Techwiki:Win32k/desktops

From ReactOS Wiki
Revision as of 19:50, 11 October 2012 by Smiley (talk | contribs)
Jump to: navigation, search

This is WIP!


Desktop creation:




Unmapping the startup desktop (bt from XP):

kd> k
ChildEBP RetAddr  
f6f87aec 806024b0 win32k!UnmapDesktop
f6f87b18 80602572 nt!ExpWin32SessionCallout+0x3c
f6f87b44 805b11d3 nt!ExpWin32CloseProcedure+0x5c
f6f87b74 805b0b27 nt!ObpDecrementHandleCount+0x119
f6f87b9c 805b0bc5 nt!ObpCloseHandleTableEntry+0x14d
f6f87be4 805b0cd6 nt!ObpCloseHandle+0x87
f6f87bf8 bf87b773 nt!ObCloseHandle+0x12
f6f87c18 bf877114 win32k!DestroyProcessInfo+0x1f2
f6f87c40 bf8771bc win32k!xxxUserProcessCallout+0xb7
f6f87c5c 805c761b win32k!W32pProcessCallout+0x42
f6f87d08 805c7a3a nt!PspExitThread+0x423
f6f87d28 805c7c15 nt!PspTerminateThreadByPointer+0x52
f6f87d54 8053cbc8 nt!NtTerminateProcess+0x105
f6f87d54 7c91eb94 nt!KiFastCallEntry+0xf8
0022fdc4 7c91e89a ntdll!KiFastSystemCallRet
0022fe84 7c91f0aa ntdll!NtTerminateProcess+0xc
kd> k
ChildEBP RetAddr  
f9aad9d0 806024b0 win32k!FreeDesktop
f9aad9fc 8060262f nt!ExpWin32SessionCallout+0x3c
f9aada14 805afb2f nt!ExpWin32DeleteProcedure+0x41
f9aada30 80522181 nt!ObpRemoveObjectRoutine+0xdf
f9aada54 bf8038ee nt!ObfDereferenceObject+0x5f
f9aada5c bf8029d3 win32k!UserDereferenceObject+0xe
f9aada68 bf8a58ba win32k!PopAndFreeW32ThreadLock+0x25
f9aadd30 bf88dc63 win32k!xxxDesktopThread+0x864
f9aadd40 bf8010ba win32k!xxxCreateSystemThreads+0x6a
f9aadd54 8053cbc8 win32k!NtUserCallOneParam+0x23
f9aadd54 7c91eb94 nt!KiFastCallEntry+0xf8
012dffe0 75b0ba1a ntdll!KiFastSystemCallRet
kd> k
ChildEBP RetAddr  
f9aad9d0 806024b0 win32k!FreeDesktop
f9aad9fc 8060262f nt!ExpWin32SessionCallout+0x3c
f9aada14 805afb2f nt!ExpWin32DeleteProcedure+0x41
f9aada30 80522181 nt!ObpRemoveObjectRoutine+0xdf
f9aada54 bf8038ee nt!ObfDereferenceObject+0x5f
f9aada5c bf8029d3 win32k!UserDereferenceObject+0xe
f9aada68 bf8a58ba win32k!PopAndFreeW32ThreadLock+0x25
f9aadd30 bf88dc63 win32k!xxxDesktopThread+0x864
f9aadd40 bf8010ba win32k!xxxCreateSystemThreads+0x6a
f9aadd54 8053cbc8 win32k!NtUserCallOneParam+0x23
f9aadd54 7c91eb94 nt!KiFastCallEntry+0xf8
012dffe0 75b0ba1a ntdll!KiFastSystemCallRet
kd> k
ChildEBP RetAddr  
f6845b34 806024b0 win32k!UnmapDesktop
f6845b60 80602572 nt!ExpWin32SessionCallout+0x3c
f6845b8c 805b11d3 nt!ExpWin32CloseProcedure+0x5c
f6845bbc 805b0b27 nt!ObpDecrementHandleCount+0x119
f6845be4 805b72e3 nt!ObpCloseHandleTableEntry+0x14d
f6845c04 8060329f nt!ObpCloseHandleProcedure+0x1f
f6845c34 805b73dc nt!ExSweepHandleTable+0x4f
f6845c60 805c77e1 nt!ObKillProcess+0x5c
f6845d08 805c7a3a nt!PspExitThread+0x5e9
f6845d28 805c7c15 nt!PspTerminateThreadByPointer+0x52
f6845d54 8053cbc8 nt!NtTerminateProcess+0x105
f6845d54 7c91eb94 nt!KiFastCallEntry+0xf8
0022fdc4 7c91e89a ntdll!KiFastSystemCallRet
0022fe84 7c91f0aa ntdll!NtTerminateProcess+0xc
0022fec4 7c81ca96 ntdll!RtlAnsiStringToUnicodeString+0x7d

