当前位置: 首页 > news >正文

alt+f4的调试记录之WM_SYSCOMMAND消息的产生--windows消息机制

news 2025/11/14 14:04:30

 
alt+f4的调试记录之WM_SYSCOMMAND消息的产生--windows消息机制

0: kd> kc
#
00 win32k!xxxKeyEvent
01 win32k!xxxProcessKeyEvent
02 win32k!ProcessKeyboardInputWorker
03 win32k!ProcessKeyboardInput
04 win32k!InputApc
05 nt!KiDeliverApc
06 nt!KiSwapThread
07 nt!KeWaitForMultipleObjects
08 win32k!RawInputThread
09 win32k!xxxCreateSystemThreads
0a win32k!NtUserCallOneParam
0b nt!_KiSystemService
0c SharedUserData!SystemCallStub
WARNING: Frame IP not in any known module. Following frames may be wrong.
0d 0x0
0e 0x0


0: kd> p
eax=00000004 ebx=00000012 ecx=89a6d7b8 edx=89a6d7b8 esi=00000000 edi=00004000
eip=bf8e7a34 esp=ba71b8e0 ebp=ba71b93c iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
win32k!xxxKeyEvent+0xc0:
bf8e7a34 85f6            test    esi,esi
0: kd> dv
usFlaggedVk = 0xa4
wScanCode = 0x38
time = 0xffdc8359
ExtraInfo = 0
hDevice = 0x00010063
pkei = 0xba71b998
bInjected = 0n0
fSASHandled = 0n0
message = 0x100
fsReserveKeys = 0
fMakeAltUpASysKey = 0n0
Vk = 0x12 ''
tlpwndActivate = struct _TL
ptiCurrent = 0xe1686e58
fBreak = 0n0
usExtraStuff = 0
bAnsiHook = 0n16384
msg = 0x8000
kbds = struct tagKBDLLHOOKSTRUCT
fsModifiers = 0x8000
fsModifiers = 0x4000
wParam = 0

   /*
* If the ALT key is down and the CTRL key
* isn't, this is a WM_SYS* message.
*/
if (TestAsyncKeyStateDown(VK_MENU) && !TestAsyncKeyStateDown(VK_CONTROL) && Vk != VK_JUNJA) {
// VK_JUNJA is ALT+'+'. Since all KOR VKs are not converted to IME hotkey IDs and
// should be passed directly to IME, KOR related VKs are not treated as SYSKEYDOWN.
message += (WM_SYSKEYDOWN - WM_KEYDOWN);
usExtraStuff |= 0x2000;

        lParam = MAKELONG(1, (wScanCode | usExtraStuff));


0: kd> dv
usFlaggedVk = 0xa4
wScanCode = 0x38
time = 0xffdc8359
ExtraInfo = 0
hDevice = 0x00010063
pkei = 0xba71b998
bInjected = 0n18
fSASHandled = 0n0
message = 0x104
fsReserveKeys = 0x12
fMakeAltUpASysKey = 0n1
Vk = 0x12 ''
tlpwndActivate = struct _TL
ptiCurrent = 0x00000012
fBreak = 0n0
usExtraStuff = 0x2000
bAnsiHook = 0n16384
msg = 0x8000
kbds = struct tagKBDLLHOOKSTRUCT
fsModifiers = 0x8000
fsModifiers = 0x4000
wParam = 0x12

0: kd> t
eax=e17737e8 ebx=00000000 ecx=00000104 edx=89a6d7b8 esi=20380001 edi=e1971008
eip=bf8ad0ba esp=ba71b8c0 ebp=ba71b93c iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
win32k!PostInputMessage:
bf8ad0ba 55              push    ebp
0: kd> dv
pq = 0xe17737e8
pwnd = 0x00000000
message = 0x104
wParam = 0x12
lParam = 0n540540929
time = 0xffdc8359
dwExtraInfo = 0
0: kd> ?0n540540929
Evaluate expression: 540540929 = 20380001

