当前位置: 首页 > news >正文

从RDPDD!DrvEscape到RDPWD!ShareClass::UPSendOrders

news 2025/10/27 6:53:11

从RDPDD!DrvEscape到RDPWD!ShareClass::UPSendOrders

Breakpoint 7 hit
RDPWD!ShareClass::UPSendOrders+0x643:
b9eb3bf3 8945e4          mov     dword ptr [ebp-1Ch],eax
0: kd> kc
#
00 RDPWD!ShareClass::UPSendOrders
01 RDPWD!ShareClass::UP_SendUpdates
02 RDPWD!ShareClass::DCS_TimeToDoStuff
03 RDPWD!WD_Ioctl
04 termdd!_IcaCallSd
05 termdd!_IcaCallStack
06 termdd!IcaCallDriver
07 termdd!IcaDeviceControlVirtual
08 termdd!IcaDeviceControlChannel
09 termdd!IcaDeviceControl
0a termdd!IcaDispatch
0b nt!IofCallDriver
0c win32k!CtxDeviceIoControlFile
0d win32k!EngFileIoControl
0e RDPDD!SCH_DDOutputAvailable
0f RDPDD!DrvEscape
10 win32k!HDXDrvEscape
11 win32k!RawInputThread
12 win32k!xxxCreateSystemThreads
13 win32k!NtUserCallOneParam
14 nt!_KiSystemService
15 SharedUserData!SystemCallStub
16 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr  Args to Child              
00 b91d054c b9eb2e6b edbe7a90 b91d0594 b9ec4144 RDPWD!ShareClass::UPSendOrders+0x643 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\rdp\rdpwd\aupint.cpp @ 214]
01 b91d0570 b9e9d096 edbe7a90 bc640000 00000780 RDPWD!ShareClass::UP_SendUpdates+0x16b (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\rdp\rdpwd\aupapi.cpp @ 140]
02 b91d05c4 b9e62bfc edbe7a90 b91d09c8 b91d09f4 RDPWD!ShareClass::DCS_TimeToDoStuff+0x1a6 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\rdp\rdpwd\adcsapi.cpp @ 321]
03 b91d07b0 bac481f2 edbec010 b91d0844 89081020 RDPWD!WD_Ioctl+0x54c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\rdp\rdpwd\nwdwcpp.cpp @ 327]
04 b91d07c8 bac48b30 896eefa0 00000005 b91d0844 termdd!_IcaCallSd+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\stack.c @ 2690]
05 b91d07e4 bac49b66 89081020 00000005 b91d0844 termdd!_IcaCallStack+0x48 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\stack.c @ 2490]
06 b91d0808 bac4b230 89097418 00000005 b91d0844 termdd!IcaCallDriver+0x94 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\stack.c @ 1204]
07 b91d0898 bac40fed 89097418 8958d7c0 8958d830 termdd!IcaDeviceControlVirtual+0x374 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\virtual.c @ 281]
08 b91d08f4 bac4399c 89097418 8958d7c0 8958d830 termdd!IcaDeviceControlChannel+0x263 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\channel.c @ 1113]
09 b91d0908 bac443a3 8958d7c0 8958d830 898aaf10 termdd!IcaDeviceControl+0x24 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\dispatch.c @ 721]
0a b91d0924 80a2675c 898aaf10 0058d7c0 8907f6b8 termdd!IcaDispatch+0x253 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\termdd\dispatch.c @ 179]
0b b91d0940 bf98dd1c 00000000 00000000 8966cd58 nt!IofCallDriver+0x62 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\io\iomgr\iosubs.c @ 2237]
0c b91d0954 bf91de63 8907f6b8 0038144f b91d09c8 win32k!CtxDeviceIoControlFile+0x99 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntgdi\gre\muio.c @ 344]
0d b91d098c bff3832f 8907f6b8 0038144f b91d09c8 win32k!EngFileIoControl+0x25 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntgdi\gre\helpers.cxx @ 91]
0e b91d09fc bff435a0 edc20028 00000001 8966cd58 RDPDD!SCH_DDOutputAvailable+0xdf (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\rdp\rdpdd\nschdisp.c @ 191]
0f b91d0a88 bf968192 edc32e90 00000001 00000000 RDPDD!DrvEscape+0xc0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\termsrv\drivers\rdp\rdpdd\nddapi.c @ 1058]
10 b91d0ab0 bf891d7c edc34018 00000001 00000000 win32k!HDXDrvEscape+0x9f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntgdi\gre\misc.cxx @ 176]
11 b91d0d1c bf8b21b0 00000006 00000002 b91d0d48 win32k!RawInputThread+0x8d1 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6429]
12 b91d0d2c bf806d52 b92004a0 b91d0d58 0095fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
13 b91d0d48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
14 b91d0d48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ b91d0d64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
15 0095ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
16 0095ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
windbg> .open -a ffffffffbff3832f
0: kd> ?513
Evaluate expression: 1299 = 00000513

