENSE_PROTOCOL_COMPLETE)
21:19:14.015 892767D4.E11B61D0 TShrSRV: pvContext=00D75938, hIca=0000041C, hStack=000E27A8
21:19:14.015 892767D4.E11B61D0 TShrSRV: pInBuffer=0248F5A4, InBufferSize=0x4, pOutBuffer=00000000, OutBufferSize=0x0
21:19:14.015 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 72 (enter)
21:19:14.031 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_STACK_LICENSE_PROTOCOL_COMPLETE (72)
21:19:14.031 892767D4.E11B61D0 RDP E10C2010 SM_LicenseOK 1308 Licensing Done
21:19:14.031 892767D4.E11B61D0 RDP E10C2010 SM_LicenseOK 1309 Set state from SM_STATE_SM_LICENSING to SM_STATE_CONNECTED
21:19:14.031 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 72, 0x0
21:19:14.031 892767D4.E11B61D0 TShrSRV: Return from IcaStackIoControl - 0x0
21:19:14.031 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl exit - 0x0
21:19:14.031 892767D4.E11B61D0 TERMSRV: LCProcessConnectionProtocol, LogonId=-1, Status=0x0
Breakpoint 19 hit
rdpwsx!WsxIcaStackIoControl:
001b:70fbf35c 55 push ebp
0: kd> g
21:19:14.031 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl entry
21:19:14.031 892767D4.E11B61D0 TShrSRV: 00D75938:00D75C00 IoctlDetail: Ioctl 0x38009b (IOCTL_ICA_STACK_QUERY_CLIENT)
21:19:14.031 892767D4.E11B61D0 TShrSRV: pvContext=00D75938, hIca=0000041C, hStack=000E27A8
21:19:14.031 892767D4.E11B61D0 TShrSRV: pInBuffer=00000000, InBufferSize=0x0, pOutBuffer=000F51D4, OutBufferSize=0x8f8
21:19:14.031 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 38 (enter)
21:19:14.031 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_STACK_QUERY_CLIENT (38)
21:19:14.031 892767D4.E11B61D0 RDP E10C2010 WD_Ioctl 1033 Return client data
21:19:14.031 892767D4.E11B61D0 TermDD: IcaDeviceControlStack, fc 38, 0x0
21:19:14.031 892767D4.E11B61D0 TShrSRV: Return from IcaStackIoControl - 0x0
21:19:14.031 892767D4.E11B61D0 TShrSRV: WsxIcaStackIoControl exit - 0x0
21:19:14.031 892767D4.E11B61D0 TERMSRV: WinStationStart, (LogonId=-1)
GDI: VerifierInitialization: failed to get info from ntoskrnl
(s: 0 0x18c.7c0 smss.exe) USRK-[Wrn] *** win32k: DBCS:[0] IME:[0] MiddleEast:[0] CTFIME:[0]
Installed
Installed
21:19:14.093 8964E524.E1733E98 TERMSRV: WinStation LPC Service Thread got a message
21:19:14.093 8964E524.E1733E98 TERMSRV: WinStation LPC Service Thread got connection message
21:19:14.093 8964E524.E1733E98 TERMSRV: WinStationLpcHandleConnectionRequest called
21:19:14.093 8964E524.E1733E98 TERMSRV: WSTAPI: Creating View memory
21:19:14.093 8964E524.E1733E98 TERMSRV: WSTAPI: Calling AcceptConnectPort, Accept 1
21:19:14.093 8964E524.E1733E98 TERMSRV: pContext 000F82F0, ConnectionRequest 00ACFEAC, info 00ACFEC4
21:19:14.093 8964E524.E1733E98 TERMSRV: ViewBase 00FD0000, ViewSize 0x2000, ViewRemoteBase 00750000
21:19:14.109 8964E524.E1733E98 TERMSRV: WSTAPI: Calling CompleteConnect port 000004CC
21:19:14.109 8964E524.E1733E98 TERMSRV: WinStation LPC Connection Accepted, Logonid 7 pContext 000F82F0 Status 0x0
21:19:14.109 895EF1FC.E1369EB0 TERMSRV: WinStation LPC Service Thread got a message
21:19:14.109 895EF1FC.E1369EB0 TERMSRV: WinStation LPC Service Thread got WinStationGetSMCommand message
21:19:14.109 895EF1FC.E1369EB0 TERMSRV: WinStationGetSMCommand, LogonId=7
21:19:14.109 895EF1FC.E1369EB0 TERMSRV: WinStationGetSMCommand queue empty port 000004CC
21:19:14.156 892F6F7C.E1795590 TERMSRV: -|--------------------------------------------|-
21:19:14.156 892F6F7C.E1795590 TERMSRV: Client SPN: NT AUTHORITY\SYSTEM
21:19:14.156 892F6F7C.E1795590 TERMSRV: Authentication level: RPC_C_AUTHN_LEVEL_PKT_PRIVACY
21:19:14.156 892F6F7C.E1795590 TERMSRV: Authentication service: RPC_C_AUTHN_WINNT
21:19:14.156 892F6F7C.E1795590 TERMSRV: -|--------------------------------------------|-
21:19:14.156 8925E9CC.E18B30D8 TERMSRV: -|--------------------------------------------|-
21:19:14.171 8925E9CC.E18B30D8 TERMSRV: Client SPN: NT AUTHORITY\SYSTEM
21:19:14.171 8925E9CC.E18B30D8 TERMSRV: Authentication level: RPC_C_AUTHN_LEVEL_PKT_PRIVACY
21:19:14.171 8925E9CC.E18B30D8 TERMSRV: Authentication service: RPC_C_AUTHN_WINNT
21:19:14.171 8925E9CC.E18B30D8 TERMSRV: -|--------------------------------------------|-
21:19:14.171 8925E9CC.E18B30D8 TERMSRV: WinStationWaitForConnect, LogonId=7
21:19:14.171 8925E9CC.E18B30D8 TERMSRV: WaitForConnectWorker, LogonId=7
TERMSRV: WaitForConnectWorker, LogonId=7
21:19:14.171 892767D4.E11B61D0 TERMSRV: WinStationStart Subsys PID=2368 InitialProg PID=2396, Status=0x0
21:19:14.171 892767D4.E11B61D0 TERMSRV: WinStationCreateComplete, (LogonId=7)
21:19:14.171 892767D4.E11B61D0 TERMSRV: WinStationCreateComplete, (LogonId=7) Status = 0x0
21:19:14.171 896441FC.E16E5260 TERMSRV: TerminateThread, WaitForMultipleObjects, rc=0
21:19:14.187 896441FC.E16E5260 TERMSRV: TerminateThread, Waiting for initial command exit (ArraySize=11)
21:19:14.187 8925E9CC.E18B30D8 TermDD: IcaCreateChannel: cc 3, vn
21:19:14.187 8925E9CC.E18B30D8 TermDD: IcaFindChannel, cc 3, vc 0 (not found)
21:19:14.187 8925E9CC.E18B30D8 TermDD: _IcaAllocateChannel: cc 3, vn , 895e6718
