DWORD
ScreenSaverCallback(
PVOID Parameter
)
{
PSCREEN_SAVER_DATA pScreenSaverData = (PSCREEN_SAVER_DATA) Parameter ;
if (pScreenSaverData->pTerm->MuGlobals.field_E70 && bReconEventSignalled) {
SendMessage( pScreenSaverData->hDlg, WLX_WM_SCREENSAVER_DIED, 0, 0 );
} else {
PostMessage( pScreenSaverData->hDlg, WLX_WM_SCREENSAVER_DIED, 0, 0 );
}
return 0 ;
}
INT_PTR WINAPI
ScreenSaverDlgProc(
HWND hDlg,
UINT message,
WPARAM wParam,
LPARAM lParam
)
{
case WLX_WM_SCREENSAVER_DIED:
EndDialog( hDlg, pScreenSaverData->ReturnValue );
if ( !ReturnFromPowerState )
{
DisableSasMessages();
}
return TRUE ;
}
// We didn't process this message
return FALSE;
}
1: kd> dt SCREEN_SAVER_DATA 0x0006fa6c
winlogon!SCREEN_SAVER_DATA
+0x000 pTerm : 0x00077418 _TERMINAL
+0x004 fSecure : 0n1
+0x008 fEnabled : 0n1
+0x00c ScreenSaverName : 0x0123c730 -> 0x43
+0x010 SasInterrupt : 3
+0x014 WeKilledIt : 0n0
+0x018 hDlg : 0x000d00b6 HWND__
+0x01c Job : 0x01232118 _WINLOGON_JOB
+0x020 ReturnValue : 0n1
+0x024 DesktopPath : 0x0122eb58 -> 0x57
+0x028 fAutoReturnToWelcome : 0n1
1: kd> db 0x0123c730
0123c730 43 00 3a 00 5c 00 57 00-49 00 4e 00 44 00 4f 00 C.:..W.I.N.D.O.
0123c740 57 00 53 00 5c 00 73 00-79 00 73 00 74 00 65 00 W.S..s.y.s.t.e.
0123c750 6d 00 33 00 32 00 5c 00-73 00 63 00 72 00 6e 00 m.3.2..s.c.r.n.
0123c760 73 00 61 00 76 00 65 00-2e 00 73 00 63 00 72 00 s.a.v.e…s.c.r.
0123c770 20 00 2f 00 73 00 00 00-02 00 0a 00 ad 00 0c 01 ./.s………..
1: kd> x win32k!gshare*
bfa70580 win32k!gSharedInfo = struct tagSHAREDINFO
1: kd> dx -id 0,0,89413020 -r1 (*((win32k!tagSHAREDINFO *)0xbfa70580))
(*((win32k!tagSHAREDINFO *)0xbfa70580)) [Type: tagSHAREDINFO]
[+0x000] psi : 0xbc610c9c [Type: tagSERVERINFO *]
[+0x004] aheList : 0xbc510000 [Type: _HANDLEENTRY *]
[+0x008] pDispInfo : 0xbc611c8c [Type: tagDISPLAYINFO *]
[+0x00c] ulSharedDelta : 0x0 [Type: unsigned int]
[+0x010] awmControl [Type: _WNDMSG [31]]
[+0x108] DefWindowMsgs [Type: _WNDMSG]
[+0x110] DefWindowSpecMsgs [Type: _WNDMSG]
1: kd> dx -id 0,0,89413020 -r1 ((win32k!_HANDLEENTRY *)0xbc510000)
((win32k!_HANDLEENTRY *)0xbc510000) : 0xbc510000 [Type: _HANDLEENTRY *]
[+0x000] phead : 0x0 [Type: _HEAD *]
[+0x004] pOwner : 0x0 [Type: void *]
[+0x008] bType : 0x0 [Type: unsigned char]
[+0x009] bFlags : 0x0 [Type: unsigned char]
[+0x00a] wUniq : 0x1 [Type: unsigned short]
[+0x00c] plr : 0x0 [Type: _LOCKRECORD *]
1: kd> dt win32k!_HANDLEENTRY 0xbc510000+b60
+0x000 phead : 0xbc643a24 _HEAD
+0x004 pOwner : 0xe1404c50 Void
+0x008 bType : 0x1 ''
+0x009 bFlags : 0 ''
+0x00a wUniq : 0xd
+0x00c plr : (null)
1: kd> dx -id 0,0,89413020 -r1 ((win32k!_HEAD *)0xbc643a24)
((win32k!_HEAD *)0xbc643a24) : 0xbc643a24 [Type: _HEAD *]
[+0x000] h : 0xd00b6 [Type: void *]
[+0x004] cLockObj : 0x5 [Type: unsigned long]
#define TYPE_WINDOW 1 // in order of use for C code lookups
D:srv03rtmwindowscore/ntuser/kernel/handtabl.c:1100: pheT->pOwner = ptiOwner->ppi;
1: kd> dt tagTHREADINFO 0xe1404c50
win32k!tagTHREADINFO
+0x000 pEThread : 0x897f2020 _ETHREAD
+0x004 RefCount : 1
+0x008 ptlW32 : (null)
+0x00c pgdiDcattr : 0x005e0570 Void
+0x010 pgdiBrushAttr : (null)
+0x014 pUMPDObjs : (null)
+0x018 pUMPDHeap : (null)
+0x01c pUMPDObj : (null)
+0x020 GdiTmpAllocList : _LIST_ENTRY [ 0xe1404c70 – 0xe1404c70 ]
+0x028 ptl : (null)
+0x02c ppi : 0xe1619070 tagPROCESSINFO
+0x030 pq : 0xe1630530 tagQ
+0x034 spklActive : 0xe13e6bb8 tagKL
+0x038 pcti : 0xbc64373c tagCLIENTTHREADINFO
+0x03c rpdesk : 0x894da378 tagDESKTOP
+0x040 pDeskInfo : 0xbc640c9c tagDESKTOPINFO
+0x044 ulClientDelta : 0xbbe70000
+0x048 pClientInfo : 0x7ffde6cc tagCLIENTINFO
+0x04c TIF_flags : 0x1100000
+0x050 pstrAppName : (null)
+0x054 psmsSent : (null)
+0x058 psmsCurrent : (null)
+0x05c psmsReceiveList : (null)