/****************************************************************************/
/* IOCTL_WDTS_DD_OUTPUT_AVAILABLE carries                                   */
/* - TSHARE_DD_OUTPUT_IN as input data                                      */
/* - TSHARE_DD_OUTPUT_OUT as output data                                    */
/****************************************************************************/
#define IOCTL_WDTS_DD_OUTPUT_AVAILABLE \
_ICA_CTL_CODE( 0x513, METHOD_NEITHER )


0038144f


1 0100 0100 1111
1 0100 0100 11
1 01    00 01        00 11

513正确


NTSTATUS
IcaDispatch (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{

            case IRP_MJ_DEVICE_CONTROL:

                saveIrql = KeGetCurrentIrql();

                Status = IcaDeviceControl( Irp, irpSp );

                ASSERT( KeGetCurrentIrql( ) == saveIrql );

                Irp->IoStatus.Status = Status;
IoCompleteRequest( Irp, IcaPriorityBoost );

                return( Status );

NTSTATUS IcaDeviceControlChannel(
IN PICA_CHANNEL pChannel,
IN PIRP Irp,
IN PIO_STACK_LOCATION IrpSp)
{


case Channel_Virtual :
Status = IcaDeviceControlVirtual( pChannel, Irp, IrpSp );
break;


NTSTATUS
IcaDeviceControlVirtual(
IN PICA_CHANNEL pChannel,
IN PIRP Irp,
IN PIO_STACK_LOCATION IrpSp
)
{


/*
*  Send request to WD
*/
SdIoctl.IoControlCode = code;
SdIoctl.OutputBuffer = pUserBuffer;
SdIoctl.OutputBufferLength = IrpSp->Parameters.DeviceIoControl.OutputBufferLength;
Status = IcaCallDriver( pChannel, SD$IOCTL, &SdIoctl );

NTSTATUS
IcaCallDriver(
IN PICA_CHANNEL pChannel,
IN ULONG ProcIndex,
IN PVOID pParms
)
{


if ( !(pStack->fIoDisabled ||
pStack->StackClass == Stack_Shadow &&
!(pChannel->Flags & CHANNEL_SHADOW_IO) ||
(pChannel->pConnect->fPassthruEnabled &&
pStack->StackClass == Stack_Passthru)) ) {
Status = _IcaCallStack( pStack, ProcIndex, pParms );
}
}
}

NTSTATUS
_IcaCallStack(
IN PICA_STACK pStack,
IN ULONG ProcIndex,
IN OUT PVOID pParms
)
{

    ASSERT( pSdLink->pStack == pStack );
Status = _IcaCallSd( pSdLink, ProcIndex, pParms );

/****************************************************************************/
// WD_Ioctl
//
// Query/Set configuration information for the WD.
/****************************************************************************/
NTSTATUS WD_Ioctl(PTSHARE_WD pTSWd, PSD_IOCTL pSdIoctl)
{
NTSTATUS status = STATUS_SUCCESS;
UINT32   bufferLen;
unsigned fn;
PVIDEO_MODE_INFORMATION pVidInfo;

    DC_BEGIN_FN("WD_Ioctl");


// Check if the framebuffer is valid
if (pOutputIn->pFrameBuf != NULL &&
pOutputIn->frameBufHeight != 0 &&
pOutputIn->frameBufWidth != 0) {

                    // For normal output IOCTLs, call DCS_TTDS.
if (!pOutputIn->schedOnly) {
TRC_DBG((TB, "Normal output"));

                        // Stop the timer (in the main we don't use it, so
// avoid excess context switches).
WDWStopRITTimer(pTSWd);

                        // Call the Share Core to do the work.

