winlogon源代码分析之Logon Help对话框对Tab键的处理OK按钮得到焦点

winlogon源代码分析之Logon Help对话框对Tab键的处理OK按钮得到焦点

1: kd> g

Breakpoint 44 hit

eax=0006e49c ebx=00000000 ecx=0006e420 edx=7ffe0304 esi=007d4c2c edi=00000001

eip=77cdb0e7 esp=0006e484 ebp=0006e4bc iopl=0 nv up ei pl zr na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

USER32!IsDialogMessageW:

001b:77cdb0e7 55 push ebp

1: kd> dv

hwndDlg = 0x00010046

lpMsg = 0x0006e49c {msg=0x100 wp=0x9 lp=0xf0001}

hwnd2 = 0x00010046

langID = 0xfedd

pwndDlg = 0x0006e49c

pwnd = 0x0006e49c

fBack = 0n451772

pbutn = 0x00010046

1: kd> g

Breakpoint 25 hit

eax=c0000000 ebx=00000000 ecx=40000000 edx=00000000 esi=77d0126c edi=0006e3b8

eip=77d0126c esp=0006e344 ebp=0006e36c iopl=0 ov up ei ng nz na pe cy

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000a87

USER32!EditWndProcW:

001b:77d0126c 55 push ebp

0: kd> dv

hwnd = 0x0001004a

message = 0x100

wParam = 9

lParam = 0n983041

0: kd> g

Breakpoint 40 hit

eax=000000ce ebx=000000d6 ecx=00000001 edx=00000100 esi=012425ec edi=00000100

eip=77d037cd esp=0006e24c ebp=0006e2b8 iopl=0 nv up ei pl zr na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

USER32!MLKeyDown:

001b:77d037cd 55 push ebp

0: kd> kc

00 USER32!MLKeyDown
01 USER32!MLEditWndProc
02 USER32!EditWndProc
03 USER32!EditWndProcWorker
04 USER32!EditWndProcW

05 USER32!InternalCallWinProc

06 USER32!UserCallWinProcCheckWow

07 USER32!DispatchMessageWorker

08 USER32!DispatchMessageW

09 USER32!IsDialogMessageW

0a USER32!DialogBox2

0b USER32!InternalDialogBox

0c USER32!DialogBoxIndirectParamAorW

0d USER32!DialogBoxParamW

0e USER32!DialogBoxParamW_wrapper

0f winlogon!Fusion_DialogBoxParam

10 winlogon!TimeoutDialogBoxParam

11 winlogon!WlxDialogBoxParam

12 MSGINA!WelcomeDlgProc

13 winlogon!RootDlgProc

14 USER32!InternalCallWinProc

15 USER32!UserCallDlgProcCheckWow

16 USER32!DefDlgProcWorker

17 USER32!SendMessageWorker

18 USER32!SendMessageW

19 USER32!SendMessageW_wrapper

1a comctl32_6f610000!SendMessageD

1b comctl32_6f610000!CLink::SendNotify

1c comctl32_6f610000!CLink::Notify

1d comctl32_6f610000!CMarkup::DoNotify

1e comctl32_6f610000!CMarkup::OnButtonUp

1f comctl32_6f610000!CLink::WndProc

20 USER32!InternalCallWinProc

21 USER32!UserCallWinProcCheckWow

22 USER32!DispatchMessageWorker

23 USER32!DispatchMessageW

24 USER32!IsDialogMessageW

25 USER32!DialogBox2

26 USER32!InternalDialogBox

27 USER32!DialogBoxIndirectParamAorW

28 USER32!DialogBoxParamW

29 USER32!DialogBoxParamW_wrapper

2a winlogon!Fusion_DialogBoxParam

2b winlogon!TimeoutDialogBoxParam

2c winlogon!WlxDialogBoxParam

2d MSGINA!WlxDisplaySASNotice

2e winlogon!MainLoop

2f winlogon!WinMain

30 winlogon!WinMainCRTStartup

0: kd> kv

ChildEBP RetAddr Args to Child

00 0006e248 77ce1fb8 012425ec 00000009 00000000 USER32!MLKeyDown (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editml.c @ 2043]

01 0006e2b8 77cc192e 0001004a 012425ec 00000100 USER32!MLEditWndProc+0x4c1 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editml.c @ 3625]

02 0006e2fc 77cc0f49 007d574c 00000100 00000009 USER32!EditWndProc+0x9de (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editec.c @ 3655]

03 0006e320 77d012b6 0001004a 00000100 00000009 USER32!EditWndProcWorker+0x1c2 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editec.c @ 2888]

04 0006e340 77ce7ee3 0001004a 00000100 00000009 USER32!EditWndProcW+0x4a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editec.c @ 2847]

05 0006e36c 77cf2bff 77d0126c 0001004a 00000100 USER32!InternalCallWinProc+0x1b [d:\srv03rtm\windows\core\ntuser\client\i386\callproc.asm @ 102]

06 0006e3e4 77cbe3db 00000000 77d0126c 0001004a USER32!UserCallWinProcCheckWow+0x151 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clmsg.c @ 165]

07 0006e44c 77cc4014 0006e49c 00000000 0006e480 USER32!DispatchMessageWorker+0x3e3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clmsg.c @ 2497]

08 0006e45c 77cdb482 0006e49c 00000000 007d4c2c USER32!DispatchMessageW+0xd (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\cltxt.h @ 1046]

09 0006e480 77cdff3d 00010046 007d574c 00020020 USER32!IsDialogMessageW+0x39b (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\dlgmgr2.c @ 739]

0a 0006e4bc 77cff459 00010046 00020020 00000001 USER32!DialogBox2+0x142 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\dlgmgr.c @ 1181]

0b 0006e4e4 77ce5e58 75080000 750b8688 00020020 USER32!InternalDialogBox+0x108 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\dlgmgr.c @ 1353]

0c 0006e504 77ce76e7 75080000 750b8688 00020020 USER32!DialogBoxIndirectParamAorW+0x67 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clres.c @ 806]

0d 0006e528 77cf607b 75080000 0000006d 00020020 USER32!DialogBoxParamW+0x3d (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clres.c @ 954]

0e 0006e550 0102e8fc 75080000 0000006d 00020020 USER32!DialogBoxParamW_wrapper+0x5a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clres.c @ 933]

0f 0006e574 010221e2 75080000 0000006d 00020020 winlogon!Fusion_DialogBoxParam+0x22 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\gina\winlogon\fusion.cpp @ 39]

10 0006e5b8 0102c860 00077418 75080000 0000006d winlogon!TimeoutDialogBoxParam+0x36 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\gina\winlogon\timeout.c @ 1092]