21:19:14.187 8925E9CC.E18B30D8 TermDD: IcaReferenceChannel: cc 0, vc 0, ref 1
21:19:14.187 8925E9CC.E18B30D8 TermDD: _IcaBindChannel: cc 3, vn vc 0
21:19:14.187 8925E9CC.E18B30D8 TermDD: IcaDefeferenceChannel: cc 3, vc 0, ref 2
21:19:14.187 8925E9CC.E18B30D8 TSAPI: IcaChannelOpen, 3/, 1404, success
21:19:14.187 8925E9CC.E18B30D8 TermDD: IcaCreateChannel: cc 5, vn CTXTW
21:19:14.203 8925E9CC.E18B30D8 TermDD: IcaFindChannelByName: vn CTXTW (not found)
21:19:14.203 8925E9CC.E18B30D8 TermDD: _IcaAllocateChannel: cc 5, vn CTXTW , 89302d48
21:19:14.218 8925E9CC.E18B30D8 TermDD: IcaReferenceChannel: cc 0, vc 0, ref 1
21:19:14.218 8925E9CC.E18B30D8 TermDD: _IcaFindVcBind: vn CTXTW -> vc 7
21:19:14.218 8925E9CC.E18B30D8 TermDD: _IcaBindChannel: cc 5, vn CTXTW vc 7
21:19:14.218 8925E9CC.E18B30D8 TermDD: IcaDefeferenceChannel: cc 5, vc 7, ref 2
21:19:14.218 8925E9CC.E18B30D8 TSAPI: IcaChannelOpen, 5/CTXTW , 1408, success
21:19:14.218 8925E9CC.E18B30D8 TermDD: IcaDeviceControlChannel, fc 51, ref 1 (enter)
21:19:14.218 8925E9CC.E18B30D8 TermDD: IcaDeviceControlChannel, fc 51, ref 1, 0x0
21:19:14.218 8925E9CC.E18B30D8 TermDD: IcaCreateChannel: cc 2, vn
21:19:14.218 8925E9CC.E18B30D8 TermDD: IcaFindChannel, cc 2, vc 0 (not found)
21:19:14.218 8925E9CC.E18B30D8 TermDD: _IcaAllocateChannel: cc 2, vn , 89292758
21:19:14.218 8925E9CC.E18B30D8 TermDD: IcaReferenceChannel: cc 0, vc 0, ref 1
21:19:14.218 8925E9CC.E18B30D8 TermDD: _IcaBindChannel: cc 2, vn vc 0
21:19:14.234 8925E9CC.E18B30D8 TermDD: IcaDefeferenceChannel: cc 2, vc 0, ref 2
21:19:14.234 8925E9CC.E18B30D8 TSAPI: IcaChannelOpen, 2/, 1412, success
21:19:14.234 8925E9CC.E18B30D8 TSAPI: IcaChannelClose[1412]
21:19:14.234 8925E9CC.E18B30D8 TERMSRV: WinStationOpenChannel status 0x0
21:19:14.234 8925E9CC.E18B30D8 TermDD: IcaCreateChannel: cc 0, vn
21:19:14.234 8925E9CC.E18B30D8 TermDD: IcaFindChannel, cc 0, vc 0 (not found)
21:19:14.234 8925E9CC.E18B30D8 TermDD: _IcaAllocateChannel: cc 0, vn , 89266020
21:19:14.234 8925E9CC.E18B30D8 TermDD: IcaReferenceChannel: cc 0, vc 0, ref 1
21:19:14.234 8925E9CC.E18B30D8 TermDD: _IcaBindChannel: cc 0, vn vc 0
21:19:14.234 8925E9CC.E18B30D8 TermDD: IcaDefeferenceChannel: cc 0, vc 0, ref 2
21:19:14.234 8925E9CC.E18B30D8 TSAPI: IcaChannelOpen, 0/, 1416, success
21:19:14.234 8925E9CC.E18B30D8 TSAPI: IcaChannelClose[1416]
21:19:14.234 8925E9CC.E18B30D8 TERMSRV: WinStationOpenChannel status 0x0
21:19:14.234 8925E9CC.E18B30D8 TermDD: IcaCreateChannel: cc 1, vn
21:19:14.250 8925E9CC.E18B30D8 TermDD: IcaFindChannel, cc 1, vc 0 (not found)
21:19:14.250 8925E9CC.E18B30D8 TermDD: _IcaAllocateChannel: cc 1, vn , 8969c020
21:19:14.250 8925E9CC.E18B30D8 TermDD: IcaReferenceChannel: cc 0, vc 0, ref 1
21:19:14.250 8925E9CC.E18B30D8 TermDD: _IcaBindChannel: cc 1, vn vc 0
21:19:14.250 8925E9CC.E18B30D8 TermDD: IcaDefeferenceChannel: cc 1, vc 0, ref 2
21:19:14.265 8925E9CC.E18B30D8 TSAPI: IcaChannelOpen, 1/, 1700, success
21:19:14.265 8925E9CC.E18B30D8 TSAPI: IcaChannelClose[1700]
21:19:14.265 8925E9CC.E18B30D8 TERMSRV: WinStationOpenChannel status 0x0
21:19:14.265 8925E9CC.E18B30D8 TermDD: IcaCreateChannel: cc 4, vn
21:19:14.265 8925E9CC.E18B30D8 TermDD: IcaFindChannel, cc 4, vc 0 (not found)
21:19:14.265 8925E9CC.E18B30D8 TermDD: _IcaAllocateChannel: cc 4, vn , 892c85d0
21:19:14.265 8925E9CC.E18B30D8 TermDD: IcaReferenceChannel: cc 0, vc 0, ref 1
21:19:14.265 8925E9CC.E18B30D8 TermDD: _IcaBindChannel: cc 4, vn vc 0
21:19:14.265 8925E9CC.E18B30D8 TermDD: IcaDefeferenceChannel: cc 4, vc 0, ref 2
21:19:14.265 8925E9CC.E18B30D8 TSAPI: IcaChannelOpen, 4/, 1420, success
21:19:14.265 8925E9CC.E18B30D8 TSAPI: IcaChannelClose[1420]
21:19:14.265 8925E9CC.E18B30D8 TERMSRV: WinStationOpenChannel status 0x0
21:19:14.265 8925E9CC.E18B30D8 TShrSRV: WsxVirtualChannelSecurity
21:19:14.265 8925E9CC.E18B30D8 TShrSRV: WsxInitializeClientData entry
21:19:14.265 8925E9CC.E18B30D8 TermDD: IcaDeviceControlStack, fc 38 (enter)
21:19:14.265 8925E9CC.E18B30D8 RDP E10C2010 WD_Ioctl 0489 IOCTL_ICA_STACK_QUERY_CLIENT (38)
21:19:14.265 8925E9CC.E18B30D8 RDP E10C2010 WD_Ioctl 1033 Return client data
21:19:14.265 8925E9CC.E18B30D8 TermDD: IcaDeviceControlStack, fc 38, 0x0
21:19:14.265 8925E9CC.E18B30D8 TShrSRV: WsxInitializeClientData exit = 0x0
21:19:14.265 8925E9CC.E18B30D8 TShrSRV: WsxEscape entry
21:19:14.265 8925E9CC.E18B30D8 TermDD: IcaDeviceControlStack, fc 77 (enter)
21:19:14.281 8925E9CC.E18B30D8 RDP E10C2010 WD_Ioctl 0489 Unknown Ioctl (77)
21:19:14.281 8925E9CC.E18B30D8 RDP E10C2010 WD_Ioctl 1042 Return Extended client data
21:19:14.281 8925E9CC.E18B30D8 TermDD: IcaDeviceControlStack, fc 77, 0x0
21:19:14.281 8925E9CC.E18B30D8 TERMSRV: SendWinStationCommand, LogonId=7, Cmd=WinStationDoConnect, Timeout=600
21:19:14.281 8925E9CC.E18B30D8 TERMSRV: SendWinStationCommand pCommand 00F0F464 pCommand->pMsg 00F0F5B4
21:19:14.281 8925E9CC.E18B30D8 TERMSRV: SendWinStationCommand, LogonId=7, sending cmd