                        // need to return status code so caller can bail out
// in case of error
status = dcShare->DCS_TimeToDoStuff(pOutputIn,
&(pOutputOut->schCurrentMode), &milliSecs);


NTSTATUS RDPCALL SHCLASS DCS_TimeToDoStuff(PTSHARE_DD_OUTPUT_IN pOutputIn,
PUINT32            pSchCurrentMode,
PINT32              pNextTimer)
{


//
// *** Keep the code path but still return status code ***
//
status = UP_SendUpdates(pOutputIn->pFrameBuf, pOutputIn->frameBufWidth,
&pkgInfo);


/****************************************************************************/
// UP_SendUpdates
//
// Tries to send orders and bitmap data.
/****************************************************************************/
NTSTATUS RDPCALL SHCLASS UP_SendUpdates(
BYTE *pFrameBuf,
UINT32 frameBufWidth,
PPDU_PACKAGE_INFO pPkgInfo)
{

#ifdef DC_HICOLOR
// test for hi color will avoid call into PM
if ((m_pTSWd->desktopBpp > 8) ||
PM_MaybeSendPalettePacket(pPkgInfo))
#else
if (PM_MaybeSendPalettePacket(pPkgInfo))
#endif
{
status = UPSendOrders(pPkgInfo);


NTSTATUS RDPCALL SHCLASS UPSendOrders(PPDU_PACKAGE_INFO pPkgInfo)
{


// Keep sending packets while there are some orders to do.
while (cbOrderBytesRemaining > 0) {
// Loop in case we need to use multiple packing sizes.
for (;;) {
// The encoded orders must not exceed the packing buffer
// bounds.
TRC_ASSERT(((pPkgInfo->cbInUse + (unsigned)ScaledSpaceAvail +
upUpdateHdrSize) <= pPkgInfo->cbLen),
(TB,"Target ScaledSpaceAvail %d exceeds the "
"encoding buffer - cbInUse=%u, cbLen=%u, "
"upHdrSize=%u",
ScaledSpaceAvail, pPkgInfo->cbInUse,
pPkgInfo->cbLen, upUpdateHdrSize));

                // Transfer as many orders into the packet as will fit.
cbOrderBytes = (unsigned)ScaledSpaceAvail;
cbOrderBytesRemaining = UPFetchOrdersIntoBuffer(
pOrderBuffer, &NumOrders, &cbOrderBytes);


API FUNCTION: DCS_TimeToDoStuff                                          

This function is called to send updates etc in the correct order.        

PARAMETERS: IN  - pOutputIn - input from TShareDD                        
OUT - pSchCurrentMode - current Scheduler mode               

RETURNS: Millisecs to set the timer for (-1 means infinite).             

 Scheduling is the responsibility of the WDW, DD and SCH components.      
These ensure that DCS_TimeToDoStuff() gets called.  The Scheduler is in  
one of three states: asleep, normal or turbo.  When it is asleep, this   
function is not called.  When it is in normal mode, this function is     
called at least once, but the scheduler is a lazy guy, so will fall      
asleep again unless you keep prodding him.  In turbo mode this function  
is called repeatedly and rapidly, but only for a relatively short time,  
after which the scheduler falls back into normal mode, and from there    
falls asleep.                                                            

Hence when a component realises it has some processing to do later,      
which is called from DCS_TimeToDoStuff(), it calls                       
SCH_ContinueScheduling(SCH_MODE_NORMAL) which guarantees that this       
function will be called at least one more time.  If the component wants  
DCS_TimeToDoStuff() to be called again, it must make another call to     
SCH_ContinueScheduling(), which prods the Scheduler again.               