Desktop heap mapping:

f6ef77b0 bf879ccd nt!MmMapViewOfSection
f6ef7828 806024b0 win32k!MapDesktop+0xe5
f6ef7854 8060269f nt!ExpWin32SessionCallout+0x3c
f6ef7880 805b1807 nt!ExpWin32OpenProcedure+0x67
f6ef7930 805b1ded nt!ObpIncrementHandleCount+0x2cf
f6ef7998 805b02ac nt!ObpCreateHandle+0x17d
f6ef79e8 bf87aa19 nt!ObOpenObjectByName+0x28c
f6ef7ab0 bf87833a win32k!xxxCreateDesktop+0x6d
f6ef7bc0 bf878d9c win32k!xxxResolveDesktop+0x815
f6ef7cc0 bf819e16 win32k!xxxCreateThreadInfo+0x4d5
f6ef7cd4 bf819f1c win32k!UserThreadCallout+0x72
f6ef7cf0 805c1785 win32k!W32pThreadCallout+0x3d
f6ef7d54 8053c8ce nt!PsConvertToGuiThread+0x139

f6ef7980 bf89bf8e nt!MmMapViewOfSection
f6ef79fc bf89c3f0 win32k!UserCreateHeap+0x4a
f6ef7a30 bf89c2a4 win32k!CreateDesktopHeap+0x73
f6ef7a80 bf879e12 win32k!xxxCreateDesktop2+0x195
f6ef7ab0 bf879dc0 win32k!ParseDesktop+0x93
f6ef7ae8 806024b0 win32k!ParseWindowStation+0xab
f6ef7b14 8060270c nt!ExpWin32SessionCallout+0x3c
f6ef7b58 805b37d9 nt!ExpWin32ParseProcedure+0x60
f6ef7be0 805b010b nt!ObpLookupObjectName+0x119
f6ef7c34 bf87aa19 nt!ObOpenObjectByName+0xeb
f6ef7cfc bf89d235 win32k!xxxCreateDesktop+0x6d
f6ef7d48 8053cbc8 win32k!NtUserCreateDesktop+0x95

f6ef79fc bf879ccd nt!MmMapViewOfSection
f6ef7a74 806024b0 win32k!MapDesktop+0xe5
f6ef7aa0 8060269f nt!ExpWin32SessionCallout+0x3c
f6ef7acc 805b1807 nt!ExpWin32OpenProcedure+0x67
f6ef7b7c 805b1ded nt!ObpIncrementHandleCount+0x2cf
f6ef7be4 805b02ac nt!ObpCreateHandle+0x17d
f6ef7c34 bf87aa19 nt!ObOpenObjectByName+0x28c
f6ef7cfc bf89d235 win32k!xxxCreateDesktop+0x6d
f6ef7d48 8053cbc8 win32k!NtUserCreateDesktop+0x95

f6ef7bd4 bf879ccd nt!MmMapViewOfSection
f6ef7c4c bf87ab0e win32k!MapDesktop+0xe5
f6ef7cfc bf89d235 win32k!xxxCreateDesktop+0x1bc
f6ef7d48 8053cbc8 win32k!NtUserCreateDesktop+0x95