0: kd> dx -id 0,0,ffffffff89903ba8 -r1 ((win32k!tagQMSG *)0xe10cf040)
((win32k!tagQMSG *)0xe10cf040)                 : 0xe10cf040 [Type: tagQMSG *]
[+0x000] pqmsgNext        : 0x0 [Type: tagQMSG *]
[+0x004] pqmsgPrev        : 0xe1971008 [Type: tagQMSG *]
[+0x008] msg              : {msg=0x104 wp=0x12 lp=0x20380001} [Type: tagMSG]
[+0x024] ExtraInfo        : 0 [Type: long]
[+0x028] dwQEvent         : 0x0 [Type: unsigned long]
[+0x02c] pti              : 0x0 [Type: tagTHREADINFO *]

0: kd> g
(s: 0 0x64c.650 explorer.exe) USRK-[StubCallback] Callback SfnDWORD, Unknown(WM_NCHITTEST), retval = 1
Breakpoint 8 hit
eax=ba71b98c ebx=e13f4ca8 ecx=ba710073 edx=ffffffe2 esi=00008000 edi=00000000
eip=bf8e8675 esp=ba71b970 ebp=ba71b9a4 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
win32k!xxxProcessKeyEvent:
bf8e8675 55              push    ebp
1: kd> dv
pke = 0xba71b98c
ExtraInformation = 0
bInjected = 0n0
Vk = 0x8c ''
1: kd> dx -id 0,0,ffffffff89903ba8 -r1 ((win32k!tagKE *)0xba71b98c)
((win32k!tagKE *)0xba71b98c)                 : 0xba71b98c [Type: tagKE *]
[+0x000] bScanCode        : 0x3e [Type: unsigned char]
[+0x000] wchInjected      : 0x7c3e [Type: unsigned short]
[+0x002] usFlaggedVk      : 0x73 [Type: unsigned short]
[+0x004] dwTime           : 0xffffffff [Type: unsigned long]
[+0x008] hDevice          : 0x10063 [Type: void *]
[+0x00c] data             [Type: _KEYBOARD_INPUT_DATA]


1: kd> dv
usFlaggedVk = 0x73
wScanCode = 0x3e
time = 0xffdc8443
ExtraInfo = 0
hDevice = 0x00010063
pkei = 0xba71b998


if (TestAsyncKeyStateDown(VK_MENU) && !TestAsyncKeyStateDown(VK_CONTROL) && Vk != VK_JUNJA) {
// VK_JUNJA is ALT+'+'. Since all KOR VKs are not converted to IME hotkey IDs and
// should be passed directly to IME, KOR related VKs are not treated as SYSKEYDOWN.
message += (WM_SYSKEYDOWN - WM_KEYDOWN);
usExtraStuff |= 0x2000;

1: kd> t
eax=e17737e8 ebx=00000000 ecx=00000104 edx=89a6d7b8 esi=203e0001 edi=e10cf040
eip=bf8ad0ba esp=ba71b8c0 ebp=ba71b93c iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
win32k!PostInputMessage:
bf8ad0ba 55              push    ebp
1: kd> dv
pq = 0xe17737e8
pwnd = 0x00000000
message = 0x104
wParam = 0x73
lParam = 0n540934145
time = 0xffdc8443
dwExtraInfo = 0
1: kd> ?0n540934145
Evaluate expression: 540934145 = 203e0001

1: kd> g
Breakpoint 8 hit
eax=ba71b98c ebx=e13f4cb4 ecx=ba7100a4 edx=00000013 esi=00008000 edi=00000000
eip=bf8e8675 esp=ba71b970 ebp=ba71b9a4 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
win32k!xxxProcessKeyEvent:
bf8e8675 55              push    ebp
1: kd> dv
pke = 0xba71b98c
ExtraInformation = 0
bInjected = 0n0
Vk = 0x8c ''
1: kd> dx -id 0,0,ffffffff89903ba8 -r1 ((win32k!tagKE *)0xba71b98c)
((win32k!tagKE *)0xba71b98c)                 : 0xba71b98c [Type: tagKE *]
[+0x000] bScanCode        : 0x38 [Type: unsigned char]
[+0x000] wchInjected      : 0x7c38 [Type: unsigned short]
[+0x002] usFlaggedVk      : 0x80a4 [Type: unsigned short]
[+0x004] dwTime           : 0xffdc8443 [Type: unsigned long]
[+0x008] hDevice          : 0x10063 [Type: void *]
[+0x00c] data             [Type: _KEYBOARD_INPUT_DATA]