The objective is to only keep the scheduler awake when it is really      
necessary.                                                               


调用此函数是为了按正确顺序发送更新等内容。

 参数:IN - pOutputIn - 来自TShareDD的输入

输出 - pSchCurrentMode - 当前调度器模式


返回值:设置计时器的毫秒数(-1表示无限期)。

调度是WDW、DD和SCH组件的职责。
这些确保了DCS_TimeToDoStuff()函数被调用。
调度器位于
三种状态之一:休眠、正常或加速。当它处于休眠状态时,这
函数未被调用。
当它处于正常模式时,此函数是
至少被调用了一次,但调度器是个懒惰的家伙,
所以会失败
除非你一直刺激他,否则他就会再次入睡。在涡轮模式下,
此功能
它被反复且快速地调用,但仅持续相对较短的时间,
之后,调度器会退回到正常模式,并从该模式开始
睡着了。

因此,当一个组件意识到它稍后有处理工作要做时,
它是由DCS_TimeToDoStuff()函数调用的,
该函数会调用它
调用 SCH_ContinueScheduling(SCH_MODE_NORMAL) 可确保这一点
该函数至少还会被调用一次。
如果组件需要
若要再次调用DCS_TimeToDoStuff(),则必须再次调用
SCH_ContinueScheduling(),该函数会再次触发调度器。
目标是在调度器真正需要时才保持其唤醒状态
必要的。

调试记录:

Breakpoint 10 hit
RDPDD!DrvEscape:
bff434e0 55              push    ebp
1: kd> kc
#
00 RDPDD!DrvEscape
01 win32k!HDXDrvEscape
02 win32k!RawInputThread
03 win32k!xxxCreateSystemThreads
04 win32k!NtUserCallOneParam
05 nt!_KiSystemService
06 SharedUserData!SystemCallStub
07 winsrv!NtUserCallOneParam
1: kd> dv
pso = 0xe19cd028
iEsc = 1
cjIn = 0
pvIn = 0x00000000
cjOut = 0
pvOut = 0x00000000
pPDev = 0x895bd270
trc_fn = 0x80a44126 "_^???"
trc_file = 0xffdff120 "???"
status = 0n-1990471056
timerInfo = struct tagTSHARE_DD_TIMER_INFO
outputIn = struct tagTSHARE_DD_OUTPUT_IN
bytesReturned = 0
escCode = 0xbff434e0
__fnname = char [10] "DrvEscape"
rc = 8
1: kd> g
22:26:30.234 895BD44C.00000000 TermDD: IcaDeviceControlChannel, fc 1299, ref 1 (enter)
22:26:30.234 895BD44C.00000000 ICADD: IcaDeviceControlVirtual, fc 1299, ref 1 (enter)
22:26:30.250 895BD44C.00000000 RDP E1511010 WD_Ioctl     0296 IOCTL_WDTS_DD_OUTPUT_AVAILABLE
22:26:30.250 895BD44C.00000000 RDP E1511010 WD_Ioctl     0299 OK to process the IOCtl
22:26:30.250 895BD44C.00000000 RDP E1511010 WD_Ioctl     0307 OutputAvailable IOCtl: force send=1
22:26:30.250 895BD44C.00000000 RDP E1511010 WD_Ioctl     0316 Normal output
22:26:30.250 895BD44C.00000000 RDP E1511010 IM_CheckUpda 0826 No move since last time through
22:26:30.250 895BD44C.00000000 RDP E1511010 DCS_TimeToDo 0315 Send updates
22:26:30.250 895BD44C.00000000 RDP E1511010 UP_SendUpdat 0111 New set of updates
22:26:30.250 895BD44C.00000000 RDP E1511010 SCH_Continue 0146 Continue scheduling (Asleep) -> (Normal), InTTDS(1)
22:26:30.250 895BD44C.00000000 RDP E1511010 UPSendOrders 0067 3272 order bytes to fetch
22:26:30.250 895BD44C.00000000 RDP E1511010 UPFetchOrder 0402 First order: EDE3F310
22:26:30.250 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F310, len 11
22:26:30.250 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F310)
22:26:30.250 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F334, len 13
22:26:30.250 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F334)
22:26:30.250 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F358, len 10
22:26:30.250 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F358)
22:26:30.250 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F37C, len 10
22:26:30.250 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F37C)
22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F3A0, len 8
22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F3A0)
22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F3C4, len 12
22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F3C4)
22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F3E8, len 10
22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F3E8)
22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F40C, len 10
22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F40C)
22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F430, len 8
22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F430)
22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F454, len 10
22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F454)
22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F478, len 8
22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F478)
22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F49C, len 6
22:26:30.265 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F49C)
22:26:30.265 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F4C0, len 10
22:26:30.281 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F4C0)
22:26:30.296 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F4E4, len 10
22:26:30.312 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F4E4)
22:26:30.328 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F508, len 6
22:26:30.328 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F508)
22:26:30.328 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F52C, len 51
22:26:30.328 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F52C)
22:26:30.328 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F578, len 53
22:26:30.328 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F578)
22:26:30.328 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F5D0, len 219
22:26:30.328 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F5D0)
22:26:30.328 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F6C0, len 20
22:26:30.343 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F6C0)
22:26:30.343 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F6EC, len 375
22:26:30.343 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F6EC)
22:26:30.343 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F878, len 5
22:26:30.343 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F878)
22:26:30.359 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F8A4, len 281
22:26:30.375 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F8A4)
22:26:30.375 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3F9D4, len 3
22:26:30.375 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3F9D4)
22:26:30.375 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FA00, len 118
22:26:30.390 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FA00)
22:26:30.406 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FA8C, len 3
22:26:30.406 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FA8C)
22:26:30.406 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FAB8, len 320
22:26:30.406 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FAB8)
22:26:30.406 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FC0C, len 3
22:26:30.406 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FC0C)
22:26:30.406 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FC38, len 342
22:26:30.406 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FC38)
22:26:30.406 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FDA4, len 3
22:26:30.406 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FDA4)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FDD0, len 66
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FDD0)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FE28, len 4
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FE28)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FE54, len 15
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FE54)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FE80, len 6
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FE80)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FEAC, len 6
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FEAC)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FED8, len 6
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FED8)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FF04, len 6
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FF04)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FF30, len 6
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FF30)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FF5C, len 7
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FF5C)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FF88, len 13
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FF88)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FFB4, len 6
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FFB4)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE3FFE0, len 6
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE3FFE0)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE4000C, len 6
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE4000C)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40038, len 6
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40038)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40064, len 6
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40064)
22:26:30.421 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40090, len 7
22:26:30.421 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40090)
22:26:30.437 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE400BC, len 7
22:26:30.453 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE400BC)
22:26:30.468 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE400E0, len 10
22:26:30.484 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE400E0)
22:26:30.500 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40104, len 51
22:26:30.515 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40104)
22:26:30.515 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40150, len 42
22:26:30.515 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40150)
22:26:30.515 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE4019C, len 8
22:26:30.515 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE4019C)
22:26:30.531 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE401C0, len 12
22:26:30.531 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE401C0)
22:26:30.531 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE401E4, len 10
22:26:30.531 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE401E4)
22:26:30.531 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40208, len 10
22:26:30.546 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40208)
22:26:30.562 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE4022C, len 8
22:26:30.578 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE4022C)
22:26:30.593 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40250, len 12
22:26:30.593 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40250)
22:26:30.593 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40274, len 10
22:26:30.593 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40274)
22:26:30.593 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40298, len 10
22:26:30.593 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40298)
22:26:30.593 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE402BC, len 8
22:26:30.609 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE402BC)
22:26:30.609 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE402E0, len 6
22:26:30.609 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE402E0)
22:26:30.609 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40304, len 6
22:26:30.609 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40304)
22:26:30.609 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40328, len 20
22:26:30.625 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40328)
22:26:30.625 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE4035C, len 11
22:26:30.625 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE4035C)
22:26:30.625 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40380, len 36
22:26:30.625 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40380)
22:26:30.625 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE403BC, len 30
22:26:30.640 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE403BC)
22:26:30.656 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40408, len 8
22:26:30.656 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40408)
22:26:30.656 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE4042C, len 12
22:26:30.656 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE4042C)
22:26:30.656 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40450, len 10
22:26:30.656 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40450)
22:26:30.656 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40474, len 10
22:26:30.671 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40474)
22:26:30.687 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40498, len 8
22:26:30.687 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40498)
22:26:30.687 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE404BC, len 12
22:26:30.687 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE404BC)
22:26:30.703 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE404E0, len 10
22:26:30.718 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE404E0)
22:26:30.718 895BD44C.00000000 RDP E1511010 UPFetchOrder 0423 Copying heap order at hdr addr EDE40504, len 10
22:26:30.718 895BD44C.00000000 RDP E1511010 OA_RemoveLis 0044 Remove list order (EDE40504)
22:26:30.718 895BD44C.00000000 RDP E1511010 UPFetchOrder 0448 Returned 72 orders in 2497 bytes
Breakpoint 7 hit
RDPWD!ShareClass::UPSendOrders+0x643:
b9eb3bf3 8945e4          mov     dword ptr [ebp-1Ch],eax
1: kd> kc
#
00 RDPWD!ShareClass::UPSendOrders
01 RDPWD!ShareClass::UP_SendUpdates
02 RDPWD!ShareClass::DCS_TimeToDoStuff
03 RDPWD!WD_Ioctl
04 termdd!_IcaCallSd
05 termdd!_IcaCallStack
06 termdd!IcaCallDriver
07 termdd!IcaDeviceControlVirtual
08 termdd!IcaDeviceControlChannel
09 termdd!IcaDeviceControl
0a termdd!IcaDispatch
0b nt!IofCallDriver
0c win32k!CtxDeviceIoControlFile
0d win32k!EngFileIoControl
0e RDPDD!SCH_DDOutputAvailable
0f RDPDD!DrvEscape
10 win32k!HDXDrvEscape
11 win32k!RawInputThread
12 win32k!xxxCreateSystemThreads
13 win32k!NtUserCallOneParam
14 nt!_KiSystemService
15 SharedUserData!SystemCallStub
16 winsrv!NtUserCallOneParam

