WindowStations window station? When I heard the term, many netizens felt confused and what was the WindowStations window station? Is this a very professional term? We don't need to know, this is the first impression of many netizens, Xiaobian told You, no, no. In fact, Window stations and desktops are probably the most distinctive of the Windows NT services. Most programmers don't touch these two objects directly, even though the user has to touch them all the time. The window station and desktop objects are as secure as other Windows NT objects, such as events, mutexes, and semaphores. A window station object consists of a clipboard, a global atomic set, and more desktop objects. A window station is either visible or invisible. A visible window station receives input from the user or mouse. A display device is also connected to it so that the information can be displayed to the interactive user.
In Windows NT 4.0, only one window station can be seen, which is WinSta0. The visible window station is also defined as interactive. An invisible window station is not interactive and cannot accept any user input or display devices.
As mentioned earlier, the desktop is included in the window station object. A desktop object contains a logical display surface, and windows, menus, and so on. Only desktops belonging to the visible window station can be seen and receive user input. This desktop is called an active desktop.
As an interactive user, you come across three different desktops at different times: Default, Winlogon, and Screen-saver. The Winlogon desktop is the dialog that appears in front of you when you press Ctrl+Alt+Delete. The default desktop is either the browser or all processes started by the interactive user. It should be understood as an interactive application desktop. The final desktop is Screen-saver, which displays your screen saver. You may have noticed that you can switch between different desktops. When a user presses the Ctrl+Alt+Delete key combination, the operating system can switch from the default state to the Winlogon desktop. When you select Cancel in the login dialog, the system will switch back to the default desktop. Someone asked me if the other things on the desktop were destroyed when the switch was made. The answer is "not". Although you can't see other desktops, they are still there.
All processes in the system are associated with the window station and the desktop. When a user logs in for the first time, the interactive window station, WinSta0, and default desktop are all associated with the user's shell process. This way the user can see the shell, and if not, the user can't see anything. And after that, all processes started by the shell are also associated with WinSta0 and the default desktop.
You can also specify which window station and desktop your process is associated with via the lpDesktop member of the STARTUPINFO data structure. This data structure is passed to the CreateProcess and CreateProcessAsUser functions. You can initialize lpDesktop to NULL, which means that the CreateProcess function uses the same window station and desktop as the calling process. You can define your own window station and desktop combination as "WinSta0\\Default" or define an empty string. This parameter causes the operating system to create a new invisible window station and desktop for the boot process. The security associated with these two new objects grants each group full access to them.
typedef struct _STARTUPINFO { //si
DWORD cb;
LPTSTR lpReserved;
LPTSTR lpDesktop;
LPTSTR lpTitle;
DWORD dwX;
DWORD dwY;
DWORD dwXSize;
DWORD dwYSize;
DWORD dwXCountChars;
DWORD dwYCountChars;
DWORD dwFillAttribute;
DWORD dwFlags;
WORD wShowWindow;
WORD cbReserved2;
LPBYTE lpReserved2;
HANDLE hStdInput;
HANDLE hStdOutput;
HANDLE hStdError;
} STARTUPINFO, *LPSTARTUPINFO;
Window stations and desktops are security objects. Processes associated with the window station and desktop must be properly accessed for these objects. If the process does not have access, you will see one of these two messages "User32.dll initialization failure" or "Kernel32.dll initialization failure."Kernel32.dll initialization failure." . The exit code returned by the process is 128 or ERROR_NO_WAIT_CHILDREN. So what do I mean by proper access? If you have an object like a file. You can create a DACL for this file to give the user read access to this file. The Window station works in the same way as the desktop.