f6f177b0 bf879ccd nt!MmMapViewOfSection
f6f17828 806024b0 win32k!MapDesktop+0xe5
f6f17854 8060269f nt!ExpWin32SessionCallout+0x3c
f6f17880 805b1807 nt!ExpWin32OpenProcedure+0x67
f6f17930 805b1ded nt!ObpIncrementHandleCount+0x2cf
f6f17998 805b02ac nt!ObpCreateHandle+0x17d
f6f179e8 bf87aa19 nt!ObOpenObjectByName+0x28c
f6f17ab0 bf87833a win32k!xxxCreateDesktop+0x6d
f6f17bc0 bf878d9c win32k!xxxResolveDesktop+0x815
f6f17cc0 bf819e16 win32k!xxxCreateThreadInfo+0x4d5
f6f17cd4 bf819f1c win32k!UserThreadCallout+0x72
f6f17cf0 805c1785 win32k!W32pThreadCallout+0x3d
f6f17d54 8053c8ce nt!PsConvertToGuiThread+0x139

2nd run with MapDesktop

f9a1d944 806024b0 win32k!MapDesktop
f9a1d970 8060269f nt!ExpWin32SessionCallout+0x3c
f9a1d99c 805b1807 nt!ExpWin32OpenProcedure+0x67
f9a1da4c 805b1ded nt!ObpIncrementHandleCount+0x2cf
f9a1dab4 805b02ac nt!ObpCreateHandle+0x17d
f9a1db04 bf87aa19 nt!ObOpenObjectByName+0x28c
f9a1dbcc bf87833a win32k!xxxCreateDesktop+0x6d
f9a1dcdc bf89225a win32k!xxxResolveDesktop+0x815
f9a1dd4c 8053cbc8 win32k!NtUserResolveDesktop+0xdb
f701f828 806024b0 win32k!MapDesktop
f701f854 8060269f nt!ExpWin32SessionCallout+0x3c
f701f880 805b1807 nt!ExpWin32OpenProcedure+0x67
f701f930 805b1ded nt!ObpIncrementHandleCount+0x2cf
f701f998 805b02ac nt!ObpCreateHandle+0x17d
f701f9e8 bf87aa19 nt!ObOpenObjectByName+0x28c
f701fab0 bf87833a win32k!xxxCreateDesktop+0x6d
f701fbc0 bf878d9c win32k!xxxResolveDesktop+0x815
f701fcc0 bf819e16 win32k!xxxCreateThreadInfo+0x4d5
f701fcd4 bf819f1c win32k!UserThreadCallout+0x72
f701fcf0 805c1785 win32k!W32pThreadCallout+0x3d
f701fd54 8053c8ce nt!PsConvertToGuiThread+0x139
f701fa74 806024b0 win32k!MapDesktop
f701faa0 8060269f nt!ExpWin32SessionCallout+0x3c
f701facc 805b1807 nt!ExpWin32OpenProcedure+0x67
f701fb7c 805b1ded nt!ObpIncrementHandleCount+0x2cf
f701fbe4 805b02ac nt!ObpCreateHandle+0x17d
f701fc34 bf87aa19 nt!ObOpenObjectByName+0x28c
f701fcfc bf89d235 win32k!xxxCreateDesktop+0x6d
f701fd48 8053cbc8 win32k!NtUserCreateDesktop+0x95
f701fc4c bf87ab0e win32k!MapDesktop
f701fcfc bf89d235 win32k!xxxCreateDesktop+0x1bc
f701fd48 8053cbc8 win32k!NtUserCreateDesktop+0x95
f701f98c 806024b0 win32k!MapDesktop
f701f9b8 8060269f nt!ExpWin32SessionCallout+0x3c
f701f9e4 805b1807 nt!ExpWin32OpenProcedure+0x67
f701fa94 805b7932 nt!ObpIncrementHandleCount+0x2cf