21:19:14.281 8925E9CC.E18B30D8 TERMSRV: SendWinStationCommand, LogonId=7, waiting for response
W32WinStationDoConnect - Display resolution information for session 7 :
ProtocolType : 0002
HRes : 1600
VRes : 1080
ColorDepth : 0016
KeyboardType : 35
KeyboardSubType : 35
KeyboardFunctionKey : 5
21:19:14.281 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 1025, ref 1 (enter)
21:19:14.281 8927EDCC.00000000 TermDD: IcaCallDriver, ProcIndex=5 (enter)
21:19:14.281 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 0489 IOCTL_VIDEO_ICA_ENABLE_GRAPHICS (1025)
21:19:14.281 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 0586 Nothing to do
21:19:14.281 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 1025, ref 1, 0x0
GDI: DriverCapableOverride on \\.\DISPLAY1 is 0
GDI: DriverAccelerationLevel on \\.\DISPLAY1 is 0
RDPDD: FNCALL_HIST: FN[0] 1[1ac] 2[89d36860] 3[899f7718] 4[bfa6f8e0]
21:19:14.296 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 257, ref 1 (enter)
21:19:14.296 8927EDCC.00000000 TermDD: IcaCallDriver, ProcIndex=5 (enter)
21:19:14.296 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 0489 IOCTL_VIDEO_QUERY_NUM_AVAIL_MODES (257)
21:19:14.296 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 1210 QueryNumAvailableModes
21:19:14.296 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 1223 Return 1 mode available
21:19:14.296 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 257, ref 1, 0x0
21:19:14.296 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 256, ref 1 (enter)
21:19:14.296 8927EDCC.00000000 TermDD: IcaCallDriver, ProcIndex=5 (enter)
21:19:14.296 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 0489 IOCTL_VIDEO_QUERY_AVAIL_MODES (256)
21:19:14.296 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 1136 QueryAvailableModes
21:19:14.312 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 1149 Return just one mode
21:19:14.312 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 256, ref 1, 0x0
21:19:14.312 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 257, ref 1 (enter)
21:19:14.312 8927EDCC.00000000 TermDD: IcaCallDriver, ProcIndex=5 (enter)
21:19:14.312 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 0489 IOCTL_VIDEO_QUERY_NUM_AVAIL_MODES (257)
21:19:14.312 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 1210 QueryNumAvailableModes
21:19:14.312 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 1223 Return 1 mode available
21:19:14.312 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 257, ref 1, 0x0
21:19:14.312 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 256, ref 1 (enter)
21:19:14.312 8927EDCC.00000000 TermDD: IcaCallDriver, ProcIndex=5 (enter)
21:19:14.312 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 0489 IOCTL_VIDEO_QUERY_AVAIL_MODES (256)
21:19:14.312 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 1136 QueryAvailableModes
21:19:14.312 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 1149 Return just one mode
21:19:14.312 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 256, ref 1, 0x0
GDI: Drv_Trace: CaptMatchDevmode: DEFAULT DEVMODE picked
RDPDD: FNCALL_HIST: FN[0] 1[1ac] 2[89d36860] 3[899f7718] 4[bfa6f8e0]
21:19:14.328 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 257, ref 1 (enter)
21:19:14.328 8927EDCC.00000000 TermDD: IcaCallDriver, ProcIndex=5 (enter)
21:19:14.328 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 0489 IOCTL_VIDEO_QUERY_NUM_AVAIL_MODES (257)
21:19:14.328 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 1210 QueryNumAvailableModes
21:19:14.328 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 1223 Return 1 mode available
21:19:14.328 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 257, ref 1, 0x0
21:19:14.328 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 256, ref 1 (enter)
21:19:14.328 8927EDCC.00000000 TermDD: IcaCallDriver, ProcIndex=5 (enter)
21:19:14.328 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 0489 IOCTL_VIDEO_QUERY_AVAIL_MODES (256)
21:19:14.328 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 1136 QueryAvailableModes
21:19:14.328 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 1149 Return just one mode
21:19:14.328 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 256, ref 1, 0x0
RDPDD: FNCALL_HIST: FN[6] 1[1] 2[0] 3[bc640000] 4[e87651f8]
RDPDD:+SHM_Init +0053+Allocated shared memory OK(E88F8020 -> E893920B) size(0x411ec)
21:19:14.328 8927EDCC.00000000 TermDD: IcaDeviceControlChannel, fc 1296, ref 1 (enter)
21:19:14.328 8927EDCC.00000000 ICADD: IcaDeviceControlVirtual, fc 1296, ref 1 (enter)
21:19:14.328 8927EDCC.00000000 TermDD: IcaCallDriver, ProcIndex=5 (enter)
21:19:14.328 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 0489 IOCTL_WDTS_DD_CONNECT (1296)
21:19:14.328 8927EDCC.00000000 RDP E10C2010 WD_Ioctl 0883 Got TSHARE_DD_CONNECT IOCtl
21:19:14.343 8927EDCC.00000000 RDP E10C2010 WDWDDConnect 2685 Initialize Share Core
21:19:14.343 8927EDCC.00000000 RDP+E10C2010+DCS_Init +0041+Initializing Core!