+0x060 timeLast : 0n-1608875
+0x064 idLast : 0xe2fd75f8
+0x068 exitCode : 0n0
+0x06c hdesk : 0x000002a4 HDESK__
+0x070 cPaintsReady : 0n0
+0x074 cTimersReady : 0
+0x078 pMenuState : (null)
+0x07c ptdb : (null)
+0x07c pwinsta : (null)
+0x080 psiiList : (null)
+0x084 dwExpWinVer : 0x400
+0x088 dwCompatFlags : 0
+0x08c dwCompatFlags2 : 0
+0x090 pqAttach : (null)
+0x094 ptiSibling : (null)
+0x098 pmsd : (null)
+0x09c fsHooks : 0
+0x0a0 sphkCurrent : (null)
+0x0a4 pSBTrack : (null)
+0x0a8 hEventQueueClient : 0x000000cc Void
+0x0ac pEventQueueServer : 0x894e9610 _KEVENT
+0x0b0 PtiLink : _LIST_ENTRY [ 0xe2fd5278 – 0xe17af0c8 ]
+0x0b8 iCursorLevel : 0n0
+0x0bc ptLast : tagPOINT
+0x0c4 spwndDefaultIme : (null)
+0x0c8 spDefaultImc : (null)
+0x0cc hklPrev : (null)
+0x0d0 cEnterCount : 0n0
+0x0d4 mlPost : tagMLIST
+0x0e0 fsChangeBitsRemoved : 0x108
+0x0e2 wchInjected : 0
+0x0e4 fsReserveKeys : 0
+0x0e8 apEvent : (null)
+0x0ec amdesk : 0xf01ff
+0x0f0 cWindows : 5
+0x0f4 cVisWindows : 1
+0x0f8 aphkStart : [16] (null)
+0x138 cti : tagCLIENTTHREADINFO
+0x14c hPrevHidData : (null)
+0x150 cNestedCalls : 1
1: kd> dt ETHREAD 0x897f2020
ntdll!ETHREAD
+0x000 Tcb : _KTHREAD
+0x1c8 CreateTime : _LARGE_INTEGER 0x0ee25980`bcd34e10
+0x1c8 NestedFaultCount : 0y00
+0x1c8 ApcNeeded : 0y0
+0x1d0 ExitTime : _LARGE_INTEGER 0x897f21f0`897f21f0
+0x1d0 LpcReplyChain : _LIST_ENTRY [ 0x897f21f0 – 0x897f21f0 ]
+0x1d0 KeyedWaitChain : _LIST_ENTRY [ 0x897f21f0 – 0x897f21f0 ]
+0x1d8 ExitStatus : 0n0
+0x1d8 OfsChain : (null)
+0x1dc PostBlockList : _LIST_ENTRY [ 0xe1802844 – 0xe16198a4 ]
+0x1e4 TerminationPort : 0xe127fb40 _TERMINATION_PORT
+0x1e4 ReaperLink : 0xe127fb40 _ETHREAD
+0x1e4 KeyedWaitValue : 0xe127fb40 Void
+0x1e8 ActiveTimerListLock : 0
+0x1ec ActiveTimerListHead : _LIST_ENTRY [ 0x897f220c – 0x897f220c ]
+0x1f4 Cid : _CLIENT_ID
+0x1fc LpcReplySemaphore : _KSEMAPHORE
+0x1fc KeyedWaitSemaphore : _KSEMAPHORE
+0x210 LpcReplyMessage : (null)
+0x210 LpcWaitingOnPort : (null)
+0x214 ImpersonationInfo : 0xe18646a0 _PS_IMPERSONATION_INFORMATION
+0x218 IrpList : _LIST_ENTRY [ 0x89590168 – 0x89590168 ]
+0x220 TopLevelIrp : 0
+0x224 DeviceToVerify : (null)
+0x228 ThreadsProcess : 0x89413020 _EPROCESS
+0x22c StartAddress : 0x0102ec44 Void
+0x230 Win32StartAddress : (null)
+0x230 LpcReceivedMessageId : 0
+0x234 ThreadListEntry : _LIST_ENTRY [ 0x8951249c – 0x89413190 ]
+0x23c RundownProtect : _EX_RUNDOWN_REF
+0x240 ThreadLock : _EX_PUSH_LOCK
+0x244 LpcReplyMessageId : 0
+0x248 ReadClusterSize : 7
+0x24c GrantedAccess : 0x1f03ff
+0x250 CrossThreadFlags : 0
+0x250 Terminated : 0y0
+0x250 DeadThread : 0y0
+0x250 HideFromDebugger : 0y0
+0x250 ActiveImpersonationInfo : 0y0
+0x250 SystemThread : 0y0
+0x250 HardErrorsAreDisabled : 0y0
+0x250 BreakOnTermination : 0y0
+0x250 SkipCreationMsg : 0y0
+0x250 SkipTerminationMsg : 0y0
+0x254 SameThreadPassiveFlags : 0
+0x254 ActiveExWorker : 0y0
+0x254 ExWorkerCanWaitUser : 0y0
+0x254 MemoryMaker : 0y0
+0x254 KeyedEventInUse : 0y0
+0x258 SameThreadApcFlags : 0
+0x258 LpcReceivedMsgIdValid : 0y0
+0x258 LpcExitThreadCalled : 0y0
+0x258 AddressSpaceOwner : 0y0
+0x25c ForwardClusterOnly : 0 ''
+0x25d DisablePageFaultClustering : 0 ''
1: kd> dx -id 0,0,89413020 -r1 (*((ntdll!_CLIENT_ID *)0x897f2214))
(*((ntdll!_CLIENT_ID *)0x897f2214)) [Type: _CLIENT_ID]
[+0x000] UniqueProcess : 0x1c8 [Type: void *]
[+0x004] UniqueThread : 0x1cc [Type: void *]
THREAD 897f2020 Cid 01c8.01cc Teb: 7ffde000 Win32Thread: e1404c50 WAIT: (WrUserRequest) UserMode Non-Alertable
894e9610 SynchronizationEvent
IRP List:
89590158: (0006,0094) Flags: 00000800 Mdl: 00000000
Not impersonating
DeviceMap e10003d8
Owning Process 89413020 Image: winlogon.exe
Attached Process N/A Image: N/A
