WIN7下的445端口
虽然netbt驱动中还保持着像原来XP那样开启445端口的代码。但发现并没有被调用
下面是开启445端口的栈
cpip!TcpBindEndpoint+0x6f:
8865192c e83efffeff call tcpip!TcpBindEndpointWorkQueueRoutine (8864186f)
kd> g
Endpoint = 0x867f0df8
RequestComplete = 0x8e3252eb
RequestContext = 0x868e9188
LocalSockAddr = 0x807d7b64
807d7b66 bd01
PROCESS 857bbc78 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 00185000 ObjectTable: 89001b98 HandleCount: 355.
Image: System
tcpip!TcpBindEndpoint+0x6f:
8865192c e83efffeff call tcpip!TcpBindEndpointWorkQueueRoutine (8864186f)
kd> !process -1 0
PROCESS 857bbc78 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 00185000 ObjectTable: 89001b98 HandleCount: 355.
Image: System
kd> k
ChildEBP RetAddr
807d78fc 8864dd5b tcpip!TcpBindEndpoint+0x6f [d:\w7rtm\minio\netio\transport\tcp\endpoint.c @ 199]
807d791c 8864ddf5 tcpip!TcpIoControlEndpoint+0x199 [d:\w7rtm\minio\netio\transport\tcp\endpoint.c @ 1061]
807d7930 83cd8f8a tcpip!TcpTlEndpointIoControlEndpointCalloutRoutine+0x8b [d:\w7rtm\minio\netio\transport\tcp\provider.c @ 392]
807d7998 88640d91 nt!KeExpandKernelStackAndCalloutEx+0x132 [d:\w7rtm\minkernel\ntos\ke\balmgr.c @ 1718]
807d79d0 8e3251e2 tcpip!TcpTlEndpointIoControlEndpoint+0x67 [d:\w7rtm\minio\netio\transport\tcp\provider.c @ 316]
807d7a1c 8e3218cc afd!WskProIRPBind+0x10f [d:\w7rtm\minio\sockets\winsock2\wsp\afdsys\wskpro.c @ 1257]
807d7a24 83c854bc afd!AfdWskDispatchInternalDeviceControl+0x21 [d:\w7rtm\minio\sockets\winsock2\wsp\afdsys\wsk.c @ 137]
807d7a3c 8e32552b nt!IofCallDriver+0x63 [d:\w7rtm\minkernel\ntos\io\iomgr\iosubs.c @ 2456]
807d7a44 8ac03f9f afd!WskProAPIBind+0x61 [d:\w7rtm\minio\sockets\winsock2\wsp\afdsys\wskpro.c @ 1177]
807d7b38 8ac03978 srvnet!SrvNetWskOpenListenSocket+0x391 [d:\w7rtm\base\fs\remotefs\srv\srvnet\netwsk.c @ 1714]
807d7be8 8ac15075 srvnet!SrvNetWskAllocateEndpoint+0x218 [d:\w7rtm\base\fs\remotefs\srv\srvnet\endpoint.c @ 984]
807d7c18 8ac14fa5 srvnet!SrvNetAllocateEndpoint+0x49 [d:\w7rtm\base\fs\remotefs\srv\srvnet\endpoint.c @ 1097]
807d7c80 8ac025d2 srvnet!SrvNetAddServedName+0x2ae [d:\w7rtm\base\fs\remotefs\srv\srvnet\endpoint.c @ 1410]
807d7cc8 8ac0295e srvnet!SvcXportAdd+0xf2 [d:\w7rtm\base\fs\remotefs\srv\srvadmin\svcxport.c @ 76]
807d7cec 83e697b5 srvnet!SrvAdminProcessFsctlFsp+0x94 [d:\w7rtm\base\fs\remotefs\srv\srvadmin\fsctl.c @ 55]
807d7d00 83cb6f2b nt!IopProcessWorkItem+0x23 [d:\w7rtm\minkernel\ntos\io\iomgr\misc.c @ 1532]
807d7d50 83e5766d nt!ExpWorkerThread+0x10d [d:\w7rtm\minkernel\ntos\ex\worker.c @ 1183]
807d7d90 83d090d9 nt!PspSystemThreadStartup+0x9e [d:\w7rtm\minkernel\ntos\ps\psexec.c @ 5739]
00000000 00000000 nt!KiThreadStartup+0x19 [d:\w7rtm\minkernel\ntos\ke\i386\threadbg.asm @ 82]
kd> !process -1 0
PROCESS 857bbc78 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 00185000 ObjectTable: 89001b98 HandleCount: 355.
Image: System
要注意的是,这时候的445端口已经相当的晚了,应用层进程已经开启好多了。
浙公网安备 33010602011771号