Desktop, Desktop, Desktop, bugging softice, buggin me, bugging you
来源:互联网 发布:学生成绩管理c语言代码 编辑:程序博客网 时间:2024/06/05 16:22
Who are most familiar with Windows? May be SoftICE, but not always.
This is a common scenario: When you Ctrl+D, and input "hwnd", it is "Unable to find a desktop Window".
How to resolve it ...
By TnTTOOLS, The Art OF Reverse Engineering.
The system setup a session for every logged-in user. win32k.sys is loaded to generate the 4 Desktop: Desktop, Default Desktop, Disconnect Desktop, Winlogon Desktop. Yes, 4, four, for, ...
Even Spy++ just think there is only one desktop.
Figure 1. Properties
-----------------------------------------------------------
ClassName: #32769
TID, Process: csrss.exe
Handle: 0x00010002, 0x00010004, 0x0001000c, 0x00010014
WndProc: win32k!_xxxDesktopWndProc
Module: win32k.sys
-----------------------------------------------------------
We can see their only difference is the handle value. Because these handle values are fixed. I guess that are hard coded.
Figure 2. Root
--------------------------------------------------------
Desktop, 10002
|
|---- Desktop, Default, 10014
|---- Dekstop, Disconnect, 10004
|---- Desktop, Winlogon, 1000c
--------------------------------------------------------
The root node of windows, controls is Desktop, Handle 10002.
Figure 3. Default Desktop and its children
----------------------------------------------------------------------------
Default Desktop
|
|-- Shell_TrayWnd 任务栏
| |--
| |--
|
|
|-- Progman
| |
| |-- SHELLDLL_DefView
| |
| |-- SysListView32, WindowName: FolderView
| |
| |
| SysHeader32
|
|-- ...
----------------------------------------------------------------------------
now, where is our familiar desktop? I know what you mean: the desktop full of a crusty picture and icons.
The desktop with the wallpaper is Default Desktop, in master of win32k.sys;
The desktop full with misc icons is SysListView32, named FolderView, in master of shell32.dll.
When Explorer.exe is loaded, its WinMain creates the two windows: the task bar and the desktop.Guess, what is this desktop? Just the named-FolderView desktop.
Are you confused? Now, loop loop back to the beginning of the article.
End Loop
Next
time, if you want to wander the object tree of windows in Softice, just input "Hwnd 10002".
This is a common scenario: When you Ctrl+D, and input "hwnd", it is "Unable to find a desktop Window".
How to resolve it ...
By TnTTOOLS, The Art OF Reverse Engineering.
The system setup a session for every logged-in user. win32k.sys is loaded to generate the 4 Desktop: Desktop, Default Desktop, Disconnect Desktop, Winlogon Desktop. Yes, 4, four, for, ...
Even Spy++ just think there is only one desktop.
Figure 1. Properties
-----------------------------------------------------------
ClassName: #32769
TID, Process: csrss.exe
Handle: 0x00010002, 0x00010004, 0x0001000c, 0x00010014
WndProc: win32k!_xxxDesktopWndProc
Module: win32k.sys
-----------------------------------------------------------
We can see their only difference is the handle value. Because these handle values are fixed. I guess that are hard coded.
Figure 2. Root
--------------------------------------------------------
Desktop, 10002
|
|---- Desktop, Default, 10014
|---- Dekstop, Disconnect, 10004
|---- Desktop, Winlogon, 1000c
--------------------------------------------------------
The root node of windows, controls is Desktop, Handle 10002.
Figure 3. Default Desktop and its children
----------------------------------------------------------------------------
Default Desktop
|
|-- Shell_TrayWnd 任务栏
| |--
| |--
|
|
|-- Progman
| |
| |-- SHELLDLL_DefView
| |
| |-- SysListView32, WindowName: FolderView
| |
| |
| SysHeader32
|
|-- ...
----------------------------------------------------------------------------
now, where is our familiar desktop? I know what you mean: the desktop full of a crusty picture and icons.
The desktop with the wallpaper is Default Desktop, in master of win32k.sys;
The desktop full with misc icons is SysListView32, named FolderView, in master of shell32.dll.
When Explorer.exe is loaded, its WinMain creates the two windows: the task bar and the desktop.Guess, what is this desktop? Just the named-FolderView desktop.
Are you confused? Now, loop loop back to the beginning of the article.
End Loop
Next
time, if you want to wander the object tree of windows in Softice, just input "Hwnd 10002".
- Desktop, Desktop, Desktop, bugging softice, buggin me, bugging you
- DO YOU LIKE MY DESKTOP?
- google desktop
- Desktop.exe
- My desktop
- My Desktop
- desktop.ini
- active desktop
- Desktop TD
- My Desktop :)
- Talisman Desktop
- mybase desktop
- desktop文件
- Desktop Java
- Active Desktop
- ExtJs Desktop
- gxt desktop
- DESKTOP.INI
- 通过触发器实现数据的完整性设计
- 字符排序程序
- 字符串和字符数组互相转换
- 对象复制例子
- Excel实用操作技巧九则
- Desktop, Desktop, Desktop, bugging softice, buggin me, bugging you
- 获取元素name和id
- 嵌套类使用
- 判断对象的类型
- 简单AJAX开发
- 在VC中添加help帮助文件
- script 实现 文本框内排版
- Java加密算法
- 程序员面试宝典A