Wait Start TickCount 274774942 Ticks: 89 (0:00:00:01.390)
Context Switch Count 2833 IdealProcessor: 1 LargeStack
UserTime 00:00:04.000
KernelTime 00:00:13.390
Stack Init f75c7000 Current f75c6c44 Base f75c7000 Limit f75c2000 Call 00000000
Priority 15 BasePriority 15 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr
f75c6c5c 80a440eb nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4]) [d:srv03rtmase
toskei386ctxswap.asm @ 139]
f75c6c94 80a35ea9 nt!KiSwapThread+0x627 (FPO: [Non-Fpo]) (CONV: fastcall) [d:srv03rtmase
toske hredsup.c @ 2000]
f75c6cc8 bf802d1b nt!KeWaitForSingleObject+0x2d7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmase
toskewait.c @ 1161]
f75c6d28 bf8aacda win32k!xxxSleepThread+0x31b (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserkernelqueue.c @ 4775]
f75c6d3c bf81880d win32k!xxxRealWaitMessageEx+0x10 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserkernelinput.c @ 157]
f75c6d50 80afbcb2 win32k!NtUserWaitMessage+0x1c (FPO: [0,0,0]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserkernel
tstubs.c @ 7101]
f75c6d50 7ffe0304 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ f75c6d64) (CONV: cdecl) [d:srv03rtmase
toskei386 rap.asm @ 1328]
0006f8d4 77d20be2 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
0006f90c 77cff459 USER32!NtUserWaitMessage+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscoreumodedaytonaobji386usrstubs.c @ 4795]
0006f934 77ce5e58 USER32!InternalDialogBox+0x108 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientdlgmgr.c @ 1353]
0006f954 77ce76e7 USER32!DialogBoxIndirectParamAorW+0x67 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclres.c @ 806]
0006f978 77cf607b USER32!DialogBoxParamW+0x3d (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclres.c @ 954]
0006f9a0 0102e8fc USER32!DialogBoxParamW_wrapper+0x5a (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclres.c @ 933]
0006f9c4 010221e2 winlogon!Fusion_DialogBoxParam+0x22 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonfusion.cpp @ 39]
0006fa08 0102c860 winlogon!TimeoutDialogBoxParam+0x36 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogon imeout.c @ 1092]
0006fa40 0101b6b7 winlogon!WlxDialogBoxParam+0xb7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlxutil.c @ 898]
0006faa8 0102876a winlogon!RunScreenSaver+0x2ea (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonscrnsave.c @ 520]
0006fad4 01029362 winlogon!DoScreenSaver+0x6f (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlx.c @ 2507]
0006faf0 0102c2bd winlogon!LoggedonDlgProc+0x53 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlx.c @ 2746]
0006fb14 77ce7ee3 winlogon!RootDlgProc+0x8d (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlxutil.c @ 343]
0006fb40 77cf2d66 USER32!InternalCallWinProc+0x1b [d:srv03rtmwindowscore
tuserclienti386callproc.asm @ 102]
0006fbbc 77cd4af3 USER32!UserCallDlgProcCheckWow+0x147 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclmsg.c @ 228]
0006fc04 77ce6bf6 USER32!DefDlgProcWorker+0x11f (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientdlgmgr.c @ 511]
0006fc20 77ce7ee3 USER32!DefDlgProcW+0x20 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientdlgmgr.c @ 1021]
0006fc4c 77cf2bff USER32!InternalCallWinProc+0x1b [d:srv03rtmwindowscore
tuserclienti386callproc.asm @ 102]
0006fcc4 77cbe3db USER32!UserCallWinProcCheckWow+0x151 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclmsg.c @ 165]
0006fd2c 77cc4014 USER32!DispatchMessageWorker+0x3e3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclmsg.c @ 2497]
0006fd3c 77cdb482 USER32!DispatchMessageW+0xd (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientcltxt.h @ 1046]
