Thema: Delphi WinStationShadow API Function

Einzelnen Beitrag anzeigen

Benutzerbild von Remko
Remko

Registriert seit: 10. Okt 2006
Ort: 's-Hertogenbosch, Die Niederlande
222 Beiträge
 
RAD-Studio 2010 Arc
 
#4

Re: WinStationShadow API Function

  Alt 11. Dez 2006, 14:35
I did find out some more, just posting it here to share my information. Perhaps someone knows the next step?
Starting a Remote Control from TSAdmin.exe, accepting this from the client and exiting remote control executes these API functions:

markieren
Code:
API Name                    Return Value        Module Name
WinStationOpenServerW       808544 (0xC5660)    WINSTA.dll
Before Call Parameters
Pointer Paramter0: 2542716 (0x26CC7C)
Pointer Paramter1: (null)
Pointer Paramter2: 12367680 (0xBCB740)
Pointer Paramter3: 2 (0x2)
Pointer Paramter4: 7 (0x7)
Pointer Paramter5: 1 (0x1)
After Call Parameters
Pointer Paramter0: 2542716 (0x26CC7C)
Pointer Paramter1: (null)
Pointer Paramter2: 12367680 (0xBCB740)
Pointer Paramter3: 2 (0x2)
Pointer Paramter4: 7 (0x7)
Pointer Paramter5: 1 (0x1)
Return
808544 (0xC5660)

API Name                    Return Value        Module Name
WinStationShadow            1 (0x1)             WINSTA.dll
Before Call Parameters
Pointer Paramter0: (null)                 <-------------- unknown
Pointer Paramter1: 2542716 (0x26CC7C)     <-------------- not sure, handle to server or some unknow structure? == Param0 from WinStationOpenServerW
Pointer Paramter2: 3 (0x3)                <-------------- sessionid
Pointer Paramter3: 106 (0x6A)             <-------------- keycode for stopping the remote control (VK_MULTIPLY = 6A)
Pointer Paramter4: 2 (0x2)                <-------------- plus key (shift=1, ctrl=2, alt =4)
Pointer Paramter5: (null)                 <-------------- unknown
After Call Parameters
Pointer Paramter0: (null)
Pointer Paramter1: 2542716 (0x26CC7C)
Pointer Paramter2: 3 (0x3)
Pointer Paramter3: 106 (0x6A)
Pointer Paramter4: 2 (0x2)
Pointer Paramter5: (null)
Return
1 (0x1)                                   <--------------- Boolean or error/result code?


WinStationQueryInformationW 1 (0x1)             WINSTA.dll
Before Call Parameters
Pointer Paramter0: 808544 (0xC5660)
Pointer Paramter1: 3 (0x3)
Pointer Paramter2: 8 (0x8)
Pointer Paramter3: 451472 (0x6E390)
Pointer Paramter4: 1216 (0x4C0)
Pointer Paramter5: 452704 (0x6E860)
After Call Parameters
Pointer Paramter0: 808544 (0xC5660)
Pointer Paramter1: 3 (0x3)
Pointer Paramter2: 8 (0x8)
Pointer Paramter3: 451472 (0x6E390)
Pointer Paramter4: 1216 (0x4C0)
Pointer Paramter5: 452704 (0x6E860)
Return
1 (0x1)

API Name                    Return Value        Module Name
WinStationCloseServer       1 (0x1)             WINSTA.dll
Before Call Parameters
Pointer Paramter0: 808544 (0xC5660)
Pointer Paramter1: 454720 (0x6F040)
Pointer Paramter2: 1701515922 (0x656B1292)
Pointer Paramter3: 808544 (0xC5660)
Pointer Paramter4: (null)
Pointer Paramter5: 12367680 (0xBCB740)
After Call Parameters
Pointer Paramter0: 808544 (0xC5660)
Pointer Paramter1: 454720 (0x6F040)
Pointer Paramter2: 1701515922 (0x656B1292)
Pointer Paramter3: 808544 (0xC5660)
Pointer Paramter4: (null)
Pointer Paramter5: 12367680 (0xBCB740)
Return
1 (0x1)
  Mit Zitat antworten Zitat