当前位置: 首页 > news >正文

用户按下字符键后的vk键状态是win32k!xxxSkipSysMsg函数里面的win32k!UpdateKeyState函数设置的====非常重要

news 2025/11/10 9:40:52

用户按下字符键后的vk键状态是win32k!NtUserPeekMessage函数里面的win32k!xxxScanSysQueue函数里面的win32k!xxxSkipSysMsg函数里面的win32k!UpdateKeyState函数设置的====非常重要

第一部分:

0: kd> dv
             pq = 0xe1630530
           pwnd = 0x00000000
        message = 0x100
         wParam = 0x35
         lParam = 0n393217
           time = 0xffecc0c1
    dwExtraInfo = 0
0: kd> dx -id 0,0,8960a020 -r1 ((win32k!tagQ *)0xe1630530)
((win32k!tagQ *)0xe1630530)                 : 0xe1630530 [Type: tagQ *]
    [+0x000] mlInput          [Type: tagMLIST]
    [+0x00c] ptiSysLock       : 0x0 [Type: tagTHREADINFO *]
    [+0x010] idSysLock        : 0x1 [Type: unsigned long]
    [+0x014] idSysPeek        : 0x0 [Type: unsigned long]
    [+0x018] ptiMouse         : 0xe1404c50 [Type: tagTHREADINFO *]
    [+0x01c] ptiKeyboard      : 0xe1404c50 [Type: tagTHREADINFO *]
    [+0x020] spwndCapture     : 0x0 [Type: tagWND *]
    [+0x024] spwndFocus       : 0xbc6449ac [Type: tagWND *]
    [+0x028] spwndActive      : 0xbc644124 [Type: tagWND *]
    [+0x02c] spwndActivePrev  : 0x0 [Type: tagWND *]
    [+0x030] codeCapture      : 0x1 [Type: unsigned int]
    [+0x034] msgDblClk        : 0x201 [Type: unsigned int]
    [+0x038] xbtnDblClk       : 0x0 [Type: unsigned short]
    [+0x03c] timeDblClk       : 0xffe598d9 [Type: unsigned long]
    [+0x040] hwndDblClk       : 0xc00d6 [Type: HWND__ *]
    [+0x044] ptDblClk         : {x=464 y=375} [Type: tagPOINT]
    [+0x04c] afKeyRecentDown  [Type: unsigned char [32]]
    [+0x06c] afKeyState       [Type: unsigned char [64]]
    [+0x0ac] caret            [Type: tagCARET]
    [+0x0e4] spcurCurrent     : 0x0 [Type: tagCURSOR *]
    [+0x0e8] iCursorLevel     : 0 [Type: int]
    [+0x0ec] QF_flags         : 0x140 [Type: unsigned long]


0: kd> kc
 #
00 win32k!PostInputMessage
01 win32k!xxxKeyEvent
02 win32k!xxxProcessKeyEvent
03 win32k!ProcessKeyboardInputWorker
04 win32k!ProcessKeyboardInput
05 win32k!InputApc
06 nt!KiDeliverApc
07 nt!KiSwapThread
08 nt!KeWaitForMultipleObjects
09 win32k!RawInputThread
0a win32k!xxxCreateSystemThreads
0b win32k!NtUserCallOneParam
0c nt!_KiSystemService
0d SharedUserData!SystemCallStub


0: kd> dx -id 0,0,8960a020 -r1 (*((win32k!unsigned char (*)[64])0xe163059c))
(*((win32k!unsigned char (*)[64])0xe163059c))                 [Type: unsigned char [64]]
    [0]              : 0x8 [Type: unsigned char]
    [1]              : 0x0 [Type: unsigned char]
    [2]              : 0x8 [Type: unsigned char]
    [3]              : 0x0 [Type: unsigned char]
    [4]              : 0x0 [Type: unsigned char]
    [5]              : 0x0 [Type: unsigned char]
    [6]              : 0x0 [Type: unsigned char]
    [7]              : 0x0 [Type: unsigned char]
    [8]              : 0x0 [Type: unsigned char]
    [9]              : 0x0 [Type: unsigned char]
    [10]             : 0x0 [Type: unsigned char]
    [11]             : 0x20 [Type: unsigned char]
    [12]             : 0x0 [Type: unsigned char]
    [13]             : 0x2 [Type: unsigned char]
    [14]             : 0x0 [Type: unsigned char]
    [15]             : 0x0 [Type: unsigned char]
    [16]             : 0xa0 [Type: unsigned char]
    [17]             : 0x2 [Type: unsigned char]

0: kd> dx -id 0,0,8960a020 -r1 (*((win32k!tagMLIST *)0xe1630530))
(*((win32k!tagMLIST *)0xe1630530))                 [Type: tagMLIST]
    [+0x000] pqmsgRead        : 0xe16fa0a8 [Type: tagQMSG *]
    [+0x004] pqmsgWriteLast   : 0xe16fa0a8 [Type: tagQMSG *]
    [+0x008] cMsgs            : 0x1 [Type: unsigned long]
0: kd> dx -id 0,0,8960a020 -r1 ((win32k!tagQMSG *)0xe16fa0a8)
((win32k!tagQMSG *)0xe16fa0a8)                 : 0xe16fa0a8 [Type: tagQMSG *]
    [+0x000] pqmsgNext        : 0x0 [Type: tagQMSG *]
    [+0x004] pqmsgPrev        : 0x0 [Type: tagQMSG *]
    [+0x008] msg              : {msg=0x0 wp=0x0 lp=0x0} [Type: tagMSG]
    [+0x024] ExtraInfo        : 0 [Type: long]
    [+0x028] dwQEvent         : 0x0 [Type: unsigned long]
    [+0x02c] pti              : 0x0 [Type: tagTHREADINFO *]