11 0006e5f0 7509ee0a 00077418 75080000 0000006d winlogon!WlxDialogBoxParam+0xb7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\gina\winlogon\wlxutil.c @ 898]

12 0006e870 0102c2bd 00020020 0000004e 0000096a MSGINA!WelcomeDlgProc+0x1e0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\gina\msgina\welcome.c @ 786]

13 0006e894 77ce7ee3 00020020 0000004e 0000096a winlogon!RootDlgProc+0x8d (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\gina\winlogon\wlxutil.c @ 343]

14 0006e8c0 77cf2d66 0102c230 00020020 0000004e USER32!InternalCallWinProc+0x1b [d:\srv03rtm\windows\core\ntuser\client\i386\callproc.asm @ 102]

15 0006e93c 77cd4af3 00000000 0102c230 00020020 USER32!UserCallDlgProcCheckWow+0x147 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clmsg.c @ 228]

16 0006e984 77cbf87c 00000000 0000004e 0000096a USER32!DefDlgProcWorker+0x11f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\dlgmgr.c @ 511]

17 0006e9b4 77cc0743 007d3aac 007d241c 0000096a USER32!SendMessageWorker+0x367 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clmsg.c @ 648]

18 0006e9d4 77cf1522 00020020 0000004e 0000096a USER32!SendMessageW+0x70 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\cltxt.h @ 809]

19 0006e9f8 6f62c6cb 00020020 0000004e 0000096a USER32!SendMessageW_wrapper+0x54 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\cltxt.h @ 755]

1a 0006ea34 6f6a6633 00020020 0000004e 0000096a comctl32_6f610000!SendMessageD+0x66 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\shell\comctl32\v6\commctrl.c @ 442]

1b 0006fb1c 6f6a6c23 00000000 00000000 00000001 comctl32_6f610000!CLink::SendNotify+0xb2 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\srv03rtm\shell\comctl32\v6\link.cpp @ 539]

1c 0006fb30 6f6ba321 01239bb4 00000001 00000000 comctl32_6f610000!CLink::Notify+0x3d (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\shell\comctl32\v6\link.cpp @ 315]

1d 0006fb44 6f6ba530 00000001 00000000 00000202 comctl32_6f610000!CMarkup::DoNotify+0x12 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\srv03rtm\shell\comctl32\v6\markup.cpp @ 2029]

1e 0006fb5c 6f6a739c 00000000 0000000e 00000008 comctl32_6f610000!CMarkup::OnButtonUp+0x4a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\shell\comctl32\v6\markup.cpp @ 738]

1f 0006fc1c 77ce7ee3 00010038 00000202 00000000 comctl32_6f610000!CLink::WndProc+0x4ea (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\shell\comctl32\v6\link.cpp @ 710]

20 0006fc48 77cf2bff 6f6a6eb2 00010038 00000202 USER32!InternalCallWinProc+0x1b [d:\srv03rtm\windows\core\ntuser\client\i386\callproc.asm @ 102]

21 0006fcc0 77cbe3db 00000000 6f6a6eb2 00010038 USER32!UserCallWinProcCheckWow+0x151 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clmsg.c @ 165]

22 0006fd28 77cc4014 0006fd78 00000000 0006fd5c USER32!DispatchMessageWorker+0x3e3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clmsg.c @ 2497]

23 0006fd38 77cdb482 0006fd78 00000000 007d3aac USER32!DispatchMessageW+0xd (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\cltxt.h @ 1046]

24 0006fd5c 77cdff3d 00020020 007d4214 00000000 USER32!IsDialogMessageW+0x39b (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\dlgmgr2.c @ 739]

25 0006fd98 77cff459 00020020 00000000 00000010 USER32!DialogBox2+0x142 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\dlgmgr.c @ 1181]

26 0006fdc0 77ce5e58 75080000 750b6958 00000000 USER32!InternalDialogBox+0x108 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\dlgmgr.c @ 1353]

27 0006fde0 77ce76e7 75080000 750b6958 00000000 USER32!DialogBoxIndirectParamAorW+0x67 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clres.c @ 806]

28 0006fe04 77cf607b 75080000 00000578 00000000 USER32!DialogBoxParamW+0x3d (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clres.c @ 954]

29 0006fe2c 0102e8fc 75080000 00000578 00000000 USER32!DialogBoxParamW_wrapper+0x5a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clres.c @ 933]

2a 0006fe50 010221e2 75080000 00000578 00000000 winlogon!Fusion_DialogBoxParam+0x22 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\gina\winlogon\fusion.cpp @ 39]

2b 0006fe94 0102c860 00077418 75080000 00000578 winlogon!TimeoutDialogBoxParam+0x36 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\gina\winlogon\timeout.c @ 1092]

2c 0006fecc 7509223d 00077418 75080000 00000578 winlogon!WlxDialogBoxParam+0xb7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\gina\winlogon\wlxutil.c @ 898]

2d 0006fef4 01029744 00155f70 00077418 00000004 MSGINA!WlxDisplaySASNotice+0x43 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\gina\msgina\msgina.c @ 778]

2e 0006ff14 01026637 00077418 ffffffff 00000000 winlogon!MainLoop+0x19d (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\gina\winlogon\wlx.c @ 3332]

2f 0006ff50 0102edc6 000a7cb0 00000000 00072f0c winlogon!WinMain+0x4c7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\ds\security\gina\winlogon\winlogon.c @ 1350]

30 0006fff4 00000000 7ffdf000 0000018a 000001e4 winlogon!WinMainCRTStartup+0x182 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\crts\crtw32\dllstuff\crtexe.c @ 493]

case VK_TAB:

/*

* If this multiline edit control is in a dialog box, then we want the

* TAB key to take you to the next control, shift TAB to take you to the

* previous control. We always want CTRL-TAB to insert a tab into the

* edit control regardless of weather or not we're in a dialog box.

