win32k源代码分析之win32k!IsSAS函数中的全局变量win32k!gfsSASModifiers = 3是什么时候被赋值的
win32k源代码分析之win32k!IsSAS函数中的全局变量win32k!gfsSASModifiers = 3是什么时候被赋值的
BOOL IsSAS(
BYTE vk,
UINT *pfsModifiers)
{
CheckCritIn();
if (gvkSAS != vk) {
return FALSE;
}
if (gfsSASModifiersDown == gfsSASModifiers) {
*pfsModifiers = gfsSASModifiersDown;
return TRUE;
}
return FALSE;
}
1: kd> x win32k!gfsSASModifiers
bfa70f00 win32k!gfsSASModifiers = 3
D:\srv03rtm\windows\core/ntuser/kernel/hotkeys.c:286: gfsSASModifiers = fsModifiers;
第A部分:
#define MOD_SAS 0x8000
BOOL _RegisterHotKey(
PWND pwnd,
int id,
UINT fsModifiers,
UINT vk)
{
PHOTKEY phk;
BOOL fKeysExist, bSAS;
PTHREADINFO ptiCurrent;
WORD wFlags;
wFlags = fsModifiers & MOD_SAS;
fsModifiers &= ~MOD_SAS;
第B部分:
/*
* If this is the SAS check that winlogon is the one registering it.
*/
if ((wFlags & MOD_SAS) != 0 && PsGetCurrentProcessId() == gpidLogon) {
bSAS = TRUE;
} else {
bSAS = FALSE;
}
第C部分:
if (bSAS) {
/*
* Store the SAS on the terminal.
*/
gvkSAS = vk;
gfsSASModifiers = fsModifiers;
}
1: kd> x win32k!gvkSAS
bfa70ef8 win32k!gvkSAS = 0x2e
第D部分:确实加上了MOD_SAS位0x8000
BOOL SASCreate(
HWND hwnd)
{
// Register the SAS unless we are told not to.
if (GetProfileInt( APPNAME_WINLOGON, VARNAME_AUTOLOGON, 0 ) != 2) {
if (!RegisterHotKey(hwnd, 0, MOD_SAS | MOD_CONTROL | MOD_ALT, VK_DELETE)) {
DebugLog((DEB_ERROR, "failed to register SAS"));
return(FALSE); // Fail creation
}
}