http://www.dtcms.com/a/531869.html

相关文章:

  • RiPro数据转换CeoMax插件
  • IA复习笔记4 路由
  • 邯郸手机网站建设服务常见的网络推广工具
  • NTRU 加密系统原理及示例:NTRU、CTRU以及ITRU
  • k8s高频面试题汇总
  • 一篇文章理解LRC校验:
  • 石家庄免费网站建设百度收录入口提交查询
  • 专业提供网站建设服务培训学校 网站费用
  • 找做网站公司需要注意什么条件国外网站建设什么价格
  • 阮一峰《TypeScript 教程》学习笔记——tsconfig.json 文件
  • python如何做声音识别
  • 解决Docker磁盘空间不足导致MySQL启动失败
  • 【微服务组件】Springboot结合Dubbo实现RPC调用
  • One-Shot Federated Learning with Classifier-FreeDiffusion Models
  • powershell终端在ide里默认位置不对
  • 探索Linux进程:从理论到实践
  • 正则化机制解析:L2 的约束逻辑与 L1 的特征选择
  • 股票与期货战法理论发展路径
  • 用Python手写一个能识花的感知器模型——Iris分类实战详解
  • MySQL笔记16
  • gRPC通信流程学习
  • 百度站长平台有哪些功能网站做权重的好处
  • 数据科学复习题2025
  • 牛客网 AI题​(二)机器学习 + 深度学习
  • 拆解AI深度研究:从竞品分析到出海扩张,这是GTM的超级捷径
  • HarmonyOS 环境光传感器自适应:构建智能光线感知应用
  • 护肤品 网站建设策划shopex网站经常出错
  • 机器人描述文件xacro(urdf扩展)
  • AI决策平台怎么选?
  • 当 AI 视觉遇上现代 Web:DeepSeek-OCR 全栈应用深度剖析