*/

if (scState == CTRLDOWN)

MLChar(ped, virtKeyCode, keyMods);

else if (ped->fInDialogBox)

SendMessage(ped->hwndParent, WM_NEXTDLGCTL, scState == SHFTDOWN, 0L);

return ;

0: kd> dv

ped = 0x012425ec

virtKeyCode = 9

keyMods = 0n0

hdc = 0x00000000

mousePt = {x=16842838 y=214}

newMinSel = 0x6e2b8

MaxEqCar = 0n214

prevLine = 0n19146220

MinEqMax = 0n214

MinEqCar = 0n214

newMaxSel = 0x12425ec

D:\>grep "WM_NEXTDLGCTL" -nr D:\srv03rtm\windows\core\ntuser |grep -v "inary"

D:\srv03rtm\windows\core\ntuser/client/dlgmgr.c:798: case WM_NEXTDLGCTL:

D:\srv03rtm\windows\core\ntuser/client/editml.c:2138: SendMessage(ped->hwndParent, WM_NEXTDLGCTL, (WPARAM)hwnd, 1L);

D:\srv03rtm\windows\core\ntuser/client/editml.c:2160: SendMessage(ped->hwndParent, WM_NEXTDLGCTL, scState == SHFTDOWN, 0L);

D:\srv03rtm\windows\core\ntuser/inc/messages.h:69: {IMSG_DWORD, FALSE, FALSE}, // WM_NEXTDLGCTL 0x0028

D:\srv03rtm\windows\core\ntuser/kernel/globals.c:1209: "WM_NEXTDLGCTL",

D:\srv03rtm\windows\core\ntuser/kernel/server.c:140: WM_NEXTDLGCTL,

LRESULT DefDlgProcWorker(

PWND pwnd,

UINT message,

WPARAM wParam,

LPARAM lParam,

DWORD fAnsi)

{

/*

* This message was added so that user defined controls that want

* tab keys can pass the tab off to the next/previous control in the

* dialog box. Without this, all they could do was set the focus

* which didn't do the default button stuff.

*/

case WM_NEXTDLGCTL:

pwndTop = GetParentDialog(pwnd);

ThreadLock(pwndTop, &tlpwndTop);

hwndT1 = GetFocus();

pwndT2 = ValidateHwndNoRip(hwndT1);

if (LOWORD(lParam)) {

if (pwndT2 == NULL)

pwndT2 = pwndTop;

/*

* wParam contains the pwnd of the ctl to set focus to.

*/

if ((pwndT1 = ValidateHwnd((HWND)wParam)) == NULL) {

ThreadUnlock(&tlpwndTop);

return TRUE;

}

} else {

if (pwndT2 == NULL) {

/*

* Set focus to the first tab item.

*/

pwndT1 = _GetNextDlgTabItem(pwndTop, NULL, FALSE);

pwndT2 = pwndTop;

} else {

/*

* If window with focus not a dlg ctl, ignore message.

*/

if (!_IsChild(pwndTop, pwndT2)) {

ThreadUnlock(&tlpwndTop);

return TRUE;

}

/*

* wParam = TRUE for previous, FALSE for next

*/

pwndT1 = _GetNextDlgTabItem(pwndTop, pwndT2, (wParam != 0));

/*

* If there is no next item, ignore the message.

*/

if (pwndT1 == NULL) {

ThreadUnlock(&tlpwndTop);

return TRUE;

}

}

}

ThreadLock(pwndT1, &tlpwndT1);

ThreadLock(pwndT2, &tlpwndT2);

DlgSetFocus(HW(pwndT1));

xxxCheckDefPushButton(pwndTop, HW(pwndT2), HW(pwndT1));

ThreadUnlock(&tlpwndT2);

ThreadUnlock(&tlpwndT1);

ThreadUnlock(&tlpwndTop);

return TRUE;

1: kd> g

Breakpoint 37 hit

eax=000002a4 ebx=00000738 ecx=004c0c9c edx=00000001 esi=007d4c2c edi=00000028

eip=77cd49d4 esp=0006e1c4 ebp=0006e1f0 iopl=0 nv up ei pl nz na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

USER32!DefDlgProcWorker:

001b:77cd49d4 55 push ebp

0: kd> kc

00 USER32!DefDlgProcWorker

01 USER32!SendMessageWorker

02 USER32!SendMessageW

03 USER32!MLKeyDown

04 USER32!MLEditWndProc

05 USER32!EditWndProc

06 USER32!EditWndProcWorker

07 USER32!EditWndProcW

08 USER32!InternalCallWinProc

09 USER32!UserCallWinProcCheckWow

0a USER32!DispatchMessageWorker

0b USER32!DispatchMessageW

0c USER32!IsDialogMessageW

0d USER32!DialogBox2

0e USER32!InternalDialogBox

0f USER32!DialogBoxIndirectParamAorW

10 USER32!DialogBoxParamW

11 USER32!DialogBoxParamW_wrapper

12 winlogon!Fusion_DialogBoxParam

13 winlogon!TimeoutDialogBoxParam

14 winlogon!WlxDialogBoxParam

15 MSGINA!WelcomeDlgProc

16 winlogon!RootDlgProc

17 USER32!InternalCallWinProc

18 USER32!UserCallDlgProcCheckWow

19 USER32!DefDlgProcWorker

1a USER32!SendMessageWorker

1b USER32!SendMessageW

1c USER32!SendMessageW_wrapper

1d comctl32_6f610000!SendMessageD

1e comctl32_6f610000!CLink::SendNotify

1f comctl32_6f610000!CLink::Notify

20 comctl32_6f610000!CMarkup::DoNotify

21 comctl32_6f610000!CMarkup::OnButtonUp

22 comctl32_6f610000!CLink::WndProc

23 USER32!InternalCallWinProc

24 USER32!UserCallWinProcCheckWow

25 USER32!DispatchMessageWorker

26 USER32!DispatchMessageW

27 USER32!IsDialogMessageW

28 USER32!DialogBox2

29 USER32!InternalDialogBox

2a USER32!DialogBoxIndirectParamAorW

2b USER32!DialogBoxParamW

2c USER32!DialogBoxParamW_wrapper

2d winlogon!Fusion_DialogBoxParam

2e winlogon!TimeoutDialogBoxParam

2f winlogon!WlxDialogBoxParam

30 MSGINA!WlxDisplaySASNotice

31 winlogon!MainLoop

32 winlogon!WinMain

33 winlogon!WinMainCRTStartup

0: kd> dv

pwnd = 0x007d4c2c

message = 0x28

wParam = 0

lParam = 0n0

fAnsi = 0

hwnd = 0x0123083c

result = 0n8211500

rc = {LT(19073084, 16842838) RB(1, 0) [-19073083 x -16842838]}

WM_NEXTDLGCTL 0x0028

0: kd> p

Breakpoint 42 hit

eax=000774bc ebx=00010046 ecx=000774c0 edx=00077418 esi=000774bc edi=00077418

eip=7509dea3 esp=0006e0b0 ebp=0006e0d0 iopl=0 nv up ei ng nz ac pe cy

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297

MSGINA!HelpDlgProc:

001b:7509dea3 55 push ebp

0: kd> bp user32!DlgSetFocus

breakpoint 43 redefined

0: kd> kc

00 MSGINA!HelpDlgProc

01 winlogon!RootDlgProc

02 USER32!InternalCallWinProc

03 USER32!UserCallDlgProcCheckWow

04 USER32!DefDlgProcWorker

05 USER32!SendMessageWorker

06 USER32!SendMessageW

07 USER32!MLKeyDown

08 USER32!MLEditWndProc

09 USER32!EditWndProc

0a USER32!EditWndProcWorker

0b USER32!EditWndProcW

0c USER32!InternalCallWinProc

0d USER32!UserCallWinProcCheckWow

0e USER32!DispatchMessageWorker

0f USER32!DispatchMessageW

10 USER32!IsDialogMessageW

11 USER32!DialogBox2

12 USER32!InternalDialogBox

13 USER32!DialogBoxIndirectParamAorW

14 USER32!DialogBoxParamW

15 USER32!DialogBoxParamW_wrapper

16 winlogon!Fusion_DialogBoxParam

17 winlogon!TimeoutDialogBoxParam

18 winlogon!WlxDialogBoxParam

19 MSGINA!WelcomeDlgProc

1a winlogon!RootDlgProc

1b USER32!InternalCallWinProc

1c USER32!UserCallDlgProcCheckWow

1d USER32!DefDlgProcWorker

1e USER32!SendMessageWorker

1f USER32!SendMessageW

20 USER32!SendMessageW_wrapper

21 comctl32_6f610000!SendMessageD

22 comctl32_6f610000!CLink::SendNotify

23 comctl32_6f610000!CLink::Notify

24 comctl32_6f610000!CMarkup::DoNotify

25 comctl32_6f610000!CMarkup::OnButtonUp

26 comctl32_6f610000!CLink::WndProc

27 USER32!InternalCallWinProc

28 USER32!UserCallWinProcCheckWow

29 USER32!DispatchMessageWorker

2a USER32!DispatchMessageW

2b USER32!IsDialogMessageW

2c USER32!DialogBox2

2d USER32!InternalDialogBox

2e USER32!DialogBoxIndirectParamAorW

2f USER32!DialogBoxParamW

30 USER32!DialogBoxParamW_wrapper

31 winlogon!Fusion_DialogBoxParam

32 winlogon!TimeoutDialogBoxParam

33 winlogon!WlxDialogBoxParam

34 MSGINA!WlxDisplaySASNotice

35 winlogon!MainLoop

36 winlogon!WinMain

37 winlogon!WinMainCRTStartup

0: kd> dv

hDlg = 0x00010046

message = 0x28

wParam = 0

lParam = 0n0

hBoldFont = 0x020a0165

hbrWindow = 0x07100162

Value = 0x102c230

hwndAnim = 0x00077418

hwndHelpTitle = 0x00077418

lf = struct tagLOGFONTW

rc = {LT(8211500, 8) RB(2009875666, 450808) [2001664166 x 450800]}

0: kd> g

Breakpoint 43 hit

eax=00010048 ebx=007d574c ecx=007d5e7c edx=fffff4e0 esi=007d55e4 edi=007d4c2c

eip=77cda16b esp=0006e198 ebp=0006e1c0 iopl=0 nv up ei pl nz na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

USER32!DlgSetFocus:

001b:77cda16b 55 push ebp

0: kd> kc

00 USER32!DlgSetFocus

01 USER32!DefDlgProcWorker

02 USER32!SendMessageWorker

03 USER32!SendMessageW

04 USER32!MLKeyDown

05 USER32!MLEditWndProc

06 USER32!EditWndProc

07 USER32!EditWndProcWorker

08 USER32!EditWndProcW

09 USER32!InternalCallWinProc

0a USER32!UserCallWinProcCheckWow

0b USER32!DispatchMessageWorker

0c USER32!DispatchMessageW

0d USER32!IsDialogMessageW

0e USER32!DialogBox2

0f USER32!InternalDialogBox

10 USER32!DialogBoxIndirectParamAorW

11 USER32!DialogBoxParamW

12 USER32!DialogBoxParamW_wrapper

13 winlogon!Fusion_DialogBoxParam

14 winlogon!TimeoutDialogBoxParam

15 winlogon!WlxDialogBoxParam

16 MSGINA!WelcomeDlgProc

17 winlogon!RootDlgProc

18 USER32!InternalCallWinProc

19 USER32!UserCallDlgProcCheckWow

1a USER32!DefDlgProcWorker

1b USER32!SendMessageWorker

1c USER32!SendMessageW

1d USER32!SendMessageW_wrapper

1e comctl32_6f610000!SendMessageD

1f comctl32_6f610000!CLink::SendNotify

20 comctl32_6f610000!CLink::Notify

21 comctl32_6f610000!CMarkup::DoNotify

22 comctl32_6f610000!CMarkup::OnButtonUp

23 comctl32_6f610000!CLink::WndProc

24 USER32!InternalCallWinProc

25 USER32!UserCallWinProcCheckWow

26 USER32!DispatchMessageWorker

27 USER32!DispatchMessageW

28 USER32!IsDialogMessageW

29 USER32!DialogBox2

2a USER32!InternalDialogBox

2b USER32!DialogBoxIndirectParamAorW

2c USER32!DialogBoxParamW

2d USER32!DialogBoxParamW_wrapper

2e winlogon!Fusion_DialogBoxParam

2f winlogon!TimeoutDialogBoxParam

30 winlogon!WlxDialogBoxParam

31 MSGINA!WlxDisplaySASNotice

32 winlogon!MainLoop

33 winlogon!WinMain

34 winlogon!WinMainCRTStartup

0: kd> kv 8

ChildEBP RetAddr Args to Child

00 0006e194 77cd4ddf 00010048 00000028 007d4c2c USER32!DlgSetFocus (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\dlgmgr.c @ 152]

01 0006e1c0 77cbf93f 00000000 00000028 00000000 USER32!DefDlgProcWorker+0x40b (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\dlgmgr.c @ 851]

02 0006e1f0 77cc0743 007d4c2c 007d241c 00000000 USER32!SendMessageWorker+0x42a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clmsg.c @ 674]

03 0006e210 77d03bd0 00010046 00000028 00000000 USER32!SendMessageW+0x70 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\cltxt.h @ 809]

04 0006e248 77ce1fb8 000000d6 00000009 00000000 USER32!MLKeyDown+0x403 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editml.c @ 2483]

05 0006e2b8 77cc192e 0001004a 012425ec 00000100 USER32!MLEditWndProc+0x4c1 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editml.c @ 3625]

06 0006e2fc 77cc0f49 007d574c 00000100 00000009 USER32!EditWndProc+0x9de (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editec.c @ 3655]

07 0006e320 77d012b6 0001004a 00000100 00000009 USER32!EditWndProcWorker+0x1c2 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editec.c @ 2888]

0: kd> dv

hwnd = 0x00010048

LRESULT DefDlgProcWorker(

PWND pwnd,

UINT message,

WPARAM wParam,

LPARAM lParam,

DWORD fAnsi)

{

/*

* This message was added so that user defined controls that want

* tab keys can pass the tab off to the next/previous control in the

* dialog box. Without this, all they could do was set the focus

* which didn't do the default button stuff.