1: kd> g
Breakpoint 8 hit
eax=ba71b98c ebx=e13f4cc0 ecx=ba710073 edx=ffffffe2 esi=00008000 edi=00000000
eip=bf8e8675 esp=ba71b970 ebp=ba71b9a4 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
win32k!xxxProcessKeyEvent:
bf8e8675 55              push    ebp
1: kd> dv
pke = 0xba71b98c
ExtraInformation = 0
bInjected = 0n0
Vk = 0x8c ''
1: kd> dx -id 0,0,ffffffff89903ba8 -r1 ((win32k!tagKE *)0xba71b98c)
((win32k!tagKE *)0xba71b98c)                 : 0xba71b98c [Type: tagKE *]
[+0x000] bScanCode        : 0x3e [Type: unsigned char]
[+0x000] wchInjected      : 0x7c3e [Type: unsigned short]
[+0x002] usFlaggedVk      : 0x8073 [Type: unsigned short]
[+0x004] dwTime           : 0xffdc8e36 [Type: unsigned long]
[+0x008] hDevice          : 0x10063 [Type: void *]
[+0x00c] data             [Type: _KEYBOARD_INPUT_DATA]

Breakpoint 9 hit
eax=b9c2ed10 ebx=bf8108ee ecx=bc670001 edx=bc510000 esi=0006fef8 edi=b9c2ed2c
eip=bf8e35ee esp=b9c2ecf8 ebp=b9c2ed48 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000286
win32k!xxxTranslateMessage:
bf8e35ee 55              push    ebp
0: kd> dv
pmsg = 0xb9c2ed10 {msg=0x104 wp=0x12 lp=0x20380001}
uiTMFlags = 0
fSysKey = 0n-1
awch = unsigned short [16]
pwnd = 0xffffffff
wMsgType = 0
dwKeyFlags = 0xb9c2ed10

    case WM_SYSKEYDOWN:
/*
* HACK carried over from Win3 code: system messages
* only get posted during KEYDOWN processing - so
* set fSysKey only for WM_SYSKEYDOWN.
*/
fSysKey = TRUE;
/*

0: kd> dv
pmsg = 0xb9c2ed10 {msg=0x104 wp=0x12 lp=0x20380001}
uiTMFlags = 0
fSysKey = 0n1
awch = unsigned short [16]
pwnd = 0x00000001
wMsgType = 0
dwKeyFlags = 0xb9c2ed10

        cChar = xxxInternalToUnicode(uVirKey,   // virtual key code
HIWORD(lParam),  // scan code, make/break bit
pti->pq->afKeyState,
awch, sizeof(awch)/sizeof(awch[0]),
uiTMFlags, &dwKeyFlags, NULL);

0: kd> p
eax=00000000 ebx=20380001 ecx=00000008 edx=00000010 esi=b9c2ed10 edi=00000000
eip=bf8e368e esp=b9c2ecc0 ebp=b9c2ecf4 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
win32k!xxxTranslateMessage+0xa0:
bf8e368e 8b4508          mov     eax,dword ptr [ebp+8] ss:0010:b9c2ecfc=00000000

0: kd> dv
wKey = 0x12
pti = 0x00000008
tlpwndActive = struct _TL
__pobj_ = 0xbf82e5b1


0: kd> kc
#
00 win32k!xxxDWP_ProcessVirtKey
01 win32k!xxxRealDefWindowProc
02 win32k!xxxWrapRealDefWindowProc
03 win32k!NtUserfnDWORD
04 win32k!NtUserMessageCall
05 nt!_KiSystemService
06 SharedUserData!SystemCallStub
07 USER32!NtUserMessageCall
08 USER32!UserCallWinProcCheckWow
09 COMCTL32!EditML_WndProc
0a COMCTL32!Edit_WndProc
0b USER32!InternalCallWinProc
0c USER32!UserCallWinProcCheckWow
0d USER32!DispatchMessageWorker
0e USER32!DispatchMessageW
0f notepad!WinMain
10 notepad!WinMainCRTStartup
11 kernel32!BaseProcessStart

0: kd> dv
wKey = 0x12
pti = 0x00000008
tlpwndActive = struct _TL
__pobj_ = 0xbf82e5b1