    StoreQMessage(pqmsgInput, pwnd, message, wParam, lParam, time, 0, dwExtraInfo);
    WakeSomeone(pq, message, pqmsgInput);


0: kd> dx -id 0,0,8960a020 -r1 ((win32k!tagQMSG *)0xe16fa0a8)
((win32k!tagQMSG *)0xe16fa0a8)                 : 0xe16fa0a8 [Type: tagQMSG *]
    [+0x000] pqmsgNext        : 0x0 [Type: tagQMSG *]
    [+0x004] pqmsgPrev        : 0x0 [Type: tagQMSG *]
    [+0x008] msg              : {msg=0x100 wp=0x35 lp=0x60001} [Type: tagMSG]
    [+0x024] ExtraInfo        : 0 [Type: long]
    [+0x028] dwQEvent         : 0x0 [Type: unsigned long]
    [+0x02c] pti              : 0x0 [Type: tagTHREADINFO *]

第二部分:

0: kd> g
(s: 0 0x1c8.1cc winlogon.exe) USRK-[StubReturn] NtUserWaitMessage, retval = 1
Breakpoint 17 hit
eax=e1630530 ebx=00000000 ecx=00000101 edx=bc510000 esi=00060001 edi=e16fa0a8
eip=bf8ad0ba esp=f75d68c0 ebp=f75d693c iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
win32k!PostInputMessage:
bf8ad0ba 55              push    ebp
0: kd> dv
             pq = 0xe1630530
           pwnd = 0x00000000
        message = 0x101
         wParam = 0x35
         lParam = 0n393217
           time = 0xffecc13e
    dwExtraInfo = 0

0: kd> dx -id 0,0,8960a020 -r1 (*((win32k!unsigned char (*)[64])0xe163059c))
(*((win32k!unsigned char (*)[64])0xe163059c))                 [Type: unsigned char [64]]
    [0]              : 0x8 [Type: unsigned char]
    [1]              : 0x0 [Type: unsigned char]
    [2]              : 0x8 [Type: unsigned char]
    [3]              : 0x0 [Type: unsigned char]
    [4]              : 0x0 [Type: unsigned char]
    [5]              : 0x0 [Type: unsigned char]
    [6]              : 0x0 [Type: unsigned char]
    [7]              : 0x0 [Type: unsigned char]
    [8]              : 0x0 [Type: unsigned char]
    [9]              : 0x0 [Type: unsigned char]
    [10]             : 0x0 [Type: unsigned char]
    [11]             : 0x20 [Type: unsigned char]
    [12]             : 0x0 [Type: unsigned char]
    [13]             : 0x2 [Type: unsigned char]
    [14]             : 0x0 [Type: unsigned char]

    StoreQMessage(pqmsgInput, pwnd, message, wParam, lParam, time, 0, dwExtraInfo);
    WakeSomeone(pq, message, pqmsgInput);

0: kd> dx -id 0,0,8960a020 -r1 (*((win32k!tagMLIST *)0xe1630530))
(*((win32k!tagMLIST *)0xe1630530))                 [Type: tagMLIST]
    [+0x000] pqmsgRead        : 0xe16fa0a8 [Type: tagQMSG *]
    [+0x004] pqmsgWriteLast   : 0xe31096b8 [Type: tagQMSG *]
    [+0x008] cMsgs            : 0x2 [Type: unsigned long]
0: kd> dx -id 0,0,8960a020 -r1 ((win32k!tagQMSG *)0xe16fa0a8)
((win32k!tagQMSG *)0xe16fa0a8)                 : 0xe16fa0a8 [Type: tagQMSG *]
    [+0x000] pqmsgNext &nbs

http://www.dtcms.com/a/589632.html

相关文章:

  • Zynq-7000嵌入式开发100问全解析解答共十万字回答,适用入门嵌入式软件初级工程师,筑牢基础,技术积累,校招面试。
  • 有没有专门做化妆品小样的网站国内的有什么好wordpress主题
  • 帝国cms 网站搬家python编程课哪个机构最好
  • 响应式网站代码规范河南省工程建设信息网官网入口
  • 做网站 分工深圳软件开发工作室
  • 一周学习总结
  • 长沙品牌网站设计做网站app要注册哪类商标
  • 【AIGC面试面经第五期】AI绘画-AI绘画框架相关问答
  • 音乐网站设计外国手做网站
  • 网站有什么采集网站后台数据
  • Linux33 网络编程-多线程TCP并发
  • Tomcat和负载均衡
  • 【算力】AI万卡GPU集群交付确认项与日常运维(算力压测、数据倒腾、日常运维)
  • 网站建设 东八区学校网站建设的意义的主要负责人
  • 网站开发招商计划书c 网站开发框架有
  • 成都企业网站开发网站主页设计费用
  • 数据结构——四十、折半查找(王道408)
  • 操作系统 内存(5)虚拟内存机制
  • 郑州网站建设专业乐云seowordpress user role
  • JavaScript 的 Web APIs 入门到实战全总结(day7):从数据处理到交互落地的全链路实战(附实战案例代码)
  • 分类型网站建设付费推广外包
  • 17_FastMCP 2.x 中文文档之FastMCP服务端高级功能:LLM采样详解
  • 集团网站建设制作费用百度公司是国企还是私企
  • Go Channel 深度指南:规范、避坑与开源实践
  • Postman 脚本控制特定请求的执行流程(跳过执行)
  • Kubernetes Deployment 控制器
  • 网络体系结构-物理层
  • 色彩搭配 网站无障碍网站建设方案
  • 网站建设制作公一般做个网站多少做网站多少钱
  • 商业网站建站目的官网建站系统