winlogon!WLGeneric_Logon_ReportFailedResult_Execute函数分析到authui!WluirReportResult

原创 于 2025-10-17 17:40:51 发布 · 412 阅读 · 5 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#ReportResult #WluirReportRes

winlogon!WLGeneric_Logon_ReportFailedResult_Execute函数分析到authui!WluirReportResult
kd> g
Breakpoint 27 hit
winlogon!WLGeneric_Logon_ReportFailedResult_Execute:
001b:005834a8 6a1c            push    1Ch
kd> kc
 #
00 winlogon!WLGeneric_Logon_ReportFailedResult_Execute
01 winlogon!StateMachineWorkerCallback
02 ntdll!TppWorkpExecuteCallback
03 ntdll!TppWorkerThread
04 kernel32!BaseThreadInitThunk
05 ntdll!__RtlUserThreadStart
06 ntdll!_RtlUserThreadStart

kd> p
eax=00a0f654 ebx=00000000 ecx=00597d45 edx=00000a3c esi=005b46f8 edi=005b400c
eip=0058354c esp=00a0f600 ebp=00a0f64c iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
winlogon!WLGeneric_Logon_ReportFailedResult_Execute+0xa4:
001b:0058354c e8a890ffff      call    winlogon!ReportResult (0057c5f9)
kd> t
eax=00a0f654 ebx=00000000 ecx=00597d45 edx=00000a3c esi=005b46f8 edi=005b400c
eip=0057c5f9 esp=00a0f5fc ebp=00a0f64c iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
winlogon!ReportResult:
001b:0057c5f9 8bff            mov     edi,edi
kd> kc
 #
00 winlogon!ReportResult
01 winlogon!WLGeneric_Logon_ReportFailedResult_Execute
02 winlogon!StateMachineWorkerCallback
03 ntdll!TppWorkpExecuteCallback
04 ntdll!TppWorkerThread
05 kernel32!BaseThreadInitThunk
06 ntdll!__RtlUserThreadStart
07 ntdll!_RtlUserThreadStart

kd> p
eax=00000000 ebx=00000000 ecx=00352698 edx=00000a3c esi=005b4708 edi=00a0f62c
eip=0057c628 esp=00a0f5d8 ebp=00a0f5f8 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
winlogon!ReportResult+0x2f:
001b:0057c628 e861920200      call    winlogon!WluiReportResult (005a588e)
kd> t
eax=00000000 ebx=00000000 ecx=00352698 edx=00000a3c esi=005b4708 edi=00a0f62c
eip=005a588e esp=00a0f5d4 ebp=00a0f5f8 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
winlogon!WluiReportResult:
001b:005a588e 6840020000      push    240h
kd> kc
 #
00 winlogon!WluiReportResult
01 winlogon!ReportResult
02 winlogon!WLGeneric_Logon_ReportFailedResult_Execute
03 winlogon!StateMachineWorkerCallback
04 ntdll!TppWorkpExecuteCallback
05 ntdll!TppWorkerThread
06 kernel32!BaseThreadInitThunk
07 ntdll!__RtlUserThreadStart
08 ntdll!_RtlUserThreadStart

kd> t
eax=00000001 ebx=005b4708 ecx=00000000 edx=00000a3c esi=00a0f654 edi=00000015
eip=005a50e5 esp=00a0f36c ebp=00a0f5d0 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
winlogon!WluiStartup+0x73:
001b:005a50e5 8bff            mov     edi,edi
kd> kc
 #
00 winlogon!WluiStartup
01 winlogon!WluiReportResult
02 winlogon!ReportResult
03 winlogon!WLGeneric_Logon_ReportFailedResult_Execute
04 winlogon!StateMachineWorkerCallback
05 ntdll!TppWorkpExecuteCallback
06 ntdll!TppWorkerThread
07 kernel32!BaseThreadInitThunk
08 ntdll!__RtlUserThreadStart
09 ntdll!_RtlUserThreadStart


kd> t
eax=00a0f390 ebx=005b4708 ecx=74c225eb edx=76cea084 esi=00a0f654 edi=00000015
eip=005a5c5f esp=00a0f34c ebp=00a0f5d0 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
winlogon!ClientWluirReportResult:
001b:005a5c5f 8bff            mov     edi,edi
kd> kc
 #
00 winlogon!ClientWluirReportResult
01 winlogon!WluiReportResult
02 winlogon!ReportResult
03 winlogon!WLGeneric_Logon_ReportFailedResult_Execute
04 winlogon!StateMachineWorkerCallback
05 ntdll!TppWorkpExecuteCallback
06 ntdll!TppWorkerThread
07 kernel32!BaseThreadInitThunk
08 ntdll!__RtlUserThreadStart
09 ntdll!_RtlUserThreadStart