21:19:14.343 8927EDCC.00000000 RDP E10C2010 COM_OpenRegi 0080 Opened key '\Registry\Machine\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\'
21:19:14.343 8927EDCC.00000000 RDP E10C2010 DCS_Init 0061 Read from registry, gdipSupportLevel is 1
21:19:14.343 8927EDCC.00000000 RDP+E10C2010+COM_OpenRegi+0085+Couldn't open key '\Registry\Machine\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\Share', rc =
0xc0000034
21:19:14.359 8927EDCC.00000000 RDP E10C2010 DCS_Init 0075 Initializing components...
21:19:14.359 8927EDCC.00000000 RDP E10C2010 DCS_Init 0087 Set ARC update interval to 3600 seconds
21:19:14.359 8927EDCC.00000000 RDP E10C2010 SM_Register 0071 Max PDU size allowed to core is 65507
21:19:14.359 8927EDCC.00000000 RDP E10C2010 SM_Register 0077 Returning user id 1002
21:19:14.359 8927EDCC.00000000 RDP E10C2010 SM_Register 0079 Set state from SM_STATE_CONNECTED to SM_STATE_SC_REGISTERED
21:19:14.359 8927EDCC.00000000 RDP E10C2010 SC_Init 0055 Local user id [1002]
21:19:14.359 8927EDCC.00000000 RDP E10C2010 SC_Init 0068 Set state from SCS_STARTED to SCS_INITED
21:19:14.359 8927EDCC.00000000 RDP E10C2010 CPC_Register 0095 Registering capabilities ID 9, size 8
21:19:14.359 8927EDCC.00000000 RDP E10C2010 CPC_Register 0133 Added 8 bytes to capabilities for ID 9
21:19:14.359 8927EDCC.00000000 RDP E10C2010 CPC_Register 0095 Registering capabilities ID 1, size 24
21:19:14.359 8927EDCC.00000000 RDP E10C2010 CPC_Register 0133 Added 24 bytes to capabilities for ID 1
21:19:14.359 8927EDCC.00000000 RDP E10C2010 CPC_Register 0095 Registering capabilities ID 20, size 8
21:19:14.359 8927EDCC.00000000 RDP E10C2010 CPC_Register 0133 Added 8 bytes to capabilities for ID 20
21:19:14.359 8927EDCC.00000000 RDP E10C2010 CPC_Register 0095 Registering capabilities ID 22, size 40
21:19:14.359 8927EDCC.00000000 RDP E10C2010 CPC_Register 0133 Added 40 bytes to capabilities for ID 22
21:19:14.359 8927EDCC.00000000 RDP E10C2010 CPC_Register 0095 Registering capabilities ID 14, size 4
21:19:14.359 8927EDCC.00000000 RDP E10C2010 CPC_Register 0133 Added 4 bytes to capabilities for ID 14
21:19:14.359 8927EDCC.00000000 RDP E10C2010 CPC_Register 0095 Registering capabilities ID 2, size 28
21:19:14.375 8927EDCC.00000000 RDP E10C2010 CPC_Register 0133 Added 28 bytes to capabilities for ID 2
21:19:14.375 8927EDCC.00000000 RDP E10C2010 OE_Init 0088 SSI recv bitmap size 1000000, send size 1000000
21:19:14.375 8927EDCC.00000000 RDP E10C2010 CPC_Register 0095 Registering capabilities ID 3, size 88
21:19:14.375 8927EDCC.00000000 RDP E10C2010 CPC_Register 0133 Added 88 bytes to capabilities for ID 3
21:19:14.375 8927EDCC.00000000 RDP E10C2010 CPC_Register 0095 Registering capabilities ID 10, size 8
21:19:14.375 8927EDCC.00000000 RDP E10C2010 CPC_Register 0133 Added 8 bytes to capabilities for ID 10
21:19:14.375 8927EDCC.00000000 RDP E10C2010 COM_ReadProf 0176 Failed to read int32 from 'Caching Disabled'. Using default.
21:19:14.375 8927EDCC.00000000 RDP E10C2010 COM_ReadProf 0181 Returning 'Caching Disabled' = 0 (0x0)
21:19:14.375 8927EDCC.00000000 RDP E10C2010 SBC_Init 0052 Caches enabled: Bitmap=1, Brush=1, Glyph=1, Offscreen=1, DNG=1, GDIP=1
21:19:14.375 8927EDCC.00000000 RDP E10C2010 CPC_Register 0095 Registering capabilities ID 18, size 8
21:19:14.375 8927EDCC.00000000 RDP E10C2010 CPC_Register 0133 Added 8 bytes to capabilities for ID 18
21:19:14.375 8927EDCC.00000000 RDP E10C2010 SBC_Init 0090 SBC initialized OK
21:19:14.375 8927EDCC.00000000 RDP E10C2010 CPC_Register 0095 Registering capabilities ID 8, size 10
21:19:14.375 8927EDCC.00000000 RDP E10C2010 CPC_Register 0133 Added 10 bytes to capabilities for ID 8
21:19:14.375 8927EDCC.00000000 RDP E10C2010 CM_Init 0039 CM initialized
21:19:14.375 8927EDCC.00000000 RDP E10C2010 CPC_Register 0095 Registering capabilities ID 13, size 88
21:19:14.375 8927EDCC.00000000 RDP E10C2010 CPC_Register 0133 Added 88 bytes to capabilities for ID 13
21:19:14.375 8927EDCC.00000000 RDP E10C2010 IM_Init 0044 IM initialized
21:19:14.375 8927EDCC.00000000 RDP E10C2010 SSI_Init 0029 Initializing SSI
21:19:14.375 8927EDCC.00000000 RDP+E10C2010+SCH_Init +0040+Slow link
21:19:14.375 8927EDCC.00000000 RDP+E10C2010+SCH_Init +0058+Normal period=100 ms, turbo period=10 ms, turbo duration=30 ms
21:19:14.375 8927EDCC.00000000 RDP E10C2010 DCS_Init 0190 ** All successfully initialized **
21:19:14.375 8927EDCC.00000000 RDP E10C2010 COM_CloseReg 0127 Not closing key because open wasn't successful
21:19:14.375 8927EDCC.00000000 RDP E10C2010 WDWDDConnect 2691 Share Class initialized, rc 1
21:19:14.390 8927EDCC.00000000 RDP*E10C2010*WDWDDConnect*2712*Stored pTSWD E10C2010, protocol status 895FFBE8
21:19:14.390 8927EDCC.00000000 RDP E10C2010 NM_Dead 0938 NM Dead ? N
21:19:14.390 8927EDCC.00000000 RDP+E10C2010+SM_Dead +1288+SM Alive - change state to SC_REGISTERED