*/

case WM_NEXTDLGCTL:

ThreadLock(pwndT1, &tlpwndT1);

ThreadLock(pwndT2, &tlpwndT2);

DlgSetFocus(HW(pwndT1));

xxxCheckDefPushButton(pwndTop, HW(pwndT2), HW(pwndT1));

WM_GETDLGCODE 0x0087

0: kd> g

Breakpoint 41 hit

eax=000002a1 ebx=00000738 ecx=004c0c9c edx=00000080 esi=007d55e4 edi=00000087

eip=77cd3a17 esp=0006e130 ebp=0006e15c iopl=0 nv up ei ng nz na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282

USER32!ButtonWndProcWorker:

001b:77cd3a17 55 push ebp

0: kd> dv

pwnd = 0x007d55e4

message = 0x87

wParam = 0

lParam = 0n0

fAnsi = 0

hdc = 0x00000028

hwnd = 0x00000000

bsWnd = 0x7d55e4

fInit = 0n0

ps = struct tagPAINTSTRUCT

rc = {LT(0, 450812) RB(2010021603, 65606) [2010021603 x -385206]}

hbr = 0x00000000

0: kd> kc

00 USER32!ButtonWndProcWorker

01 USER32!SendMessageWorker

02 USER32!SendMessageW

03 USER32!DlgSetFocus

04 USER32!DefDlgProcWorker

05 USER32!SendMessageWorker

06 USER32!SendMessageW

07 USER32!MLKeyDown

08 USER32!MLEditWndProc

0: kd> g

Breakpoint 36 hit

eax=00002010 ebx=007d574c ecx=004c0c9c edx=00000002 esi=007d55e4 edi=007d4c2c

eip=77cc1d3c esp=0006e198 ebp=0006e1c0 iopl=0 nv up ei pl zr na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

USER32!NtUserSetFocus:

001b:77cc1d3c b800120000 mov eax,1200h

0: kd> g

Breakpoint 37 hit

eax=000002a4 ebx=00000738 ecx=004c0c9c edx=01230658 esi=007d4c2c edi=00000111

eip=77cd49d4 esp=0006dffc ebp=0006e028 iopl=0 nv up ei pl zr na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

USER32!DefDlgProcWorker:

001b:77cd49d4 55 push ebp

0: kd> dv

pwnd = 0x007d4c2c

message = 0x111

wParam = 0x200096b

lParam = 0n65610

fAnsi = 0

hwnd = 0x00000000

result = 0n8211500

rc = {LT(1684369010, 669728) RB(690744, 0) [-1683678266 x -669728]}

0: kd> ?0n65610

Evaluate expression: 65610 = 0001004a

0: kd> kc

00 USER32!DefDlgProcWorker

01 USER32!SendMessageWorker

02 USER32!SendMessageW

03 USER32!ECNotifyParent
04 USER32!MLKillFocus

05 USER32!MLEditWndProc

06 USER32!EditWndProc

07 USER32!EditWndProcWorker

08 USER32!__fnDWORD

09 ntdll!KiUserCallbackDispatcher

0a nt!KiCallUserMode

0b nt!KeUserModeCallback

0c win32k!SfnDWORD

0d win32k!xxxSendMessageToClient

0e win32k!xxxSendMessageTimeout

0f win32k!xxxSendMessage

10 win32k!xxxSendFocusMessages

11 win32k!xxxSetFocus

12 win32k!NtUserSetFocus

13 nt!_KiSystemService

14 SharedUserData!SystemCallStub

15 ntdll!KiUserCallbackDispatcher

16 USER32!NtUserSetFocus

17 USER32!SendMessageWorker

18 USER32!SendMessageW

19 USER32!MLKeyDown

1a USER32!MLEditWndProc

1b USER32!EditWndProc

1c USER32!EditWndProcWorker

1d USER32!EditWndProcW

1e USER32!InternalCallWinProc

1f USER32!UserCallWinProcCheckWow

20 USER32!DispatchMessageWorker

21 USER32!DispatchMessageW

22 USER32!IsDialogMessageW

23 USER32!DialogBox2

24 USER32!InternalDialogBox

25 USER32!DialogBoxIndirectParamAorW

26 USER32!DialogBoxParamW

27 USER32!DialogBoxParamW_wrapper

28 winlogon!Fusion_DialogBoxParam

29 winlogon!TimeoutDialogBoxParam

2a winlogon!WlxDialogBoxParam

2b MSGINA!WelcomeDlgProc

2c winlogon!RootDlgProc

2d USER32!InternalCallWinProc

2e USER32!UserCallDlgProcCheckWow

2f USER32!DefDlgProcWorker

30 USER32!SendMessageWorker

31 USER32!SendMessageW

32 USER32!SendMessageW_wrapper

33 comctl32_6f610000!SendMessageD

34 comctl32_6f610000!CLink::SendNotify

35 comctl32_6f610000!CLink::Notify

36 comctl32_6f610000!CMarkup::DoNotify

37 comctl32_6f610000!CMarkup::OnButtonUp

38 comctl32_6f610000!CLink::WndProc

39 USER32!InternalCallWinProc

3a USER32!UserCallWinProcCheckWow

3b USER32!DispatchMessageWorker

3c USER32!DispatchMessageW

3d USER32!IsDialogMessageW

3e USER32!DialogBox2

3f USER32!InternalDialogBox

40 USER32!DialogBoxIndirectParamAorW

41 USER32!DialogBoxParamW

42 USER32!DialogBoxParamW_wrapper

43 winlogon!Fusion_DialogBoxParam

44 winlogon!TimeoutDialogBoxParam

45 winlogon!WlxDialogBoxParam

46 MSGINA!WlxDisplaySASNotice

47 winlogon!MainLoop

48 winlogon!WinMain

49 winlogon!WinMainCRTStartup

0: kd> kv 8

ChildEBP RetAddr Args to Child

00 0006dff8 77cbf87c 007d4c2c 00000111 0200096b USER32!DefDlgProcWorker (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\dlgmgr.c @ 474]

01 0006e028 77cc0743 007d4c2c 007d241c 0200096b USER32!SendMessageWorker+0x367 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clmsg.c @ 648]

02 0006e048 77cc6027 00010046 00000111 0200096b USER32!SendMessageW+0x70 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\cltxt.h @ 809]

03 0006e060 77d02e5e 012425ec 00000200 012425ec USER32!ECNotifyParent+0x27 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editec.c @ 2464]

04 0006e074 77ce1b96 012425ec 00000000 012425ec USER32!MLKillFocus+0x6a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editml.c @ 3379]

05 0006e0dc 77cc192e 0001004a 012425ec 00000008 USER32!MLEditWndProc+0x9f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editml.c @ 3634]

06 0006e120 77cc0f49 007d574c 00000008 00010048 USER32!EditWndProc+0x9de (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editec.c @ 3655]

07 0006e144 77cbe80c 0001004a 00000008 00010048 USER32!EditWndProcWorker+0x1c2 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editec.c @ 2888]

windbg> .open -a 77ce1b96

windbg> .open -a 77d02e5e

LRESULT MLEditWndProc(

HWND hwnd,

PED ped,

UINT message,

WPARAM wParam,

LPARAM lParam)

{

case WM_KILLFOCUS:

/*

* wParam - handle of the window that receives the input focus

* lParam - not used

*/

MLKillFocus(ped);

break;

void MLKillFocus(

PED ped)

{

HDC hdc;

/*

* Reset the wheel delta count.