kd> p
eax=00a0f350 ebx=005b4708 ecx=74c225eb edx=76cea084 esi=00a0f654 edi=00000015
eip=005a5c6e esp=00a0f33c ebp=00a0f348 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
winlogon!ClientWluirReportResult+0xf:
001b:005a5c6e 68087b5700      push    offset winlogon!`string'+0x538 (00577b08)
kd> p
eax=00a0f350 ebx=005b4708 ecx=74c225eb edx=76cea084 esi=00a0f654 edi=00000015
eip=005a5c73 esp=00a0f338 ebp=00a0f348 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
winlogon!ClientWluirReportResult+0x14:
001b:005a5c73 e862320000      call    winlogon!NdrClientCall2 (005a8eda)
kd> g
Breakpoint 28 hit
eax=7160e9e0 ebx=0000000b ecx=715b4dfc edx=00000000 esi=00000008 edi=02e7f318
eip=7712ab24 esp=02e7f130 ebp=02e7f534 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
RPCRT4!Invoke:
001b:7712ab24 55              push    ebp
kd> kc
 #
00 RPCRT4!Invoke
01 RPCRT4!NdrStubCall2
02 RPCRT4!NdrServerCall2
03 RPCRT4!DispatchToStubInCNoAvrf
04 RPCRT4!RPC_INTERFACE::DispatchToStubWorker
05 RPCRT4!RPC_INTERFACE::DispatchToStub
06 RPCRT4!RPC_INTERFACE::DispatchToStubWithObject
07 RPCRT4!LRPC_SCALL::DispatchRequest
08 RPCRT4!LRPC_SCALL::QueueOrDispatchCall
09 RPCRT4!LRPC_SCALL::HandleRequest
0a RPCRT4!LRPC_SASSOCIATION::HandleRequest
0b RPCRT4!LRPC_ADDRESS::HandleRequest
0c RPCRT4!LRPC_ADDRESS::ProcessIO
0d RPCRT4!LrpcServerIoHandler
0e RPCRT4!LrpcIoComplete
0f ntdll!TppAlpcpExecuteCallback
10 ntdll!TppWorkerThread
11 kernel32!BaseThreadInitThunk
12 ntdll!__RtlUserThreadStart
13 ntdll!_RtlUserThreadStart


PROCESS 87dc8030  SessionId: 2  Cid: 0dd8    Peb: 7ffd6000  ParentCid: 097c
    DirBase: 7cc9e040  ObjectTable: 9bec1d38  HandleCount: 175.
    Image: LogonUI.exe


kd> g
Breakpoint 29 hit
eax=7160e9e0 ebx=0000000b ecx=00000000 edx=00000000 esi=02e7f314 edi=02e7f0fc
eip=7160e9e0 esp=02e7f0fc ebp=02e7f12c iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
authui!WluirReportResult:
001b:7160e9e0 8bff            mov     edi,edi
kd> kc
 #
00 authui!WluirReportResult
01 RPCRT4!Invoke
02 RPCRT4!NdrStubCall2
03 RPCRT4!NdrServerCall2
04 RPCRT4!DispatchToStubInCNoAvrf
05 RPCRT4!RPC_INTERFACE::DispatchToStubWorker
06 RPCRT4!RPC_INTERFACE::DispatchToStub
07 RPCRT4!RPC_INTERFACE::DispatchToStubWithObject
08 RPCRT4!LRPC_SCALL::DispatchRequest
09 RPCRT4!LRPC_SCALL::QueueOrDispatchCall
0a RPCRT4!LRPC_SCALL::HandleRequest
0b RPCRT4!LRPC_SASSOCIATION::HandleRequest
0c RPCRT4!LRPC_ADDRESS::HandleRequest
0d RPCRT4!LRPC_ADDRESS::ProcessIO
0e RPCRT4!LrpcServerIoHandler
0f RPCRT4!LrpcIoComplete
10 ntdll!TppAlpcpExecuteCallback
11 ntdll!TppWorkerThread
12 kernel32!BaseThreadInitThunk
13 ntdll!__RtlUserThreadStart
14 ntdll!_RtlUserThreadStart

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值