21:19:14.390 8927EDCC.00000000 RDP E10C2010 SM_Dead 1289 Set state from SM_STATE_SC_REGISTERED to SM_STATE_SC_REGISTERED
21:19:14.390 8927EDCC.00000000 RDP+E10C2010+WDWDDConnect+2861+Creating share at 16 bpp
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0300 Caps:
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 8
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 9
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 24
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 1
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 8
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 20
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 40
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 22
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 4
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 14
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 28
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 2
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 88
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 3
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 8
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 10
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 8
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 18
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 10
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 8
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 88
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 13
21:19:14.390 8927EDCC.00000000 RDP E10C2010 CPC_GetCombi 0313 Total size 318
21:19:14.390 8927EDCC.00000000 RDP E10C2010 WDW_GetCapSe 3525 Next set: 1
21:19:14.390 8927EDCC.00000000 RDP E10C2010 WDW_GetCapSe 3525 Next set: 20
21:19:14.390 8927EDCC.00000000 RDP E10C2010 WDW_GetCapSe 3525 Next set: 22
21:19:14.390 8927EDCC.00000000 RDP E10C2010 WDW_GetCapSe 3525 Next set: 14
21:19:14.390 8927EDCC.00000000 RDP E10C2010 WDW_GetCapSe 3525 Next set: 2
21:19:14.390 8927EDCC.00000000 RDP+E10C2010+SC_CreateSha+0701+Update client desktop size
21:19:14.390 8927EDCC.00000000 TermDD: IcaBufferAlloc: 0x892c4890, Status=0x0
21:19:14.390 8927EDCC.00000000 RDP E10C2010 NM_AllocBuff 0576 Alloc 352 bytes OK
21:19:14.390 8927EDCC.00000000 RDP E10C2010 SM_AllocBuff 0842 Alloc buffer size 352 at 892C4A1C
21:19:14.390 8927EDCC.00000000 RDP E10C2010 SM_SendData 1160 Data buffer before encryption
54 01 11 00 EA 03 EA 03 01 00 04 00 3E 01 52 44 T...........>.RD
50 00 0B 00 30 2D 09 00 08 00 EA 03 76 B9 01 00 P...0-......v...
18 00 01 00 03 00 00 02 00 00 00 00 1D 04 00 00 ................
00 00 00 00 01 01 14 00 08 00 02 00 00 00 16 00 ................
28 00 01 00 00 00 00 00 00 00 01 00 00 00 DD 40 (..............@
AF 80 44 64 17 B9 B1 95 72 B9 78 64 17 B9 B0 06 ..Dd....r.xd....
70 B9 78 CC 69 89 0E 00 04 00 02 00 1C 00 10 00 p.x.i...........
01 00 01 00 01 00 40 06 38 04 00 00 01 00 01 00 ......@.8.......
00 00 01 00 00 00 03 00 58 00 00 00 00 00 00 00 ........X.......
00 00 00 00 00 00 00 00 00 00 40 42 0F 00 01 00 ..........@B....
14 00 00 00 01 00 00 00 22 00 01 01 01 01 01 00 ........".......
00 01 01 01 01 01 00 00 00 01 01 01 01 01 01 01 ................
01 00 01 01 01 01 00 00 00 00 A1 06 00 00 40 42 ..............@B
0F 00 40 42 0F 00 01 00 00 00 00 00 00 00 0A 00 ..@B............
08 00 06 00 00 00 12 00 08 00 01 00 00 00 08 00 ................
0A 00 01 00 19 00 19 00 0D 00 58 00 35 00 17 B9 ..........X.5...
8E 8C 73 B9 E0 63 17 B9 B0 06 70 B9 78 CC 69 89 ..s..c....p.x.i.
B6 26 0C E1 F0 00 00 00 8D E6 28 A9 F4 63 17 B9 .&........(..c..
52 8D 73 B9 10 20 0C E1 08 00 00 00 02 00 00 00 R.s.. ..........
A8 26 0C E1 20 00 00 00 27 00 00 00 F0 14 76 B9 .&.. ...'.....v.
E8 14 76 B9 F0 14 76 B9 E8 14 76 B9 08 00 0A 00 ..v...v...v.....
00 00 00 00 ....
21:19:14.390 8927EDCC.00000000 RDP E10C2010 SM_SendData 1199 Data encrypted
21:19:14.390 8927EDCC.00000000 RDP E10C2010 SM_SendData 1201 Data buffer after encryption
D1 8A AE 91 B3 DE 38 CC 8B 34 E5 7D 6B CB BB 9F ......8..4.}k...
33 8A 77 79 18 64 AB 28 49 15 D6 5F 2C F3 4D 2F 3.wy.d.(I.._,.M/
9C 3C D4 67 CC D8 F1 1E 7B DF 72 F3 8D 3B 75 C0 .<.g....{.r..;u.
54 EB 0E B0 CA A9 E5 12 D3 1F 78 90 8A 99 5B 63 T.........x...[c
2F A4 B9 F7 EA 98 4F 30 68 00 76 44 D1 5F AB 39 /.....O0h.vD._.9
3A A1 15 14 DC 31 2C 94 1A 44 1E 5A FA 71 DA 2D :....1,..D.Z.q.-
58 AA 0F 08 AD 00 B1 BB 9F A8 FB 65 B1 47 94 81 X..........e.G..
FE 99 A5 92 45 A5 14 6D 49 9B A9 34 C7 E3 11 18 ....E..mI..4....
A9 9F 17 9D 91 4F D5 A8 6E 85 E4 EE 69 9F F7 4E .....O..n...i..N
2D 27 14 06 05 A5 5E 87 42 A4 84 EE 15 13 E0 23 -'....^.B......#
D3 2F 84 A8 80 C8 D0 32 8E FE 1C 51 46 46 20 42 ./.....2...QFF B
24 B7 25 5D A9 ED 74 64 B3 AD F4 BF EF 8A 2F 07 $.%]..td....../.
18 BA F1 32 61 A3 1E 06 E8 84 09 8B 21 21 AB 50 ...2a.......!!.P
C9 FB F2 46 1B 65 B2 A7 82 A5 88 BE 2F CC 1C 29 ...F.e....../..)