0: kd> g
(s: 0 0x7bc.7c0 notepad.exe) USRK-[StubReturn] NtUserTranslateMessage, retval = 1
(s: 0 0x64c.650 explorer.exe) USRK-[SysPeek] 3 pti 0xE178AD58 sets ptiSL 0xE178AD58 to pq 0xE17737E8 ; old ptiSL 0x00000000
(s: 0 0x64c.650 explorer.exe) USRK-[SysPeek] 2 pti 0XE178AD58 sets id 00000000 to pq 0XE17737E8 ; old id 00000000
(s: 0 0x64c.650 explorer.exe) USRK-[SysPeek] 3 pti 0XE178AD58 sets id 0XE17868C8 to pq 0XE17737E8 ; old id 00000000
-> msg 200 hwnd 00000000 w 00000000 l 0X012C0000 pti 0XE178AD58
(s: 0 0x7bc.7c0 notepad.exe) USRK-[StubThunk] Thunk fnDWORD, FNID_DEFWINDOWPROC(WM_SYSKEYDOWN)
Breakpoint 19 hit
eax=00000004 ebx=bf9daf68 ecx=bc610c9c edx=00000001 esi=bf9dab54 edi=bf9daf44
eip=bf8f8fdc esp=b9400cac ebp=b9400cc0 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000202
win32k!xxxRealDefWindowProc:
bf8f8fdc 55              push    ebp
1: kd> dv
pwnd = 0xbc67efc4
message = 0x104
wParam = 0x73
lParam = 0n540934145


1: kd> ?0n540934145
Evaluate expression: 540934145 = 203e0001


case WM_SYSKEYDOWN:
{
PTHREADINFO pti = PtiCurrent();

            /*
* Is the ALT key down?
*/
if (HIWORD(lParam) & SYS_ALTERNATE) {
/*
* Toggle QF_FMENUSTATUS iff this is NOT a repeat KEYDOWN
* message; Only if the prev key state was 0, then this is the
* first KEYDOWN message and then we consider toggling menu
* status; Fix for Bugs #4531 & #4566 --SANKAR-- 10-02-89.
*/
if ((HIWORD(lParam) & SYS_PREVKEYSTATE) == 0) {

                    /*
* Don't have to lock pwndActive because it's
* processing this key.
*/
if ((wParam == VK_MENU) &&
!(pti->pq->QF_flags & QF_FMENUSTATUS)) {
pti->pq->QF_flags |= QF_FMENUSTATUS;
xxxDrawMenuBarUnderlines(pwnd, TRUE);
} else {
pti->pq->QF_flags &= ~(QF_FMENUSTATUS|QF_FMENUSTATUSBREAK);
}
}

                pti->pq->QF_flags &= ~QF_FF10STATUS;

                xxxDWP_ProcessVirtKey((UINT)wParam);


1: kd> dv
wKey = 0x73
pti = 0x00000008
tlpwndActive = struct _TL
__pobj_ = 0xbf82e5b1

1: kd> kc
#
00 win32k!xxxDWP_ProcessVirtKey
01 win32k!xxxRealDefWindowProc
02 win32k!xxxWrapRealDefWindowProc
03 win32k!NtUserfnDWORD
04 win32k!NtUserMessageCall
05 nt!_KiSystemService
06 SharedUserData!SystemCallStub
07 USER32!NtUserMessageCall
08 USER32!UserCallWinProcCheckWow
09 COMCTL32!EditML_WndProc
0a COMCTL32!Edit_WndProc
0b USER32!InternalCallWinProc
0c USER32!UserCallWinProcCheckWow
0d USER32!DispatchMessageWorker
0e USER32!DispatchMessageW
0f notepad!WinMain
10 notepad!WinMainCRTStartup
11 kernel32!BaseProcessStart

    case VK_F4:
if (TestCF(pti->pq->spwndActive, CFNOCLOSE))
break;

        /*
* Don't change the focus if the child window has it.
*/
if (pti->pq->spwndFocus == NULL ||
GetTopLevelWindow(pti->pq->spwndFocus) !=
pti->pq->spwndActive) {
ThreadLockAlwaysWithPti(pti, pti->pq->spwndActive, &tlpwndActive);
xxxSetFocus(pti->pq->spwndActive);
ThreadUnlock(&tlpwndActive);
}
_PostMessage(pti->pq->spwndActive, WM_SYSCOMMAND, SC_CLOSE, 0L);
break;

