statemachinerun

sitelist17 天前
statemachinerun
winlogon!StateMachineRun函数里面的kernel32!WaitForSingleObject函数分析kd> g Breakpoint 16 hit winlogon!StateMachineRun+0x3b4: 001b:009ef194 8b150c40a000 mov edx,dword ptr [winlogon!WPP_GLOBAL_Control (00a0400c)] kd> p winlogon!StateMachineRun+0x3ba: 001b:009ef19a 837b0800 cmp dword ptr [ebx+8],0 kd> p winlogon!StateMachineR
sitelist19 天前
statemachinerun·eric_cad_state·g_xwlgeneric
winlogon!StateMachineRun函数会用到核心数据结构winlogon中的重要全局状态机状态数组第0部分:kd> g Breakpoint 0 hit winlogon!WMsgKMessageHandler: 001b:009cf97b 8bff mov edi,edi kd> g Breakpoint 8 hit winlogon!WlStateMachineSetSignal: 001b:009d0bc1 8bff mov edi,edi kd> g Breakpoint 2 hit winlogon!SignalManagerSetSignal: 001b:009efe64 6a1c pus
sitelist20 天前
statemachinerun·wlstatemachine
win7winlogon!WinMain调试记录第三部分到中心函数winlogon!WlStateMachineRunkd> p winlogon!WinMain+0x968: 001b:0057eabb 8945e4 mov dword ptr [ebp-1Ch],eax kd> p winlogon!WinMain+0x96b: 001b:0057eabe 6880175700 push offset winlogon!WLEvt_StartLogonUI_Stop (00571780) kd> p winlogon!WinMain+0x970: 001b:0057eac3 e863f5ffff call winlo
sitelist21 天前
statemachinerun·waitforlsmstart·wppstart
win7下winlogon.exe调试记录第一部分:kd> !PROCESS fffffa8021520630 PROCESS fffffa8021520630 SessionId: 1 Cid: 01fc Peb: 7fffffd9000 ParentCid: 018c DirBase: 4fafa000 ObjectTable: fffff8a000e6b920 HandleCount: 0. Image: winlogon.exe VadRoot fffffa8021522d30 Vads 10 Clone 0 Private 15. Mo
我是有底线的