ED C1 16 58 5A E0 11 14 9F 5D A2 44 2E 48 CA E2 ...XZ....].D.H..
A8 F3 0A EC AD 3D 98 00 5B 9C 29 2A 39 A1 D3 CD .....=..[.)*9...
33 5B 8E FC C8 CC 02 F4 9A D1 6C AC E5 4C 9D D0 3[........l..L..
E9 A2 94 FD D1 06 63 57 77 B7 78 15 2A C0 65 B6 ......cWw.x.*.e.
7C B7 C2 1E 4F 77 77 43 1C 9D D4 50 D2 52 28 6F |...OwwC...P.R(o
56 50 23 0E 14 F1 CB 13 13 97 E9 2C 1F F4 E4 08 VP#........,....
91 6F A7 38 8C 7A 15 9E 2A FE 22 84 8C E6 78 C2 .o.8.z..*."...x.
D6 7A AA D5 .z..
21:19:14.390 8927EDCC.00000000 RDP E10C2010 NM_SendData 0766 Send data on channel 0
21:19:14.390 8927EDCC.00000000 TermDD: IcaCallNextDriver, ProcIndex=2 (enter)
21:19:14.390 8927EDCC.00000000 TdRawWrite 0367, 892c4890
21:19:14.390 8927EDCC.00000000 RDP E10C2010 NM_SendData 0775 Send OK
84 01 00 00 00 00 00 00 54 E8 5E 89 54 E8 5E 89 ........T.^.T.^.
0D 4A 2C 89 6F 01 00 00 84 01 00 00 18 00 01 00 .J,.o...........
C8 48 2C 89 D0 49 2C 89 D8 E5 5E 89 00 00 00 00 .H,..I,...^.....
00 00 52 9E D9 48 DC 01 06 00 08 01 D0 49 2C 89 ..R..H.......I,.
00 00 00 00 00 00 00 00 D8 48 2C 89 D8 48 2C 89 .........H,..H,.
00 00 00 00 6F 01 00 00 00 01 04 05 00 00 00 00 ....o...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 68 05 AD 89 0B 07 00 00 ........h.......
00 00 00 00 00 00 00 00 F0 EB 27 89 00 00 00 00 ..........'.....
D8 01 26 89 D4 AD 2C 89 C8 49 2C 89 00 00 00 00 ..&...,..I,.....
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 0F 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 38 70 AD 89 00 00 00 00 ........8p......
EC 5A 89 B9 90 48 2C 89 00 00 00 00 00 00 00 00 .Z...H,.........
00 00 00 00 20 00 04 00 00 00 00 00 0D 4A 2C 89 .... ........J,.
00 40 2C 89 6F 01 00 00 0D 0A 00 00 C4 8E 00 00 .@,.o...........
21:19:14.406 8927EDCC.00000000 RDP+E10C2010+SC_CreateSha+0758+Primary Stack sent TS_DEMAND_ACTIVE_PDU
21:19:14.406 8927EDCC.00000000 RDP E10C2010 SC_CreateSha 0775 Set state from SCS_INITED to SCS_SHARE_STARTING
21:19:14.406 8927EDCC.00000000 RDP E10C2010 WDWDDConnect 2866 Share create started
21:19:14.406 8927EDCC.00000000 RDP E10C2010 WDWDDConnect 2877 Wait for Share Core to create the Share
21:19:14.406 8927EDCC.00000000 TermDD: IcaWaitForMultipleObjects, 60000 (enter)
21:19:14.406 89311F14.00000000 TermDD: IcaRawInput, bc=530 (enter)
21:19:14.406 89311F14.00000000 RDP E10C2010 SM_MCSSendDa 0507 Encrypting=1: data packet
21:19:14.406 89311F14.00000000 RDP E10C2010 SM_MCSSendDa 0522 Decrypt the packet
21:19:14.406 89311F14.00000000 RDP E10C2010 SMDecryptPac 0160 Data buffer before decryption
9F 30 81 6D CB 2F ED 1E B0 DC 94 8F 91 BA C9 3F .0.m./.........?
F1 40 D7 14 49 63 8E 86 3C 9B 72 74 41 48 3A 86 .@..Ic..<.rtAH:.
2B 5B 37 2C D9 71 2B 19 59 48 BD BC 16 98 A5 03 +[7,.q+.YH......
EF 76 85 AA C9 1D 7B AC 4D 8E E3 29 B2 32 CB BC .v....{.M..).2..
30 00 55 05 0D C3 F8 63 24 B9 5D FF 4C A1 6D 4D 0.U....c$.].L.mM
BB 6E B8 C5 F1 5E 86 23 41 22 97 24 63 2F 29 61 .n...^.#A".$c/)a
C4 00 06 33 FB 10 82 A5 03 91 E4 71 09 E8 64 94 ...3.......q..d.
92 6A 8C F3 C5 76 14 BB 03 98 4A 78 75 95 F1 DF .j...v....Jxu...
FC D9 D8 C8 47 FC 70 99 C8 47 C3 B2 3E 93 39 C5 ....G.p..G..>.9.
3C 48 95 EF FF 8B 80 E7 5E E2 35 82 E7 63 6A C4 <H......^.5..cj.
A9 53 0C DB 4E 1D 67 4A 43 8B A6 44 BF 2A E1 9C .S..N.gJC..D.*..
43 88 E8 1D CD 56 A9 75 20 1B FB 71 C4 8F A4 70 C....V.u ..q...p
68 30 D5 2C DF 91 A7 B0 61 C7 E9 7D AD DE 93 29 h0.,....a..}...)
AB D5 B6 BA 86 95 F7 9D 69 8B D3 CE 2C E2 F5 9D ........i...,...
AD 70 71 AE AA 78 5C 3D 93 54 6E D7 44 F4 2A 7F .pq..x\=.Tn.D.*
94 2E 80 DF 07 89 47 9B E4 C5 60 76 A6 35 FA E0 ......G...`v.5..
3E 48 C4 54 3F A7 3E 7A 85 F0 2F AB 6F 9F 76 C9 >H.T?.>z../.o.v.
9C 99 A9 69 A4 BD 3C FD F5 CB 87 AF 52 FE C2 B0 ...i..<.....R...
9A DF 14 32 CB E2 33 CD 38 0B ED 00 25 7B B1 A1 ...2..3.8...%{..
5E 9D 0A 41 03 CE F0 5D D3 75 0A 73 DC 2A 04 9D ^..A...].u.s.*..
00 5A FE D4 8E 39 15 A7 BA 19 76 49 DC 18 D1 03 .Z...9....vI....
