Difference between revisions of "User:Alvinhochun/Localization/Misc. Traces"

From ReactOS Wiki
Jump to: navigation, search
 
Line 1: Line 1:
 
Miscellaneous traces mixed together in a single page.
 
Miscellaneous traces mixed together in a single page.
  
[/XP SP3 MUI/]
+
[[/XP SP3 MUI/]]
  
 
== XP SP3 Localized zh-HK ==
 
== XP SP3 Localized zh-HK ==

Latest revision as of 08:01, 16 May 2015

Miscellaneous traces mixed together in a single page.

XP SP3 MUI

XP SP3 Localized zh-HK

Default UI language

Brought to you by Process Monitor:

Access to HKU\.DEFAULT\Control Panel\Desktop\MUILanguagePending

"0","ntoskrnl.exe","KiFastCallEntry + 0xf8","0x804df7ec","C:\WINDOWS\system32\ntoskrnl.exe"
"1","ntoskrnl.exe","ZwQueryValueKey + 0x11","0x804de4a1","C:\WINDOWS\system32\ntoskrnl.exe"
"2","ntoskrnl.exe","NtSetDefaultUILanguage + 0x1c","0x805af820","C:\WINDOWS\system32\ntoskrnl.exe"
"3","ntoskrnl.exe","KiFastCallEntry + 0xf8","0x804df7ec","C:\WINDOWS\system32\ntoskrnl.exe"
"4","ntoskrnl.exe","ZwSetDefaultUILanguage + 0x11","0x804de7c1","C:\WINDOWS\system32\ntoskrnl.exe"
"5","win32k.sys","NtUserUpdatePerUserSystemParameters + 0x13","0xbf89938a","C:\WINDOWS\System32\win32k.sys"
"6","ntoskrnl.exe","KiFastCallEntry + 0xf8","0x804df7ec","C:\WINDOWS\system32\ntoskrnl.exe"

Access to HKU\.DEFAULT\Control Panel\Desktop\MultiUILanguageId

"0","ntoskrnl.exe","KiFastCallEntry + 0xf8","0x804df7ec","C:\WINDOWS\system32\ntoskrnl.exe"
"1","ntoskrnl.exe","ZwQueryValueKey + 0x11","0x804de4a1","C:\WINDOWS\system32\ntoskrnl.exe"
"2","ntoskrnl.exe","NtQueryDefaultUILanguage + 0x49","0x8057fae7","C:\WINDOWS\system32\ntoskrnl.exe"
"3","ntoskrnl.exe","KiFastCallEntry + 0xf8","0x804df7ec","C:\WINDOWS\system32\ntoskrnl.exe"
"4","ntoskrnl.exe","ZwQueryDefaultUILanguage + 0x11","0x804de20d","C:\WINDOWS\system32\ntoskrnl.exe"
"5","win32k.sys","NtUserUpdatePerUserSystemParameters + 0x13","0xbf89938a","C:\WINDOWS\System32\win32k.sys"
"6","ntoskrnl.exe","KiFastCallEntry + 0xf8","0x804df7ec","C:\WINDOWS\system32\ntoskrnl.exe"

Same for HKCU of SYSTEM account is accessed later, same stack traces.

It says process is winlogon.exe but stack trace contain only kernel-mode stack :S

OK, here comes the WinDbg stack trace:

f874facc 804de7ec nt!NtSetDefaultUILanguage+0x11
f874facc 804dd7c1 nt!KiFastCallEntry+0xf8
f874fb48 bf8997f0 nt!ZwSetDefaultUILanguage+0x11
f874fd44 bf89938a win32k!xxxUpdatePerUserSystemParameters+0x483
f874fd54 804de7ec win32k!NtUserUpdatePerUserSystemParameters+0x13
f874fd54 7c90e4f4 nt!KiFastCallEntry+0xf8
0006fc58 7e4217b5 ntdll!KiFastSystemCallRet
0006fc8c 0101e4f7 USER32!NtUserUpdatePerUserSystemParameters+0xc
0006fcac 0102d3a8 winlogon!InitSystemParametersInfo+0x6d
0006fcc8 01027f5e winlogon!ResetEnvironment+0xba
0006fce8 01031864 winlogon!SecurityChangeUser+0xb6
0006ff50 0103e75e winlogon!WinMain+0x1f1
0006fff4 00000000 winlogon!WinMainCRTStartup+0x174