*/

gcWheelDelta = 0;

if (ped->fFocus) {

ped->fFocus = 0; /* Clear focus */

/*

* Do this only if we still have the focus. But we always notify the

* parent that we lost the focus whether or not we originally had the

* focus.

*/

/*

* Hide the current selection if needed

*/

if (!ped->fNoHideSel && ped->ichMinSel != ped->ichMaxSel &&

_IsWindowVisible(ped->pwnd)) {

hdc = ECGetEditDC(ped, FALSE);

MLDrawText(ped, hdc, ped->ichMinSel, ped->ichMaxSel, TRUE);

ECReleaseEditDC(ped, hdc, FALSE);

}

/*

* Destroy the caret

*/
NtUserDestroyCaret(); //销毁光标。

}

/*

* Notify parent that we lost the focus.

*/
ECNotifyParent(ped, EN_KILLFOCUS);

}

0: kd> g

Breakpoint 42 hit

eax=000774bc ebx=00010046 ecx=000774c0 edx=00077418 esi=000774bc edi=00077418

eip=7509dea3 esp=0006dee8 ebp=0006df08 iopl=0 nv up ei ng nz ac pe cy

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297

MSGINA!HelpDlgProc:

001b:7509dea3 55 push ebp

0: kd> dv

hDlg = 0x00010046

message = 0x111

wParam = 0x200096b

lParam = 0n65610

hBoldFont = 0x020a0165

hbrWindow = 0x07100162

Value = 0x77b757b7

hwndAnim = 0x77bbba80

hwndHelpTitle = 0x77bbba80

lf = struct tagLOGFONTW

rc = {LT(224, 8214244) RB(2, 1) [-222 x -8214243]}

0: kd> ?0n65610

Evaluate expression: 65610 = 0001004a

WM_SETFOCUS 0x0007

0: kd> g

Breakpoint 41 hit

eax=0006e17c ebx=007d574c ecx=0006e16c edx=00000002 esi=007d55e4 edi=007d4c2c

eip=77cd3a17 esp=0006e148 ebp=0006e16c iopl=0 nv up ei pl zr na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

USER32!ButtonWndProcWorker:

001b:77cd3a17 55 push ebp

0: kd> dv

pwnd = 0x007d55e4

message = 7

wParam = 0x1004a

lParam = 0n0

fAnsi = 0

hdc = 0x00000000

hwnd = 0x007d574c

bsWnd = 0x7d55e4

fInit = 0n0

ps = struct tagPAINTSTRUCT

rc = {LT(65610, 19146220) RB(8, 65608) [-65602 x -19080612]}

hbr = 0x007d4c2c

0: kd> kc

00 USER32!ButtonWndProcWorker

01 USER32!__fnDWORD

02 ntdll!KiUserCallbackDispatcher

03 nt!KiCallUserMode

04 nt!KeUserModeCallback

05 win32k!SfnDWORD

06 win32k!xxxSendMessageToClient

07 win32k!xxxSendMessageTimeout

08 win32k!xxxSendMessage

09 win32k!xxxSendFocusMessages

0a win32k!xxxSetFocus

0b win32k!NtUserSetFocus

0c nt!_KiSystemService

0d SharedUserData!SystemCallStub

0e ntdll!KiUserCallbackDispatcher

0f USER32!NtUserSetFocus

10 USER32!SendMessageWorker

11 USER32!SendMessageW

12 USER32!MLKeyDown

13 USER32!MLEditWndProc

14 USER32!EditWndProc

15 USER32!EditWndProcWorker

16 USER32!EditWndProcW

17 USER32!InternalCallWinProc

18 USER32!UserCallWinProcCheckWow

19 USER32!DispatchMessageWorker

1a USER32!DispatchMessageW

1b USER32!IsDialogMessageW

1c USER32!DialogBox2

1d USER32!InternalDialogBox

1e USER32!DialogBoxIndirectParamAorW

1f USER32!DialogBoxParamW

20 USER32!DialogBoxParamW_wrapper

21 winlogon!Fusion_DialogBoxParam

22 winlogon!TimeoutDialogBoxParam

23 winlogon!WlxDialogBoxParam

24 MSGINA!WelcomeDlgProc

25 winlogon!RootDlgProc

26 USER32!InternalCallWinProc

27 USER32!UserCallDlgProcCheckWow

28 USER32!DefDlgProcWorker

29 USER32!SendMessageWorker

2a USER32!SendMessageW

2b USER32!SendMessageW_wrapper

2c comctl32_6f610000!SendMessageD

2d comctl32_6f610000!CLink::SendNotify

2e comctl32_6f610000!CLink::Notify

2f comctl32_6f610000!CMarkup::DoNotify

30 comctl32_6f610000!CMarkup::OnButtonUp

31 comctl32_6f610000!CLink::WndProc

32 USER32!InternalCallWinProc

33 USER32!UserCallWinProcCheckWow

34 USER32!DispatchMessageWorker

35 USER32!DispatchMessageW

36 USER32!IsDialogMessageW

37 USER32!DialogBox2

38 USER32!InternalDialogBox

39 USER32!DialogBoxIndirectParamAorW

3a USER32!DialogBoxParamW

3b USER32!DialogBoxParamW_wrapper

3c winlogon!Fusion_DialogBoxParam

3d winlogon!TimeoutDialogBoxParam

3e winlogon!WlxDialogBoxParam

3f MSGINA!WlxDisplaySASNotice

40 winlogon!MainLoop

41 winlogon!WinMain

42 winlogon!WinMainCRTStartup

0: kd> kv

ChildEBP RetAddr Args to Child

00 0006e144 77cbe80c 007d55e4 00000007 0001004a USER32!ButtonWndProcWorker (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\btnctl.c @ 1355]

01 0006e16c 77f5448f 0006e17c 00000018 007d55e4 USER32!__fnDWORD+0x22 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\inc\ntcb.h @ 639]