0006fd60 77cdff3d USER32!IsDialogMessageW+0x39b (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientdlgmgr2.c @ 739]
0006fd9c 77cff459 USER32!DialogBox2+0x142 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientdlgmgr.c @ 1181]
0006fdc4 77ce5e58 USER32!InternalDialogBox+0x108 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientdlgmgr.c @ 1353]
0006fde4 77ce76e7 USER32!DialogBoxIndirectParamAorW+0x67 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclres.c @ 806]
0006fe08 77cf607b USER32!DialogBoxParamW+0x3d (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclres.c @ 954]
0006fe30 0102e8fc USER32!DialogBoxParamW_wrapper+0x5a (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclres.c @ 933]
0006fe54 010221e2 winlogon!Fusion_DialogBoxParam+0x22 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonfusion.cpp @ 39]
0006fe98 0102c860 winlogon!TimeoutDialogBoxParam+0x36 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogon imeout.c @ 1092]
0006fed0 01029579 winlogon!WlxDialogBoxParam+0xb7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlxutil.c @ 898]
0006fef4 010299f3 winlogon!BlockWaitForUserAction+0x38 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlx.c @ 3105]
0006ff14 01026637 winlogon!MainLoop+0x44c (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlx.c @ 3665]
0006ff50 0102edc6 winlogon!WinMain+0x4c7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwinlogon.c @ 1350]
1: kd> t
eax=0101ad11 ebx=77f2e840 ecx=7ffdc000 edx=01055b80 esi=01232118 edi=01055b80
eip=0102e393 esp=007cff6c ebp=007cffb8 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
winlogon!JobThread+0x19a:
001b:0102e393 ffd0 call eax {winlogon!ScreenSaverCallback (0101ad11)}
1: kd> t
eax=0101ad11 ebx=77f2e840 ecx=7ffdc000 edx=01055b80 esi=01232118 edi=01055b80
eip=0101ad11 esp=007cff68 ebp=007cffb8 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206
winlogon!ScreenSaverCallback:
001b:0101ad11 55 push ebp
1: kd> kc
#
00 winlogon!ScreenSaverCallback
01 winlogon!JobThread
02 kernel32!BaseThreadStart
1: kd> dv
Parameter = 0x0006fa6c
1: kd> dt SCREEN_SAVER_DATA 0x0006fa6c
winlogon!SCREEN_SAVER_DATA
+0x000 pTerm : 0x00077418 _TERMINAL
+0x004 fSecure : 0n1
+0x008 fEnabled : 0n1
+0x00c ScreenSaverName : 0x0123c730 -> 0x43
+0x010 SasInterrupt : 3
+0x014 WeKilledIt : 0n0
+0x018 hDlg : 0x000d00b6 HWND__
+0x01c Job : 0x01232118 _WINLOGON_JOB
+0x020 ReturnValue : 0n1
+0x024 DesktopPath : 0x0122eb58 -> 0x57
+0x028 fAutoReturnToWelcome : 0n1
1: kd> dt wnd 0xbc643a24
USER32!WND
+0x000 head : _THRDESKHEAD
+0x014 state : 0x30008
+0x018 state2 : 0x80000300
+0x01c ExStyle : 0x10901
+0x020 style : 0x94c000c4
+0x024 hModule : 0x01000000 Void
+0x028 hMod16 : 0
+0x02a fnid : 0x2a4
+0x02c spwndNext : 0xbc643b74 tagWND
+0x030 spwndPrev : (null)
+0x034 spwndParent : 0xbc640dd4 tagWND
+0x038 spwndChild : 0xbc644124 tagWND
+0x03c spwndOwner : (null)
+0x040 rcWindow : tagRECT
+0x050 rcClient : tagRECT
+0x060 lpfnWndProc : 0x77ce6bd6 long USER32!DefDlgProcW+0
+0x064 pcls : 0xbc64241c tagCLS
+0x068 hrgnUpdate : (null)
+0x06c ppropList : (null)
+0x070 pSBInfo : (null)
+0x074 spmenuSys : (null)
+0x078 spmenu : (null)
+0x07c hrgnClip : (null)
+0x080 strName : _LARGE_UNICODE_STRING
+0x08c cbwndExtra : 0n30
+0x090 spwndLastActive : 0xbc643a24 tagWND
+0x094 hImc : (null)
+0x098 dwUserData : 0x6fa6c
+0x09c pActCtx : (null)
1: kd> dx -id 0,0,89413020 -r1 (*((USER32!_THRDESKHEAD *)0xbc643a24))
(*((USER32!_THRDESKHEAD *)0xbc643a24)) [Type: _THRDESKHEAD]
[+0x000] h : 0xd00b6 [Type: void *]
[+0x004] cLockObj : 0x5 [Type: unsigned long]
[+0x008] pti : 0xe1404c50 [Type: tagTHREADINFO *]
[+0x00c] rpdesk : 0x894da378 [Type: tagDESKTOP *]
[+0x010] pSelf : 0xbc643a24 : 0xb6 [Type: unsigned char *]