1: kd> dv
pwnd = 0xbc690584
message = 0x112
wParam = 0xf060
lParam = 0n0
tlpwndParent = struct _TL
tlpwndT = struct _TL
cch = 0xf060
msg = {msg=0xbf9daf44 wp=0xbf9dab54 lp=0xbf9daf68}
bEatMe = 0n61536
pti = 0xbc690584

WM_SYSCOMMAND

0x0112

当用户选择窗口菜单的一条命令或当用户选择最大化或最小化时那个窗口会收到此消息


case WM_SYSCOMMAND:
xxxSysCommand(pwnd, (UINT)wParam, lParam);
break;


1: kd> kc
#
00 win32k!xxxSysCommand
01 win32k!xxxRealDefWindowProc
02 win32k!xxxWrapRealDefWindowProc
03 win32k!NtUserfnDWORD
04 win32k!NtUserMessageCall
05 nt!_KiSystemService
06 SharedUserData!SystemCallStub
07 USER32!NtUserMessageCall
08 USER32!RealDefWindowProcW
09 USER32!DefWindowProcW
0a USER32!DefWindowProcW_wrapper
0b notepad!NPWndProc
0c USER32!InternalCallWinProc
0d USER32!UserCallWinProcCheckWow
0e USER32!DispatchMessageWorker
0f USER32!DispatchMessageW
10 notepad!WinMain
11 notepad!WinMainCRTStartup
12 kernel32!BaseProcessStart


case SC_CLOSE:
xxxSendMessage(pwnd, WM_CLOSE, 0L, 0L);
return;


bp notepad!NPWndProc


1: kd> g
Breakpoint 20 hit
eax=c0000000 ebx=00000000 ecx=00000000 edx=00000000 esi=010033c9 edi=0006fbf0
eip=010033c9 esp=0006fb7c ebp=0006fba4 iopl=0         nv up ei pl nz na pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000207
notepad!NPWndProc:
001b:010033c9 55              push    ebp
1: kd> dv
hwnd = 0x001500b4
message = 0x10
wParam = 0
lParam = 0n0
iParts = int [2]


WM_CLOSE

0x0010

当一个窗口或应用程序要关闭时发送一个信号

http://www.dtcms.com/a/607235.html

相关文章:

  • 北京建设工程质量协会网站门户网站 开发语言
  • 中国电信网站备案系统wordpress 文字框
  • 【AGI】AI Agent架构趋势及演进
  • 哈尔滨网站开发培训如何做视频会员网站
  • 网站原创文章制作网站要不要域名
  • BuildingAI需求文档PRD
  • 珠海专业的免费建站wordpress模板内容页哪个文件
  • 做翻页电子书的网站个人网站怎么盈利
  • 网络营销推广网站收录哪些长沙旅游攻略景点必去
  • C语言编译器VC6.0使用指南 | 高效配置与常见问题解决
  • LovelyMem介绍(老版)
  • 海南做网站找谁专业品牌设计网站建设
  • 网站建设公司合伙人网页设计留言板怎么做
  • 涪陵网站建设 优帮云贵阳有哪些可以制作网站的公司吗
  • PS的网站界面设计图片 作品
  • Linux的cat、more、less、head、tail
  • 上海网站制作公司联系方式简单网页制作工具
  • Vue 过滤器
  • 温岭公司做网站个人注册公司需要多少费用
  • 建设银行海淀支行 网站学做ppt的网站
  • 国外做的好的鲜花网站重庆装修公司全包价格
  • 自己做的网站怎么被搜索出来网站开发教材
  • LeetCode 刷题【153. 寻找旋转排序数组中的最小值】
  • 【芯片选型指南】乐鑫ESP32-C61核心能力解析:为何它在Wi-Fi 6物联网赛道中优势独具?
  • 高斯定理在麦克斯韦方程组中的应用
  • 【Chrono库】WeekdaySet 星期几集合实现解析(weekday_set.rs)
  • C语言编译时不检查语法 | 探讨编译器语法检查的重要性与实践
  • 【数据库基础】SQL与关系型数据库原理
  • wordpress 建立网站网站关闭模板
  • 邙山网站建设网站建设涉及到哪些方面