E6 22 8C A0 6F E5 7E 47 F7 6B BC E8 84 F2 03 5F ."..o.~G.k....._
E4 85 75 91 7E BA 25 46 BD 18 E7 B8 6C F1 D5 1E ..u.~.%F....l...
54 61 4A 89 0C D4 5D 5B AC 7B 92 F8 B4 70 0A 2A TaJ...][.{...p.*
96 E2 B3 48 91 9E 5A 30 39 D1 19 30 81 D4 AB 72 ...H..Z09..0...r
E9 AB 83 1A 39 64 CA 56 A8 EC D6 67 B0 AD D6 DE ....9d.V...g....
F7 F9 C4 DA FB 6B 75 97 1D ED 81 E6 E1 99 7C A3 .....ku.......|.
68 12 F2 7C 9C 72 9E D6 40 57 71 0F 12 B3 C7 4C h..|.r..@Wq....L
75 19 D5 A7 0E 91 84 C5 B1 23 A0 6D E1 8D BB 66 u........#.m...f
A9 EC 6D 10 06 4F 8E A6 4A D1 12 B8 1E 5D 4F 28 ..m..O..J....]O(
28 F4 65 02 1C F1 28 E4 B6 DB 98 05 (.e...(.....
21:19:14.421 89311F14.00000000 RDP E10C2010 SMDecryptPac 0186 Data decrypted: 492
21:19:14.421 89311F14.00000000 RDP E10C2010 SMDecryptPac 0187 Data buffer after decryption
EC 01 13 00 EF 03 EA 03 01 00 EA 03 06 00 D6 01 ................
00 E9 3D 7E D8 0F 12 00 00 00 01 00 18 00 01 00 ..=~............
03 00 00 02 00 00 00 00 1D 04 00 00 00 00 00 00 ................
00 00 02 00 1C 00 18 00 01 00 01 00 01 00 40 06 ..............@.
38 04 00 00 01 00 01 00 00 00 01 00 00 00 03 00 8...............
58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 X...............
00 00 00 00 00 00 01 00 14 00 00 00 01 00 00 00 ................
2A 00 01 01 01 01 01 00 00 01 01 01 00 01 00 00 *...............
00 01 01 01 01 01 01 01 01 00 01 01 01 00 00 00 ................
00 00 A1 06 00 00 00 00 00 00 00 84 03 00 00 00 ................
00 00 A8 03 00 00 13 00 28 00 03 00 00 03 78 00 ........(.....x.
00 00 78 00 00 00 F9 09 00 80 00 00 00 00 00 00 ..x.............
00 00 00 00 00 00 00 00 00 00 00 00 00 00 0A 00 ................
08 00 06 00 00 00 07 00 0C 00 00 00 00 00 00 00 ................
00 00 05 00 0C 00 00 00 00 00 02 00 02 00 08 00 ................
0A 00 01 00 14 00 15 00 09 00 08 00 00 00 00 00 ................
0D 00 58 00 15 00 20 00 04 08 00 00 04 00 00 00 ..X... .........
00 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 0C 00 08 00 01 00 00 00 ................
0E 00 08 00 01 00 00 00 10 00 34 00 FE 00 04 00 ..........4.....
FE 00 04 00 FE 00 08 00 FE 00 08 00 FE 00 10 00 ................
FE 00 20 00 FE 00 40 00 FE 00 80 00 FE 00 00 01 .. ...@.........
40 00 00 08 00 01 00 01 03 00 00 00 0F 00 08 00 @...............
01 00 00 00 11 00 0C 00 01 00 00 00 00 1E 64 00 ..............d.
14 00 08 00 01 00 00 00 15 00 0C 00 02 00 00 00 ................
00 0A 00 01 16 00 28 00 01 00 00 00 B1 1D 00 00 ......(.........
01 00 00 00 0A 00 05 00 05 00 0A 00 02 00 00 02 ................
00 08 00 04 40 00 00 10 00 01 80 00 ....@.......
21:19:14.437 89311F14.00000000 RDP E10C2010 SM_MCSSendDa 0527 Decrypted packet at 892602BB
21:19:14.437 89311F14.00000000 RDP E10C2010 SM_MCSSendDa 0578 Share channel 3eb
21:19:14.437 89311F14.00000000 RDP E10C2010 SC_OnDataRec 1343 Data Received
21:19:14.437 89311F14.00000000 RDP E10C2010 SC_OnDataRec 1347 [1007]SC packet type 3
21:19:14.437 89311F14.00000000 RDP E10C2010 SC_OnDataRec 1504 Control PDU
21:19:14.437 89311F14.00000000 RDP+E10C2010+SCReceivedCo+0913+Primary Stack: ConfirmActivePDU
21:19:14.437 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0300 Caps:
21:19:14.437 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 8
21:19:14.453 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 9
21:19:14.453 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 24
21:19:14.453 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 1
21:19:14.453 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 8
21:19:14.453 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 20
21:19:14.453 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 40
21:19:14.453 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 22
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 4
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 14
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 28
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 2
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 88
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 3
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 8
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 10
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 8
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 18
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 10
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 8
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0304 caps size 88
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0305 caps ID 13
21:19:14.468 89311F14.00000000 RDP E10C2010 CPC_GetCombi 0313 Total size 318
21:19:14.468 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0243 {0}Call PJS functions
21:19:14.484 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0253 Call PJS # 0
21:19:14.484 89311F14.00000000 RDP E10C2010 CPC_PartyJoi 0403 Ignore adding self to share
21:19:14.484 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0254 Call PJS # 9
21:19:14.484 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0255 Call PJS # 1
21:19:14.484 89311F14.00000000 RDP E10C2010 IM_PartyJoin 0914 Got toggle key states ok
21:19:14.484 89311F14.00000000 RDP E10C2010 IM_PartyJoin 0924 Toggle key states: Caps:OFF, Num:OFF, Scroll:OFF
21:19:14.500 89311F14.00000000 RDP E10C2010 CPCGetCapabi 0626 Found 88 bytes of caps ID 13 localID 0
21:19:14.500 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0256 Call PJS # 2
21:19:14.500 89311F14.00000000 RDP E10C2010 CAEvent 0345 Processing event - 15(0001)
21:19:14.500 89311F14.00000000 RDP E10C2010 CAEvent 0345 Processing event - 17(0000)
21:19:14.500 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0257 Call PJS # 3
21:19:14.500 89311F14.00000000 RDP E10C2010 CM_PartyJoin 0100 Added ourself {0} to the share
21:19:14.500 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0258 Call PJS # 4
21:19:14.500 89311F14.00000000 RDP E10C2010 OE_PartyJoin 0157 Person 0000 joining share, oldShareSize(0)
21:19:14.500 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0259 Call PJS # 6
21:19:14.500 89311F14.00000000 RDP E10C2010 DCS_TriggerU 0876 Trigger timer for UpdateShm
21:19:14.500 89311F14.00000000 RDP E10C2010 SSIRedetermi 0243 Sender bitmap size 1000000
21:19:14.500 89311F14.00000000 RDP E10C2010 SSI_PartyJoi 0071 Person with network ID 0 joining share
21:19:14.515 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0260 Call PJS # 7
21:19:14.515 89311F14.00000000 RDP E10C2010 SCH_Continue 0146 Continue scheduling (Asleep) -> (Normal), InTTDS(0)
21:19:14.515 89311F14.00000000 RDP E10C2010 SCH_Continue 0171 Starting a timer for 100 ms
21:19:14.515 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0261 Call PJS # 10
21:19:14.515 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0262 Call PJS # 5
21:19:14.515 89311F14.00000000 RDP E10C2010 SBC_PartyJoi 0268 [0] joining share
21:19:14.515 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0266 PJS status
01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 ................