1: kd> dx -id 0,0,89413020 -r1 (*((USER32!_LARGE_UNICODE_STRING *)0xbc643aa4))
(*((USER32!_LARGE_UNICODE_STRING *)0xbc643aa4)) [Type: _LARGE_UNICODE_STRING]
[+0x000] Length : 0x3e [Type: unsigned long]
[+0x004 (30: 0)] MaximumLength : 0x40 [Type: unsigned long]
[+0x004 (31:31)] bAnsi : 0x0 [Type: unsigned long]
[+0x008] Buffer : 0xbc643ef4 : 0x57 [Type: unsigned short *]
1: kd> db 0xbc643ef4
bc643ef4 57 00 69 00 6e 00 6c 00-6f 00 67 00 6f 00 6e 00 W.i.n.l.o.g.o.n.
bc643f04 20 00 67 00 65 00 6e 00-65 00 72 00 69 00 63 00 .g.e.n.e.r.i.c.
bc643f14 20 00 63 00 6f 00 6e 00-74 00 72 00 6f 00 6c 00 .c.o.n.t.r.o.l.
bc643f24 20 00 64 00 69 00 61 00-6c 00 6f 00 67 00 00 00 .d.i.a.l.o.g…
bp USER32!DefDlgProcW
Breakpoint 29 hit
eax=c0000000 ebx=00000000 ecx=40000000 edx=00000000 esi=77ce6bd6 edi=0006f808
eip=77ce6bd6 esp=0006f794 ebp=0006f7bc iopl=0 ov up ei ng nz na pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000a87
USER32!DefDlgProcW:
001b:77ce6bd6 55 push ebp
1: kd> kc
#
00 USER32!DefDlgProcW
01 USER32!InternalCallWinProc
02 USER32!UserCallWinProcCheckWow
03 USER32!DispatchMessageWorker
04 USER32!DispatchMessageW
05 USER32!IsDialogMessageW
06 USER32!DialogBox2
07 USER32!InternalDialogBox
08 USER32!DialogBoxIndirectParamAorW
09 USER32!DialogBoxParamW
0a USER32!DialogBoxParamW_wrapper
0b winlogon!Fusion_DialogBoxParam
0c winlogon!TimeoutDialogBoxParam
0d winlogon!WlxDialogBoxParam
0e winlogon!RunScreenSaver
0f winlogon!DoScreenSaver
10 winlogon!LoggedonDlgProc
11 winlogon!RootDlgProc
12 USER32!InternalCallWinProc
13 USER32!UserCallDlgProcCheckWow
14 USER32!DefDlgProcWorker
15 USER32!DefDlgProcW
16 USER32!InternalCallWinProc
17 USER32!UserCallWinProcCheckWow
18 USER32!DispatchMessageWorker
19 USER32!DispatchMessageW
1a USER32!IsDialogMessageW
1b USER32!DialogBox2
1c USER32!InternalDialogBox
1d USER32!DialogBoxIndirectParamAorW
1e USER32!DialogBoxParamW
1f USER32!DialogBoxParamW_wrapper
20 winlogon!Fusion_DialogBoxParam
21 winlogon!TimeoutDialogBoxParam
22 winlogon!WlxDialogBoxParam
23 winlogon!BlockWaitForUserAction
24 winlogon!MainLoop
25 winlogon!WinMain
26 winlogon!WinMainCRTStartup
1: kd> dv
hwnd = 0x000d00b6
message = 0x720
wParam = 0
lParam = 0n0
1: kd> p
Breakpoint 28 hit
eax=000774bc ebx=000d00b6 ecx=000774c0 edx=00077418 esi=000774bc edi=00077418
eip=0101b298 esp=0006f664 ebp=0006f684 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000212
winlogon!ScreenSaverDlgProc:
001b:0101b298 55 push ebp
1: kd> kc
#
00 winlogon!ScreenSaverDlgProc
01 winlogon!RootDlgProc
02 USER32!InternalCallWinProc
03 USER32!UserCallDlgProcCheckWow
04 USER32!DefDlgProcWorker
05 USER32!DefDlgProcW
06 USER32!InternalCallWinProc
07 USER32!UserCallWinProcCheckWow
08 USER32!DispatchMessageWorker
09 USER32!DispatchMessageW
0a USER32!IsDialogMessageW
0b USER32!DialogBox2
0c USER32!InternalDialogBox
0d USER32!DialogBoxIndirectParamAorW
0e USER32!DialogBoxParamW
0f USER32!DialogBoxParamW_wrapper
10 winlogon!Fusion_DialogBoxParam
11 winlogon!TimeoutDialogBoxParam
12 winlogon!WlxDialogBoxParam
13 winlogon!RunScreenSaver
14 winlogon!DoScreenSaver
15 winlogon!LoggedonDlgProc
16 winlogon!RootDlgProc
17 USER32!InternalCallWinProc
18 USER32!UserCallDlgProcCheckWow
19 USER32!DefDlgProcWorker
1a USER32!DefDlgProcW
1b USER32!InternalCallWinProc
1c USER32!UserCallWinProcCheckWow
1d USER32!DispatchMessageWorker
1e USER32!DispatchMessageW
1f USER32!IsDialogMessageW
20 USER32!DialogBox2
21 USER32!InternalDialogBox
22 USER32!DialogBoxIndirectParamAorW
23 USER32!DialogBoxParamW
24 USER32!DialogBoxParamW_wrapper
25 winlogon!Fusion_DialogBoxParam
26 winlogon!TimeoutDialogBoxParam
27 winlogon!WlxDialogBoxParam
28 winlogon!BlockWaitForUserAction
29 winlogon!MainLoop
2a winlogon!WinMain