Installed MUI languages

Access to HKLM\System\CurrentControlSet\Control\Nls\MUILanguages, by svchost.exe

"0","ntoskrnl.exe","KiFastCallEntry + 0xf8","0x804df7ec","C:\WINDOWS\system32\ntoskrnl.exe"
"1","kernel32.dll","Internal_EnumUILanguages + 0xc0","0x7c82a980","C:\WINDOWS\system32\kernel32.dll"
"2","kernel32.dll","EnumUILanguagesW + 0x15","0x7c82a8d9","C:\WINDOWS\system32\kernel32.dll"
"3","advapi32.dll","WmipGetLanguageList + 0x47","0x77dbeb38","C:\WINDOWS\system32\advapi32.dll"
"4","advapi32.dll","WmipProcessMofAddRemoveEvent + 0x65","0x77dc012e","C:\WINDOWS\system32\advapi32.dll"
"5","advapi32.dll","WmipInternalNotification + 0x196","0x77dc0093","C:\WINDOWS\system32\advapi32.dll"
"6","advapi32.dll","WmipReceiveNotifications + 0x129","0x77dbfff7","C:\WINDOWS\system32\advapi32.dll"
"7","advapi32.dll","WmiReceiveNotificationsW + 0x1d","0x77dbfee7","C:\WINDOWS\system32\advapi32.dll"
"8","wmisvc.dll","CWDMListener::EvtCallThis + 0x34","0x598ac5c2","C:\WINDOWS\system32\wbem\wmisvc.dll"
"9","wmisvc.dll","CWDMListener::EvtCallBackAdd + 0x2f","0x598ac76e","C:\WINDOWS\system32\wbem\wmisvc.dll"
"10","ntdll.dll","RtlpWaitOrTimerCallout + 0x73","0x7c947e71","C:\WINDOWS\System32\ntdll.dll"
"11","ntdll.dll","RtlpAsyncWaitCallbackCompletion + 0x25","0x7c94b073","C:\WINDOWS\System32\ntdll.dll"
"12","ntdll.dll","RtlpWorkerCallout + 0x70","0x7c947aa2","C:\WINDOWS\System32\ntdll.dll"
"13","ntdll.dll","RtlpExecuteWorkerRequest + 0x1a","0x7c947ae3","C:\WINDOWS\System32\ntdll.dll"
"14","ntdll.dll","RtlpApcCallout + 0x11","0x7c947ba5","C:\WINDOWS\System32\ntdll.dll"
"15","ntdll.dll","RtlpWorkerThread + 0x87","0x7c947b7c","C:\WINDOWS\System32\ntdll.dll"
"16","kernel32.dll","BaseThreadStart + 0x37","0x7c80b713","C:\WINDOWS\system32\kernel32.dll"

System Locale (non-Unicode setting)

Access to HKLM\System\CurrentControlSet\Control\Nls\Language\Default by csrss.exe

"0","ntoskrnl.exe","KiFastCallEntry + 0xf8","0x804df7ec","C:\WINDOWS\system32\ntoskrnl.exe"
"1","ntoskrnl.exe","ZwQueryValueKey + 0x11","0x804de4a1","C:\WINDOWS\system32\ntoskrnl.exe"
"2","win32k.sys","InitializeGreCSRSS + 0x43","0xbf8a8292","C:\WINDOWS\System32\win32k.sys"
"3","win32k.sys","NtUserInitialize + 0x62","0xbf8a822b","C:\WINDOWS\System32\win32k.sys"
"4","ntoskrnl.exe","KiFastCallEntry + 0xf8","0x804df7ec","C:\WINDOWS\system32\ntoskrnl.exe"