winlogon登录对话框中USER32!SLEditWndProc函数分析之WM_CHAR消息是如何来的--重要

winlogon登录对话框中USER32!SLEditWndProc函数分析之WM_CHAR消息是如何来的--重要

0: kd> g
Breakpoint 17 hit
eax=e1630530 ebx=00000000 ecx=00000101 edx=bc510000 esi=00040001 edi=e16fa0a8
eip=bf8ad0ba esp=f75d68c0 ebp=f75d693c iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
win32k!PostInputMessage:
bf8ad0ba 55              push    ebp
0: kd> dv
             pq = 0xe1630530
           pwnd = 0x00000000
        message = 0x101
         wParam = 0x33
         lParam = 0n262145
           time = 0xffec66bb
    dwExtraInfo = 0
0: kd> bd 43
0: kd> be 43
0: kd> bl
   
    38 d Enable Clear  77cdfedd  [d:\srv03rtm\windows\core\ntuser\client\dlgmgr.c @ 1109]     0001 (0001) USER32!DialogBox2+0xe2
    39 d Enable Clear  77cc06d3  [d:\srv03rtm\windows\core\ntuser\client\cltxt.h @ 764]     0001 (0001) USER32!SendMessageW
    40 d Enable Clear  771803ce  [d:\srv03rtm\shell\comctl32\v5\subclass.c @ 1343]     0001 (0001) Comctl32!MasterSubclassProc
    41 d Enable Clear  77cc2325  [d:\srv03rtm\windows\core\ntuser\client\editsl.c @ 2523]     0001 (0001) USER32!SLEditWndProc
    42 d Enable Clear  77f5e0a3  [d:\srv03rtm\base\ntos\rtl\sertl.c @ 535]     0001 (0001) ntdll!RtlRunEncodeUnicodeString+0x79
    43 e Disable Clear  77cbe820  [d:\srv03rtm\windows\core\ntuser\client\ntstubs.c @ 1207]     0001 (0001) USER32!TranslateMessage
    44 d Enable Clear  bf8108ee e 1 0001 (0001) win32k!NtUserTranslateMessage

0: kd> be 40
0: kd> be 40
0: kd> be 39
0: kd> dv
             pq = 0xe1630530
           pwnd = 0x00000000
        message = 0x101
         wParam = 0x33
         lParam = 0n262145
           time = 0xffec66bb
    dwExtraInfo = 0
0: kd> g
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserWaitMessage, retval = 1
456.460> Winlogon-Trace-Timeout: Enabling timeout after 120 seconds
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserKillTimer, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserSetTimer, retval = 7ebc
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubCallback] SfnHkINDWORD, retval = 0
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserPeekMessage, retval = 1
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserCallMsgFilter, retval = 0
Breakpoint 39 hit
eax=00000000 ebx=00000002 ecx=007d4124 edx=00000201 esi=0006f8f8 edi=00000087
eip=77cc06d3 esp=0006f8b0 ebp=0006f8dc iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
USER32!SendMessageW:
001b:77cc06d3 55              push    ebp
1: kd> dv
           hwnd = 0x000800ec
        message = 0x87
         wParam = 0x33
         lParam = 0n456952
1: kd> kc
 #
00 USER32!SendMessageW
01 USER32!IsDialogMessageW
02 USER32!DialogBox2
03 USER32!InternalDialogBox
04 USER32!DialogBoxIndirectParamAorW
05 USER32!DialogBoxParamW
06 USER32!DialogBoxParamW_wrapper
07 winlogon!Fusion_DialogBoxParam
08 winlogon!TimeoutDialogBoxParam
09 winlogon!WlxDialogBoxParam
0a MSGINA!WlxWkstaLockedSAS
0b winlogon!DoLockWksta
0c winlogon!DoScreenSaver
0d winlogon!LoggedonDlgProc
0e winlogon!RootDlgProc
0f USER32!InternalCallWinProc
10 USER32!UserCallDlgProcCheckWow
11 USER32!DefDlgProcWorker
12 USER32!DefDlgProcW
13 USER32!InternalCallWinProc
14 USER32!UserCallWinProcCheckWow
15 USER32!DispatchMessageWorker
16 USER32!DispatchMessageW
17 USER32!IsDialogMessageW
18 USER32!DialogBox2
19 USER32!InternalDialogBox
1a USER32!DialogBoxIndirectParamAorW
1b USER32!DialogBoxParamW
1c USER32!DialogBoxParamW_wrapper
1d winlogon!Fusion_DialogBoxParam
1e winlogon!TimeoutDialogBoxParam
1f winlogon!WlxDialogBoxParam
20 winlogon!BlockWaitForUserAction
21 winlogon!MainLoop
22 winlogon!WinMain
23 winlogon!WinMainCRTStartup

   case WM_KEYDOWN:
        code = (UINT)SendMessage(lpMsg->hwnd, WM_GETDLGCODE, lpMsg->wParam,
                (LPARAM)lpMsg);
        if (code & (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE))
            break;

        switch (lpMsg->wParam) {
        case VK_TAB:

1: kd> g
Breakpoint 40 hit
eax=c0000000 ebx=00000000 ecx=40000000 edx=00000000 esi=771803ce edi=0006f824
eip=771803ce esp=0006f7b0 ebp=0006f7d8 iopl=0         ov up ei ng nz na pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000a87
Comctl32!MasterSubclassProc:
001b:771803ce 6a20            push    20h
1: kd> kc
 #
00 Comctl32!MasterSubclassProc
01 USER32!InternalCallWinProc
02 USER32!UserCallWinProcCheckWow
03 USER32!SendMessageWorker
04 USER32!SendMessageW
05 USER32!IsDialogMessageW
06 USER32!DialogBox2
07 USER32!InternalDialogBox
08 USER32!DialogBoxIndirectParamAorW
09 USER32!DialogBoxParamW
0a USER32!DialogBoxParamW_wrapper
0b winlogon!Fusion_DialogBoxParam
0c winlogon!TimeoutDialogBoxParam
0d winlogon!WlxDialogBoxParam
0e MSGINA!WlxWkstaLockedSAS
0f winlogon!DoLockWksta
10 winlogon!DoScreenSaver
11 winlogon!LoggedonDlgProc
12 winlogon!RootDlgProc
13 USER32!InternalCallWinProc
14 USER32!UserCallDlgProcCheckWow
15 USER32!DefDlgProcWorker
16 USER32!DefDlgProcW
17 USER32!InternalCallWinProc
18 USER32!UserCallWinProcCheckWow
19 USER32!DispatchMessageWorker
1a USER32!DispatchMessageW
1b USER32!IsDialogMessageW
1c USER32!DialogBox2
1d USER32!InternalDialogBox
1e USER32!DialogBoxIndirectParamAorW
1f USER32!DialogBoxParamW
20 USER32!DialogBoxParamW_wrapper
21 winlogon!Fusion_DialogBoxParam
22 winlogon!TimeoutDialogBoxParam
23 winlogon!WlxDialogBoxParam
24 winlogon!BlockWaitForUserAction
25 winlogon!MainLoop
26 winlogon!WinMain
27 winlogon!WinMainCRTStartup
1: kd> dv
           hWnd = 0x000800ec
           uMsg = 0x87
         wParam = 0x33
         lParam = 0n456952
          Frame = struct _SUBCLASS_FRAME
        pHeader = 0x007d3ef4
        lResult = 0n456740
         szFile = unsigned short [41]
  gAlwaysAssert = 0n0
         szFile = unsigned short [41]
  gAlwaysAssert = 0n0
         szFile = unsigned short [41]
  gAlwaysAssert = 0n0
         szFile = unsigned short [41]
  gAlwaysAssert = 0n0
1: kd> ?0n456952
Evaluate expression: 456952 = 0006f8f8

1: kd> g
Breakpoint 45 hit
eax=00000089 ebx=00000002 ecx=004c0c9c edx=000800ec esi=0006f8f8 edi=00000087
eip=77cdb37e esp=0006f8c4 ebp=0006f8dc iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
USER32!IsDialogMessageW+0x297:
001b:77cdb37e a804            test    al,4

    case WM_KEYDOWN:
        code = (UINT)SendMessage(lpMsg->hwnd, WM_GETDLGCODE, lpMsg->wParam,
                (LPARAM)lpMsg);
        if (code & (DLGC_WANTALLKEYS | DLGC_WANTMESSAGE))
            break;

code =eax=00000089

#define DLGC_HASSETSEL      0x0008
#define DLGC_WANTARROWS     0x0001
#define DLGC_WANTCHARS      0x0080

/* dialog codes */
#define DLGC_WANTARROWS     0x0001
#define DLGC_WANTTAB        0x0002
#define DLGC_WANTALLKEYS    0x0004
#define DLGC_WANTMESSAGE    0x0004
#define DLGC_HASSETSEL      0x0008
#define DLGC_DEFPUSHBUTTON  0x0010
#define DLGC_UNDEFPUSHBUTTON 0x0020
#define DLGC_RADIOBUTTON    0x0040
#define DLGC_WANTCHARS      0x0080
#define DLGC_STATIC         0x0100
#define DLGC_BUTTON         0x2000

    TranslateMessage(lpMsg);
    DispatchMessage(lpMsg);

    return TRUE;
}

1: kd> t
Breakpoint 43 hit
eax=00000089 ebx=00000002 ecx=00000008 edx=000800ec esi=0006f8f8 edi=00000087
eip=77cbe820 esp=0006f8bc ebp=0006f8dc iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
USER32!TranslateMessage:
001b:77cbe820 55