2b winlogon!WinMainCRTStartup
1: kd> dv
hDlg = 0x000d00b6
message = 0x720
wParam = 0
lParam = 0n0
D:srv03rtmdssecuritygina/winlogon/scrnsave.c:40:#define WLX_WM_SCREENSAVER_DIED (WM_USER + 800)
1: kd> ?0x720
Evaluate expression: 1824 = 00000720
#define WM_USER 0x0400
1: kd> ?400
Evaluate expression: 1024 = 00000400 正确
//
// Summon the dialog that monitors the screen-saver
//
Result = WlxSetTimeout( pTerm, TIMEOUT_NONE);
Result = WlxDialogBoxParam( pTerm,
g_hInstance,
(LPTSTR)IDD_CONTROL,
NULL, ScreenSaverDlgProc,
(LPARAM)&ScreenSaverData);
EndTime = GetTickCount();
1: kd> bd 28
1: kd> g
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_SETFOCUS), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetFocus, retval = 600b0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINOUTLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGING), retval = 0
Break instruction exception – code 80000003 (first chance)
eax=00000000 ebx=1060bc05 ecx=80ae0dfa edx=00000029 esi=894c126c edi=894c1008
eip=80b004ad esp=b9a90c54 ebp=b9a90c68 iopl=0 nv up ei ng nz ac po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000292
nt!KiInterruptDispatch+0x14d:
80b004ad cc int 3
0: kd> g
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnINLPWINDOWPOS, Unknown(WM_WINDOWPOSCHANGED), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowPos, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] ZapActiveAndFocus, retval = bc643a24
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserPostMessage, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_DESTROY), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_DESTROY), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetWindowFNID, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnNCDESTROY, Unknown(WM_NCDESTROY), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetThreadState
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] SetDialogPointer, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] Callback SfnNCDESTROY, Unknown(WM_NCDESTROY), retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserDestroyWindow, retval = 1
456.460> Winlogon-Trace-Timeout: Enabling timeout after 0 seconds
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserPeekMessage, retval = 0
Breakpoint 30 hit
eax=00000001 ebx=00000000 ecx=000774a8 edx=00000000 esi=00077418 edi=77e46a87
eip=0101b6b7 esp=0006fa60 ebp=0006faa8 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
winlogon!RunScreenSaver+0x2ea:
001b:0101b6b7 8945fc mov dword ptr [ebp-4],eax ss:0023:0006faa4=00000002
1: kd> kc
#
00 winlogon!RunScreenSaver
01 winlogon!DoScreenSaver
02 winlogon!LoggedonDlgProc
03 winlogon!RootDlgProc
04 USER32!InternalCallWinProc
05 USER32!UserCallDlgProcCheckWow
06 USER32!DefDlgProcWorker
07 USER32!DefDlgProcW
08 USER32!InternalCallWinProc
09 USER32!UserCallWinProcCheckWow
0a USER32!DispatchMessageWorker
0b USER32!DispatchMessageW
0c USER32!IsDialogMessageW
0d USER32!DialogBox2
0e USER32!InternalDialogBox
0f USER32!DialogBoxIndirectParamAorW
10 USER32!DialogBoxParamW
11 USER32!DialogBoxParamW_wrapper
12 winlogon!Fusion_DialogBoxParam
13 winlogon!TimeoutDialogBoxParam
14 winlogon!WlxDialogBoxParam
15 winlogon!BlockWaitForUserAction
16 winlogon!MainLoop
17 winlogon!WinMain
18 winlogon!WinMainCRTStartup
else
{
Result = WLX_SAS_ACTION_LOCK_WKSTA;
}
DebugLog((DEB_TRACE, “Screensaver completed, SasInterrupt == %d
“,
ScreenSaverData.SasInterrupt));
1: kd> p
456.460> Winlogon-Trace: Screensaver completed, SasInterrupt == 3
//
// Set up desktop and windowstation lock appropriately. If we got a logoff,
// or we're supposed to lock the workstation, switch back to the winlogon
// desktop. Otherwise, go back to the users current desktop.