02 0006e16c 80a3f168 0006e17c 00000018 007d55e4 ntdll!KiUserCallbackDispatcher+0x13 (FPO: [0,0,0]) [d:\srv03rtm\base\ntos\rtl\i386\userdisp.asm @ 153]

03 f75b6ae4 80cc5b26 f75b6bac f75b6bb0 e1401a68 nt!KiCallUserMode+0x4 (FPO: [2,3,4]) [d:\srv03rtm\base\ntos\ke\i386\callout.asm @ 109]

04 f75b6b3c bf807bfa 00000002 f75b6b8c 00000018 nt!KeUserModeCallback+0xc6 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\i386\callback.c @ 127]

05 f75b6bd4 bf8fa60b bc6455e4 00000007 0001004a win32k!SfnDWORD+0x121 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\inc\ntcb.h @ 618]

06 f75b6c2c bf804176 026455e4 00000007 0001004a win32k!xxxSendMessageToClient+0x151 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\sendmsg.c @ 839]

07 f75b6c7c bf80edea bc6455e4 00000007 0001004a win32k!xxxSendMessageTimeout+0x22d (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\sendmsg.c @ 1039]

08 f75b6ca0 bf820b41 bc6455e4 00000007 0001004a win32k!xxxSendMessage+0x19 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\sendmsg.c @ 760]

09 f75b6ce0 bf820d52 bc64574c bc6455e4 bf820ed3 win32k!xxxSendFocusMessages+0x19f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\focusact.c @ 302]

0a f75b6d1c bf820f0f bc6455e4 f75b6d58 0006e1a0 win32k!xxxSetFocus+0x201 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\focusact.c @ 1928]

0b f75b6d4c 80afbcb2 00010048 804ecc4a 00000000 win32k!NtUserSetFocus+0x3c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 6006]

0c f75b6d4c 7ffe0304 00010048 804ecc4a 00000000 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ f75b6d64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]

0d 0006e16c 77f5448f 0006e17c 00000018 007d55e4 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])

0e 0006e190 77cc1d48 77cd4ddf 00010048 00000028 ntdll!KiUserCallbackDispatcher+0x13 (FPO: [0,0,0]) [d:\srv03rtm\base\ntos\rtl\i386\userdisp.asm @ 153]

0f 0006e1c0 77cbf93f 00000000 00000028 00000000 USER32!NtUserSetFocus+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 4203]

10 0006e1f0 77cc0743 007d4c2c 007d241c 00000000 USER32!SendMessageWorker+0x42a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clmsg.c @ 674]

11 0006e210 77d03bd0 00010046 00000028 00000000 USER32!SendMessageW+0x70 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\cltxt.h @ 809]

12 0006e248 77ce1fb8 000000d6 00000009 00000000 USER32!MLKeyDown+0x403 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editml.c @ 2483]

13 0006e2b8 77cc192e 0001004a 012425ec 00000100 USER32!MLEditWndProc+0x4c1 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editml.c @ 3625]

14 0006e2fc 77cc0f49 007d574c 00000100 00000009 USER32!EditWndProc+0x9de (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editec.c @ 3655]

15 0006e320 77d012b6 0001004a 00000100 00000009 USER32!EditWndProcWorker+0x1c2 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editec.c @ 2888]

16 0006e340 77ce7ee3 0001004a 00000100 00000009 USER32!EditWndProcW+0x4a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\editec.c @ 2847]

17 0006e36c 77cf2bff 77d0126c 0001004a 00000100 USER32!InternalCallWinProc+0x1b [d:\srv03rtm\windows\core\ntuser\client\i386\callproc.asm @ 102]

18 0006e3e4 77cbe3db 00000000 77d0126c 0001004a USER32!UserCallWinProcCheckWow+0x151 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clmsg.c @ 165]

19 0006e44c 77cc4014 0006e49c 00000000 0006e480 USER32!DispatchMessageWorker+0x3e3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clmsg.c @ 2497]

0: kd> g

Breakpoint 37 hit

eax=0006e078 ebx=77d2db01 ecx=0006e068 edx=00000002 esi=007d55e4 edi=0123083c

eip=77cd49d4 esp=0006e044 ebp=0006e068 iopl=0 nv up ei pl zr na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

USER32!DefDlgProcWorker:

001b:77cd49d4 55 push ebp

0: kd> dv

pwnd = 0x007d4c2c

message = 0x135

wParam = 0x1010056

lParam = 0n65608

fAnsi = 0

hwnd = 0x0001004a

result = 0n8211500

rc = {LT(2009859907, 8211500) RB(8201244, 33556843) [-2001658663 x 25345343]}

0: kd> g

Breakpoint 42 hit

eax=000774bc ebx=00010046 ecx=000774c0 edx=00077418 esi=000774bc edi=00077418

eip=7509dea3 esp=0006df30 ebp=0006df50 iopl=0 nv up ei ng nz ac po cy

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000293

MSGINA!HelpDlgProc:

001b:7509dea3 55 push ebp

0: kd> dv

hDlg = 0x00010046

message = 0x135

wParam = 0x1010056

lParam = 0n65608

hBoldFont = 0x020a0165

hbrWindow = 0x07100162

Value = 0x77cc44d2

hwndAnim = 0x0006df80

hwndHelpTitle = 0x0006df80

lf = struct tagLOGFONTW

rc = {LT(450284, 2009875574) RB(8211500, 8) [7761216 x -2009875566]}

0: kd> g

Breakpoint 53 hit

eax=01010056 ebx=01010056 ecx=00000000 edx=7ffe0304 esi=0123083c edi=007d55e4

eip=77cd7c79 esp=0006e0c4 ebp=0006e144 iopl=0 nv up ei pl nz na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

USER32!xxxBNDrawText:

001b:77cd7c79 55 push ebp

0: kd> kc

00 USER32!xxxBNDrawText

01 USER32!ButtonWndProcWorker

02 USER32!__fnDWORD

03 ntdll!KiUserCallbackDispatcher

04 nt!KiCallUserMode

05 nt!KeUserModeCallback

06 win32k!SfnDWORD

07 win32k!xxxSendMessageToClient

08 win32k!xxxSendMessageTimeout

09 win32k!xxxSendMessage

0a win32k!xxxSendFocusMessages

0b win32k!xxxSetFocus

0c win32k!NtUserSetFocus

0d nt!_KiSystemService

0e SharedUserData!SystemCallStub

0f ntdll!KiUserCallbackDispatcher

10 USER32!NtUserSetFocus

11 USER32!SendMessageWorker

12 USER32!SendMessageW

13 USER32!MLKeyDown

14 USER32!MLEditWndProc

15 USER32!EditWndProc

16 USER32!EditWndProcWorker

17 USER32!EditWndProcW

18 USER32!InternalCallWinProc

19 USER32!UserCallWinProcCheckWow

1a USER32!DispatchMessageWorker

1b USER32!DispatchMessageW

1c USER32!IsDialogMessageW

1d USER32!DialogBox2

1e USER32!InternalDialogBox

1f USER32!DialogBoxIndirectParamAorW

20 USER32!DialogBoxParamW

21 USER32!DialogBoxParamW_wrapper

22 winlogon!Fusion_DialogBoxParam

23 winlogon!TimeoutDialogBoxParam

24 winlogon!WlxDialogBoxParam

25 MSGINA!WelcomeDlgProc

26 winlogon!RootDlgProc

27 USER32!InternalCallWinProc

28 USER32!UserCallDlgProcCheckWow

29 USER32!DefDlgProcWorker

2a USER32!SendMessageWorker

2b USER32!SendMessageW

2c USER32!SendMessageW_wrapper

2d comctl32_6f610000!SendMessageD

2e comctl32_6f610000!CLink::SendNotify

2f comctl32_6f610000!CLink::Notify

30 comctl32_6f610000!CMarkup::DoNotify

31 comctl32_6f610000!CMarkup::OnButtonUp

32 comctl32_6f610000!CLink::WndProc

33 USER32!InternalCallWinProc

34 USER32!UserCallWinProcCheckWow

35 USER32!DispatchMessageWorker

36 USER32!DispatchMessageW

37 USER32!IsDialogMessageW

38 USER32!DialogBox2

39 USER32!InternalDialogBox

3a USER32!DialogBoxIndirectParamAorW

3b USER32!DialogBoxParamW

3c USER32!DialogBoxParamW_wrapper

3d winlogon!Fusion_DialogBoxParam

3e winlogon!TimeoutDialogBoxParam

3f winlogon!WlxDialogBoxParam

40 MSGINA!WlxDisplaySASNotice

41 winlogon!MainLoop

42 winlogon!WinMain

43 winlogon!WinMainCRTStartup

0: kd> kv 12

ChildEBP RetAddr Args to Child

00 0006e0c0 77cd3d21 0123083c 01010056 00000002 USER32!xxxBNDrawText (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\btnctl.c @ 739]

01 0006e144 77cbe80c 00000001 00000007 0001004a USER32!ButtonWndProcWorker+0x30a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\btnctl.c @ 1435]

02 0006e16c 77f5448f 0006e17c 00000018 007d55e4 USER32!__fnDWORD+0x22 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\inc\ntcb.h @ 639]

03 0006e16c 80a3f168 0006e17c 00000018 007d55e4 ntdll!KiUserCallbackDispatcher+0x13 (FPO: [0,0,0]) [d:\srv03rtm\base\ntos\rtl\i386\userdisp.asm @ 153]

04 f75b6ae4 80cc5b26 f75b6bac f75b6bb0 e1401a68 nt!KiCallUserMode+0x4 (FPO: [2,3,4]) [d:\srv03rtm\base\ntos\ke\i386\callout.asm @ 109]

05 f75b6b3c bf807bfa 00000002 f75b6b8c 00000018 nt!KeUserModeCallback+0xc6 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\i386\callback.c @ 127]

06 f75b6bd4 bf8fa60b bc6455e4 00000007 0001004a win32k!SfnDWORD+0x121 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\inc\ntcb.h @ 618]

07 f75b6c2c bf804176 026455e4 00000007 0001004a win32k!xxxSendMessageToClient+0x151 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\sendmsg.c @ 839]

08 f75b6c7c bf80edea bc6455e4 00000007 0001004a win32k!xxxSendMessageTimeout+0x22d (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\sendmsg.c @ 1039]

09 f75b6ca0 bf820b41 bc6455e4 00000007 0001004a win32k!xxxSendMessage+0x19 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\sendmsg.c @ 760]

0a f75b6ce0 bf820d52 bc64574c bc6455e4 bf820ed3 win32k!xxxSendFocusMessages+0x19f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\focusact.c @ 302]

0b f75b6d1c bf820f0f bc6455e4 f75b6d58 0006e1a0 win32k!xxxSetFocus+0x201 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\focusact.c @ 1928]

0c f75b6d4c 80afbcb2 00010048 804ecc4a 00000000 win32k!NtUserSetFocus+0x3c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 6006]

0d f75b6d4c 7ffe0304 00010048 804ecc4a 00000000 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ f75b6d64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]

0e 0006e16c 77f5448f 0006e17c 00000018 007d55e4 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])

0f 0006e190 77cc1d48 77cd4ddf 00010048 00000028 ntdll!KiUserCallbackDispatcher+0x13 (FPO: [0,0,0]) [d:\srv03rtm\base\ntos\rtl\i386\userdisp.asm @ 153]

10 0006e1c0 77cbf93f 00000000 00000028 00000000 USER32!NtUserSetFocus+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 4203]

11 0006e1f0 77cc0743 007d4c2c 007d241c 00000000 USER32!SendMessageWorker+0x42a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\client\clmsg.c @ 674]

0: kd> dv

pbutn = 0x0123083c

hdc = 0x01010056

dbt = 0n2

fDepress = 0n0

dsFlags = 0x77cd8490

cy = 0n17825880

cch = 0n16842838

lpName = 0x00000000

cx = 0n75

bdt = struct tagBTNDATA

pbfPush = 0x77cd7c51

x = 0n16842838

y = 0n16842838

rc = {LT(0, 0) RB(75, 23) [75 x 23]}

hbr = 0x00000000

bStyle = 0x01 ''

bmp = struct tagBITMAP

size = struct tagSIZE

rcClient = {LT(16842838, 2010307488) RB(450760, 2009957520) [-16392078 x -349968]}

0: kd> dx -id 0,0,894d43e0 -r1 ((win32k!tagQ *)0xe13d2de0)

((win32k!tagQ *)0xe13d2de0) : 0xe13d2de0 [Type: tagQ *]

+0x000\] mlInput \[Type: tagMLIST

+0x00c\] ptiSysLock : 0xe1401a68 \[Type: tagTHREADINFO \*

+0x010\] idSysLock : 0xe17c2528 \[Type: unsigned long

+0x014\] idSysPeek : 0x0 \[Type: unsigned long

+0x018\] ptiMouse : 0xe1401a68 \[Type: tagTHREADINFO \*

+0x01c\] ptiKeyboard : 0xe1401a68 \[Type: tagTHREADINFO \*

+0x020\] spwndCapture : 0x0 \[Type: tagWND \*

[+0x024] spwndFocus : 0xbc6455e4 [Type: tagWND *] OK按钮
[+0x028] spwndActive : 0xbc644c2c [Type: tagWND *] Logon Help对话框

+0x02c\] spwndActivePrev : 0xbc643aac \[Type: tagWND \*