f701fb38 80603c7c nt!ObDupHandleProcedure+0x9a
f701fb74 805b7982 nt!ExDupHandleTable+0x11a
f701fb9c 805c5ca6 nt!ObInitProcess+0x34
f701fce4 805c62f3 nt!PspCreateProcess+0x308
f701fd38 8053cbc8 nt!NtCreateProcessEx+0x77
f6fcf828 806024b0 win32k!MapDesktop
f6fcf854 8060269f nt!ExpWin32SessionCallout+0x3c
f6fcf880 805b1807 nt!ExpWin32OpenProcedure+0x67
f6fcf930 805b1ded nt!ObpIncrementHandleCount+0x2cf
f6fcf998 805b02ac nt!ObpCreateHandle+0x17d
f6fcf9e8 bf87aa19 nt!ObOpenObjectByName+0x28c
f6fcfab0 bf87833a win32k!xxxCreateDesktop+0x6d
f6fcfbc0 bf878d9c win32k!xxxResolveDesktop+0x815
f6fcfcc0 bf819e16 win32k!xxxCreateThreadInfo+0x4d5
f6fcfcd4 bf819f1c win32k!UserThreadCallout+0x72
f6fcfcf0 805c1785 win32k!W32pThreadCallout+0x3d
f6fcfd54 8053c8ce nt!PsConvertToGuiThread+0x139
f9a1da80 806024b0 win32k!MapDesktop
f9a1daac 8060269f nt!ExpWin32SessionCallout+0x3c
f9a1dad8 805b1807 nt!ExpWin32OpenProcedure+0x67
f9a1db88 805b1ded nt!ObpIncrementHandleCount+0x2cf
f9a1dbf0 805b0494 nt!ObpCreateHandle+0x17d
f9a1dcc0 bf89235f nt!ObOpenObjectByPointer+0xa4
f9a1dd10 bf8862a5 win32k!xxxSetCsrssThreadDesktop+0x6e
f9a1dd30 bf88615f win32k!xxxSetInformationThread+0x9a
f9a1dd4c 8053cbc8 win32k!NtUserSetInformationThread+0x31
f9a1dca8 bf86bc92 win32k!MapDesktop
f9a1dcd4 bf892383 win32k!xxxSetThreadDesktop+0x3a
f9a1dd10 bf8862a5 win32k!xxxSetCsrssThreadDesktop+0xc3
f9a1dd30 bf88615f win32k!xxxSetInformationThread+0x9a
f9a1dd4c 8053cbc8 win32k!NtUserSetInformationThread+0x31
f99fda38 bf86bc92 win32k!MapDesktop
f99fda64 bf8a5608 win32k!xxxSetThreadDesktop+0x3a
f99fdd30 bf88dc63 win32k!xxxDesktopThread+0x576
f99fdd40 bf8010ba win32k!xxxCreateSystemThreads+0x6a
f99fdd54 8053cbc8 win32k!NtUserCallOneParam+0x23
f99fda38 bf86bc92 win32k!MapDesktop
f99fda64 bf8a5896 win32k!xxxSetThreadDesktop+0x3a
f99fdd30 bf88dc63 win32k!xxxDesktopThread+0x840
f99fdd40 bf8010ba win32k!xxxCreateSystemThreads+0x6a
f99fdd54 8053cbc8 win32k!NtUserCallOneParam+0x23
f6d41d14 bf86bc92 win32k!MapDesktop
f6d41d40 bf86bde2 win32k!xxxSetThreadDesktop+0x3a
f6d41d58 8053cbc8 win32k!NtUserSetThreadDesktop+0x2f
f6d41d58 7c91eb94 nt!KiFastCallEntry+0xf8
00efff70 7e37f0ac ntdll!KiFastSystemCallRet
00efffb4 7c80b6a3 USER32!NtUserSetThreadDesktop+0xc
00efffec 00000000 KERNEL32!BaseThreadStart+0x37