//
if ((ScreenSaverData.SasInterrupt == WLX_SAS_TYPE_USER_LOGOFF) ||
(Result == WLX_SAS_ACTION_LOCK_WKSTA) ) {
//
// Switch to the winlogon desktop and retain windowstation lock
//
Success = SetActiveDesktop(pTerm, Desktop_Winlogon);
1: kd> p
Breakpoint 20 hit
eax=000002a4 ebx=00000000 ecx=3dcecad3 edx=00000042 esi=000788e0 edi=00077418
eip=77d20a38 esp=0006fa38 ebp=0006fa50 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
USER32!NtUserSwitchDesktop:
001b:77d20a38 b82a120000 mov eax,122Ah
1: kd> kc
#
00 USER32!NtUserSwitchDesktop
01 winlogon!RunScreenSaver
02 winlogon!DoScreenSaver
03 winlogon!LoggedonDlgProc
04 winlogon!RootDlgProc
05 USER32!InternalCallWinProc
06 USER32!UserCallDlgProcCheckWow
07 USER32!DefDlgProcWorker
08 USER32!DefDlgProcW
09 USER32!InternalCallWinProc
0a USER32!UserCallWinProcCheckWow
0b USER32!DispatchMessageWorker
0c USER32!DispatchMessageW
0d USER32!IsDialogMessageW
0e USER32!DialogBox2
0f USER32!InternalDialogBox
10 USER32!DialogBoxIndirectParamAorW
11 USER32!DialogBoxParamW
12 USER32!DialogBoxParamW_wrapper
13 winlogon!Fusion_DialogBoxParam
14 winlogon!TimeoutDialogBoxParam
15 winlogon!WlxDialogBoxParam
16 winlogon!BlockWaitForUserAction
17 winlogon!MainLoop
18 winlogon!WinMain
19 winlogon!WinMainCRTStartup
1: kd> kv
# ChildEBP RetAddr Args to Child
00 f75c6d4c 80afbcb2 000002a4 80afbbec 00000000 win32k!NtUserSwitchDesktop (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserkernel
tstubs.c @ 1685]
01 f75c6d4c 7ffe0304 000002a4 80afbbec 00000000 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ f75c6d64) (CONV: cdecl) [d:srv03rtmase
toskei386 rap.asm @ 1328]
02 0006fa30 77d20a44 01026941 000002a4 00000004 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
03 0006fa50 0101b7a1 00077418 00000000 00000000 USER32!NtUserSwitchDesktop+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscoreumodedaytonaobji386usrstubs.c
@ 4539]
04 0006faa8 0102876a ffe6bfb5 00000000 00000001 winlogon!RunScreenSaver+0x3d4 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonscrnsave.c @ 629]
05 0006fad4 01029362 00000000 00000000 00077418 winlogon!DoScreenSaver+0x6f (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlx.c @ 2507]
06 0006faf0 0102c2bd 0006001e 00000659 00000002 winlogon!LoggedonDlgProc+0x53 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlx.c @ 2746]
07 0006fb14 77ce7ee3 0006001e 00000659 00000002 winlogon!RootDlgProc+0x8d (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlxutil.c @ 343]
08 0006fb40 77cf2d66 0102c230 0006001e 00000659 USER32!InternalCallWinProc+0x1b [d:srv03rtmwindowscore
tuserclienti386callproc.asm @ 102]
09 0006fbbc 77cd4af3 00000000 0102c230 0006001e USER32!UserCallDlgProcCheckWow+0x147 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclmsg.c @ 228]
0a 0006fc04 77ce6bf6 00000000 00000659 00000002 USER32!DefDlgProcWorker+0x11f (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientdlgmgr.c @ 511]
0b 0006fc20 77ce7ee3 0006001e 00000659 00000002 USER32!DefDlgProcW+0x20 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientdlgmgr.c @ 1021]
0c 0006fc4c 77cf2bff 77ce6bd6 0006001e 00000659 USER32!InternalCallWinProc+0x1b [d:srv03rtmwindowscore
tuserclienti386callproc.asm @ 102]
0d 0006fcc4 77cbe3db 00000000 77ce6bd6 0006001e USER32!UserCallWinProcCheckWow+0x151 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclmsg.c @
165]
0e 0006fd2c 77cc4014 0006fd7c 00000000 0006fd60 USER32!DispatchMessageWorker+0x3e3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclmsg.c @ 2497]
0f 0006fd3c 77cdb482 0006fd7c 00000000 007d3b74 USER32!DispatchMessageW+0xd (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientcltxt.h @ 1046]
10 0006fd60 77cdff3d 0006001e 007d3b74 00000000 USER32!IsDialogMessageW+0x39b (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientdlgmgr2.c @ 739]
11 0006fd9c 77cff459 0006001e 00000000 00000010 USER32!DialogBox2+0x142 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientdlgmgr.c @ 1181]
12 0006fdc4 77ce5e58 01000000 01059dd0 00000000 USER32!InternalDialogBox+0x108 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientdlgmgr.c @ 1353]