01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 ................
00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ................
21:19:14.515 89311F14.00000000 RDP E10C2010 SCConfirmAct 0536 Added local person
21:19:14.515 89311F14.00000000 RDP E10C2010 SCConfirmAct 0552 Allocated local person ID 1
21:19:14.515 89311F14.00000000 RDP E10C2010 SCConfirmAct 0588 {1} person name
21:19:14.515 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0243 {1}Call PJS functions
21:19:14.515 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0253 Call PJS # 0
21:19:14.515 89311F14.00000000 RDP E10C2010 CPC_PartyJoi 0471 Caps size: passed 470, actual 472
21:19:14.515 89311F14.00000000 RDP E10C2010 CPC_PartyJoi 0491 Allocated 470 bytes for personID 1 caps
21:19:14.531 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0254 Call PJS # 9
21:19:14.531 89311F14.00000000 RDP+E10C2010+SCParseGener+0117+Fast-path output enabled with compression
21:19:14.531 89311F14.00000000 RDP E10C2010 CPCGetCapabi 0626 Found 8 bytes of caps ID 20 localID 1
21:19:14.531 89311F14.00000000 RDP E10C2010 SCUpdateVCCa 1080 Client supports VC compression
21:19:14.531 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0255 Call PJS # 1
21:19:14.531 89311F14.00000000 RDP E10C2010 CPCGetCapabi 0626 Found 88 bytes of caps ID 13 localID 1
21:19:14.531 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0256 Call PJS # 2
21:19:14.531 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0257 Call PJS # 3
21:19:14.531 89311F14.00000000 RDP E10C2010 CM_PartyJoin 0107 Default cache size: 25
21:19:14.531 89311F14.00000000 RDP E10C2010 CM_PartyJoin 0111 Native color depth support is OFF
21:19:14.531 89311F14.00000000 RDP E10C2010 CMEnumCMCaps 0195 New style Person[0x1] capsID(8) size(12) ccrs(1) CacheSize(21)
21:19:14.531 89311F14.00000000 RDP E10C2010 CM_PartyJoin 0118 Negotiated cache size: 0
21:19:14.531 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0258 Call PJS # 4
21:19:14.531 89311F14.00000000 RDP E10C2010 OE_PartyJoin 0157 Person 0001 joining share, oldShareSize(1)
21:19:14.531 89311F14.00000000 RDP E10C2010 OEEnumOrders 0256 Orders capabilities [1]: 2a
21:19:14.531 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0259 Call PJS # 6
21:19:14.546 89311F14.00000000 RDP E10C2010 SSIEnumBitma 0208 [1]Receiver bitmap size 230400
21:19:14.546 89311F14.00000000 RDP E10C2010 SSIRedetermi 0243 Sender bitmap size 230400
21:19:14.546 89311F14.00000000 RDP E10C2010 SSI_PartyJoi 0071 Person with network ID 1 joining share
21:19:14.546 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0260 Call PJS # 7
21:19:14.562 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0261 Call PJS # 10
21:19:14.562 89311F14.00000000 RDP E10C2010 UP_PartyJoin 0327 Beeps are now ENABLED
21:19:14.562 89311F14.00000000 RDP E10C2010 SCCallPartyJ 0262 Call PJS # 5
21:19:14.562 89311F14.00000000 RDP E10C2010 SBC_PartyJoi 0268 [1] joining share
21:19:14.562 89311F14.00000000 RDP E10C2010 SBCEnumBitma 1063 [1]: Rec'd REV2 caps, # caches=3
21:19:14.562 89311F14.00000000 RDP E10C2010 SBCEnumBitma 1170 No rev1 caps received
21:19:14.562 89311F14.00000000 RDP E10C2010 SBCRedetermi 0989 New caps: bPersistentLists=TRUE, NumCellCaches=3
21:19:14.562 89311F14.00000000 RDP E10C2010 SBCRedetermi 0996 Cell cache 0: Persistent=FALSE, NumEntries=120
21:19:14.562 89311F14.00000000 RDP E10C2010 SBCRedetermi 0996 Cell cache 1: Persistent=FALSE, NumEntries=120
21:19:14.578 89311F14.00000000 RDP E10C2010 SBCRedetermi 0996 Cell cache 2: Persistent=TRUE, NumEntries=2553
21:19:14.578 89311F14.00000000 RDP E10C2010 SBCEnumGlyph 1677 [1]: Cache 0: MaximumCellSize(4) Entries(254)
21:19:14.578 89311F14.00000000 RDP E10C2010 SBCEnumGlyph 1696 [1]: Negotiated glyph cache 0 size: cEntries(254) cbCellSize(4)
21:19:14.578 89311F14.00000000 RDP E10C2010 SBCEnumGlyph 1677 [1]: Cache 1: MaximumCellSize(4) Entries(254)
21:19:14.593 89311F14.00000000 RDP E10C2010 SBCEnumGlyph 1696 [1]: Negotiated glyph cache 1 size: cEntries(254) cbCellSize(4)
21:19:14.593 89311F14.00000000 RDP E10C2010 SBCEnumGlyph 1677 [1]: Cache 2: MaximumCellSize(8) Entries(254)
21:19:14.593 89311F14.00000000 RDP E10C2010 SBCEnumGlyph 1696 [1]: Negotiated glyph cache 2 size: cEntries(254) cbCellSize(8)
21:19:14.593 89311F14.00000000 RDP E10C2010 SBCEnumGlyph 1677 [1]: Cache 3: MaximumCellSize(8) Entries(254)