explorer.exe源代码分析之热键的注册和处理
explorer.exe源代码分析之热键的注册和处理
PROCESS 898be270 SessionId: 0 Cid: 03d8 Peb: 7ffdf000 ParentCid: 039c
DirBase: 78611000 ObjectTable: e1861388 HandleCount: 269.
Image: explorer.exe
PROCESS 89424c18 SessionId: 0 Cid: 0398 Peb: 7ffdf000 ParentCid: 03d8
DirBase: 790d3000 ObjectTable: e178dd28 HandleCount: 15.
Image: notepad.exe
1: kd> .PROCESS /p 898be270
Implicit process is now 898be270
.cache forcedecodeuser done
1: kd> .reload /f
Connected to Windows Server 2003 3790 x86 compatible target at (Mon Nov 10 09:53:18.631 2025 (UTC + 8:00)), ptr64 FALSE
Loading Kernel Symbols
..........
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.....................................................
................................*** WARNING: Unable to verify timestamp for RDPDD.dll
Loading User Symbols
......
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.......................................................
Loading unloaded module list
.......
************* Symbol Loading Error Summary **************
Module name Error
dmload The system cannot find the file specified
dmio The system cannot find the file specified
imapi The system cannot find the file specified
pcntpci5 The system cannot find the file specified
audstub The system cannot find the file specified
ptilink The system cannot find the file specified
update The system cannot find the file specified
afd The system cannot find the file specified
RDPDD Image header paged out
OLEAUT32 The system cannot find the file specified
CLBCatQ The system cannot find the file specified
COMRes The system cannot find the file specified
WSOCK32 The system cannot find the file specified
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
1: kd> x win32k!gphkHashTable
bfa5fc38 win32k!gphkHashTable = struct tagHOTKEY *[128]
1: kd> dx -id 0,0,898be270 -r1 (*((win32k!tagHOTKEY * (*)[128])0xbfa5fc38))
(*((win32k!tagHOTKEY * (*)[128])0xbfa5fc38)) [Type: tagHOTKEY * [128]]
[0] : 0xe1597990 [Type: tagHOTKEY *]
[1] : 0x0 [Type: tagHOTKEY *]
[2] : 0x0 [Type: tagHOTKEY *]
[3] : 0x0 [Type: tagHOTKEY *]
[4] : 0x0 [Type: tagHOTKEY *]
[5] : 0x0 [Type: tagHOTKEY *]
[6] : 0x0 [Type: tagHOTKEY *]
[7] : 0x0 [Type: tagHOTKEY *]
[8] : 0x0 [Type: tagHOTKEY *]
[9] : 0xe2fd1948 [Type: tagHOTKEY *]
[10] : 0x0 [Type: tagHOTKEY *]
[11] : 0x0 [Type: tagHOTKEY *]
[12] : 0x0 [Type: tagHOTKEY *]
[13] : 0x0 [Type: tagHOTKEY *]
[14] : 0x0 [Type: tagHOTKEY *]
[15] : 0x0 [Type: tagHOTKEY *]
[16] : 0x0 [Type: tagHOTKEY *]
[17] : 0x0 [Type: tagHOTKEY *]
[18] : 0x0 [Type: tagHOTKEY *]
[19] : 0xe30c56a8 [Type: tagHOTKEY *]
[20] : 0x0 [Type: tagHOTKEY *]
[21] : 0x0 [Type: tagHOTKEY *]
[22] : 0x0 [Type: tagHOTKEY *]
[23] : 0x0 [Type: tagHOTKEY *]
[24] : 0x0 [Type: tagHOTKEY *]
[25] : 0x0 [Type: tagHOTKEY *]
[26] : 0x0 [Type: tagHOTKEY *]
[27] : 0xe16ff810 [Type: tagHOTKEY *]
[28] : 0x0 [Type: tagHOTKEY *]
[29] : 0x0 [Type: tagHOTKEY *]
[30] : 0x0 [Type: tagHOTKEY *]
[31] : 0x0 [Type: tagHOTKEY *]
[32] : 0x0 [Type: tagHOTKEY *]
[33] : 0x0 [Type: tagHOTKEY *]
[34] : 0x0 [Type: tagHOTKEY *]
[35] : 0x0 [Type: tagHOTKEY *]
[36] : 0x0 [Type: tagHOTKEY *]
[37] : 0x0 [Type: tagHOTKEY *]
[38] : 0x0 [Type: tagHOTKEY *]
[39] : 0x0 [Type: tagHOTKEY *]
[40] : 0x0 [Type: tagHOTKEY *]
[41] : 0x0 [Type: tagHOTKEY *]
[42] : 0x0 [Type: tagHOTKEY *]
[43] : 0x0 [Type: tagHOTKEY *]
[44] : 0x0 [Type: tagHOTKEY *]
[45] : 0x0 [Type: tagHOTKEY *]
[46] : 0xe13e8b48 [Type: tagHOTKEY *]
[47] : 0x0 [Type: tagHOTKEY *]
[48] : 0x0 [Type: tagHOTKEY *]
[49] : 0x0 [Type: tagHOTKEY *]
[50] : 0x0 [Type: tagHOTKEY *]
[51] : 0x0 [Type: tagHOTKEY *]
[52] : 0x0 [Type: tagHOTKEY *]
[53] : 0x0 [Type: tagHOTKEY *]
[54] : 0x0 [Type: tagHOTKEY *]
[55] : 0x0 [Type: tagHOTKEY *]
[56] : 0x0 [Type: tagHOTKEY *]
[57] : 0x0 [Type: tagHOTKEY *]
[58] : 0x0 [Type: tagHOTKEY *]
[59] : 0x0 [Type: tagHOTKEY *]
[60] : 0x0 [Type: tagHOTKEY *]
[61] : 0x0 [Type: tagHOTKEY *]
[62] : 0x0 [Type: tagHOTKEY *]
[63] : 0x0 [Type: tagHOTKEY *]
[64] : 0x0 [Type: tagHOTKEY *]
[65] : 0x0 [Type: tagHOTKEY *]
[66] : 0xe30c5678 [Type: tagHOTKEY *]
[67] : 0x0 [Type: tagHOTKEY *]
[68] : 0xe16fd760 [Type: tagHOTKEY *]
[69] : 0xe30c3f30 [Type: tagHOTKEY *]
[70] : 0xe2fd1978 [Type: tagHOTKEY *]
[71] : 0x0 [Type: tagHOTKEY *]
[72] : 0x0 [Type: tagHOTKEY *]
[73] : 0x0 [Type: tagHOTKEY *]
[74] : 0x0 [Type: tagHOTKEY *]
[75] : 0x0 [Type: tagHOTKEY *]
[76] : 0xe166f780 [Type: tagHOTKEY *]
[77] : 0xe30c3f60 [Type: tagHOTKEY *]
[78] : 0x0 [Type: tagHOTKEY *]
[79] : 0x0 [Type: tagHOTKEY *]
[80] : 0x0 [Type: tagHOTKEY *]
[81] &nbs