13 0006fde4 77ce76e7 01000000 01059dd0 00000000 USER32!DialogBoxIndirectParamAorW+0x67 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclres.c @ 806]
14 0006fe08 77cf607b 01000000 00000578 00000000 USER32!DialogBoxParamW+0x3d (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclres.c @ 954]
15 0006fe30 0102e8fc 01000000 00000578 00000000 USER32!DialogBoxParamW_wrapper+0x5a (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmwindowscore
tuserclientclres.c @ 933]
16 0006fe54 010221e2 01000000 00000578 00000000 winlogon!Fusion_DialogBoxParam+0x22 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonfusion.cpp @ 39]
17 0006fe98 0102c860 00077418 01000000 00000578 winlogon!TimeoutDialogBoxParam+0x36 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogon imeout.c @ 1092]
18 0006fed0 01029579 00077418 01000000 00000578 winlogon!WlxDialogBoxParam+0xb7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlxutil.c @ 898]
19 0006fef4 010299f3 00077418 00077418 00000004 winlogon!BlockWaitForUserAction+0x38 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlx.c @ 3105]
1a 0006ff14 01026637 00077418 ffffffff 00000000 winlogon!MainLoop+0x44c (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwlx.c @ 3665]
1b 0006ff50 0102edc6 000a7cb0 00000000 00072f0c winlogon!WinMain+0x4c7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:srv03rtmdssecurityginawinlogonwinlogon.c @ 1350]
1c 0006fff4 00000000 7ffdf000 0000018a 00000142 winlogon!WinMainCRTStartup+0x182 (FPO: [Non-Fpo]) (CONV: cdecl) [d:srv03rtmasecrtscrtw32dllstuffcrtexe.c @ 493]
1: kd> bp 0101b7a1
1: kd> g
(s: 0 0x1b0.1e0 csrss.exe) USRK-[Callout] Mapping desktop 0x894DA378 into process 0x8960A020
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] xxxActivateWindow temporarly set TIF 0XE1404C50
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] xxxSetForegroundWindow FRemoveForegroundActivate 0XE1404C50
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] FRemoveForegroundActivate clear TIF 0XE1404C50
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] FRemoveForegroundActivate clear W32PF 0XE1619070
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] xxxSetForegroundWindow2 by 0XE1404C50 to 0XBC640DD4-0XE1667A70
(s: 0 0x1c8.1cc winlogon.exe) USRK-[KBD] SetGlobalKeyboardTableInfo:Changing KL NLS Table: new HKL=0X04090409
(s: 0 0x1c8.1cc winlogon.exe) USRK-[KBD] SetGlobalKeyboardTableInfo: new gpKbdNlsTbl=00000000
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] xxxActivateWindow set TIF 0XE1404C50
456.1448> Winlogon-Trace: ProfileUserMapping Refs = 2
456.1448> Winlogon-Trace-SAS: Playing sound range 0 index '8'
456.1448> Winlogon-Trace: ProfileUserMapping Refs = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[FOREGROUND] xxxSetForegroundWindow2 by 0XE1404C50 to 00000000-00000000
(s: 0 0x1c8.1cc csrss.exe) USRK-[Callout] Unmapping desktop 0x894DA378 from process 0x899A2278 (0x0 <-> 0x0)
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSwitchDesktop, retval = 1
456.460> Winlogon-Trace: Switching desktop from ScreenSaver to Winlogon
Breakpoint 31 hit
eax=00000001 ebx=00000000 ecx=3dcecad3 edx=00000048 esi=00077418 edi=00000004
eip=0101b7a1 esp=0006fa60 ebp=0006faa8 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
winlogon!RunScreenSaver+0x3d4:
001b:0101b7a1 395dd8 cmp dword ptr [ebp-28h],ebx ss:0023:0006fa80=00000000
DeleteScreenSaverInfo(&ScreenSaverData);
if (pTerm->pWinStaWinlogon->hdeskScreenSaver != NULL) {
if (!CloseDesktop(pTerm->pWinStaWinlogon->hdeskScreenSaver)) {
DebugLog((DEB_TRACE, “Failed to close screen saver desktop!
“));
}
pTerm->pWinStaWinlogon->hdeskScreenSaver = NULL;
}
return(Result);
}
1: kd> p
(s: 0 0x1c8.1cc winlogon.exe) USRK-[Callout] Unmapping desktop 0x898D3C30 from process 0x89413020 (0x0 <-> 0x0)
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCloseDesktop, retval = 1
eax=00000001 ebx=00000000 ecx=0006fa54 edx=7ffe0304 esi=00077418 edi=00000004
eip=0101b7fc esp=0006fa60 ebp=0006faa8 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
winlogon!RunScreenSaver+0x42f:
001b:0101b7fc 8b4608 mov eax,dword ptr [esi+8] ds:0023:00077420=000788e0
暂无评论内容