win32k.sys虽然为驱动文件但不处理I/O请求,主要为应用层提供大量服务。功能上主要实现窗口管理(收集、分发消息,控制窗口显示)和图形设备接口(各种图形绘制、文本输出)。win32.sys向内核注册一组调用函数,介入到内核的线程、进程,每个线程一旦调用win32.sys的服务就成了GUI线程。win32k.sy
kd> kv # ChildEBP RetAddr Args to Child 00 0012fe4c 77d31923 00000000 00000100 0012fec4 Test!LowLevelKbHookRoutine (FPO: [3,0,0]) 01 0012fe80 77d58d78 000d0000 00000100 0012fec4 USER32!DispatchHookA+0x101 (FPO: [Non-Fpo]) 02 0012fea4 7c92e453 0012feb
受影响系统:Microsoft Windows Server 20H2 (Server Core InstaMicrosoft Windows Server 2022 (Server Core instaMicrosoft Windows Server 2022Microsoft Windows Server 2019 (Server Core InstaMicrosoft Windows Server 2019Microsoft Windows Server 2004 (Server Core inst
