On March 17, then yesterday

The address of the system Object is not fixed,

The following is some of the relevant data, which is directly listed.

KD>! Object 81316cb8 object: 81316cb8 Type: (8189AD40) WindowStation ObjectHeader: 81316CA0 Handlecount: 60 Pointercount: 96 Directory Object: 815b5c70 name: Winsta0

kd> dd 81316cb881316cb8 81306658 8130d458 a0178f80 0000000081316cc8 e298fb68 00000000 00000000 0000000081316cd8 00000000 a03c7ef8 e342ae28 0000000481316ce8 0000001c 00000069 00000000 813169e881316cf8 00000000 00000000 0001642f 0000000081316d08 e141f8e8 00000000 00000000 0000000081316d18 00000000 40000800 01000005 6966744e81316d28 8337e388 ffa9b3a8 00080041 00000000

KD>! Object: 81306658 Type: (8189AD40) WindowsTation ObjectHepe: 81306640 Handlecount: 21 Pointercount: 34 Directory Object: 815B5C70 Name: Service-0x0-3e7 $

KD>! Object 8130d458 Object: 8130D458 TYPE: (8189AC40) Desktop ObjectHeper: 8130D440 Handlecount: 38 Pointercount: 3186 Directory Object: 00000000 Name: Default

kd> dd 8130665881306658 81208a98 81304038 a0178800 0000000481306668 00000000 00000000 00000000 0000000081306678 00000000 00000000 00000000 0000000081306688 00000000 00000000 00000000 81305aa881306698 00000000 00000000 00000000 00000000813066a8 00000000 00000000 00000000 00000000813066b8 0053030c 00580054 02018005 6d665346813066c8 00000001 00000000 00000000 00040001

KD>! Object: 81208a98 Type: (8189AD40) WindowStation ObjectHeader: 81208A80 Handlecount: 2 Pointercount: 6 Directory Object: 815B5C70 Name: SAWINSTA

KD>! Object: 813038 Object: 81304038 Type: (8189ac40) Desktop ObjectHeader: 81304020 Handlecount: 11 Pointercount: 414 Directory Object: 00000000 Name: Default

! Kd> dd 81208a9881208a98 00000000 811fbf78 a0178800 0000000481208aa8 00000000 00000000 00000000 0000000081208ab8 00000000 00000000 00000000 0000000081208ac8 00000000 00000000 00000000 812e600881208ad8 00000000 00000000 00000000 0000000081208ae8 00000000 00000000 00000000 8125b40081208af8 81208b00 00010008 04018005 6274624f81208b08 00000000 00000016 e2bfc000 00000000kd> object 811fbf78Object: 811fbf78 Type: (8189ac40) Desktop ObjectHeader: 811fbf60 handlecount: 1 Pointercount: 7 Directory Object: 00000000 Name: Sadesktop

It can be seen that it is a chain, each WindowStation is structure

/ * * WindowStation structure * / # define wsf_switchlock 0x0001 # Define WSF_OpenLock 0x0002 # define wsf_noio 0x0004 # define wsf_shutdown 0x0008 # define WSF_DYING 0x0010

#define wsf_realshutdown 0x0020

Typedef struct tagwindowstation {pwindowstation rpwinstanext; pdesktop rpdesklist;

Pterminal Pterm; / * * Pointer to the currently active design. * / DWORD DWWSF_FLAGS; Struct Tagkl * SPKLLIST;

/ * * Clipboard variables * / PTHREADINFO ptiClipLock; PTHREADINFO ptiDrawingClipboard; PWND spwndClipOpen; PWND spwndClipViewer; PWND spwndClipOwner; struct tagCLIP * pClipBase; int cNumClipFormats; UINT iClipSerialNumber; UINT iClipSequenceNumber; UINT fClipboardChanged: 1; UINT fInDelayedRendering: 1;

/ * * Global Atom Table * / PVOID PGLOBALATOMTABLE;

Luid LuidEndSession; Psid Psiduser; PQ PQDesktop; DWORD DWSESSIONID;

#if dbg pdesktop pdeskcurrent; #ENDIF // DBG

WINDOWSTATION; / / --------------------------------------------- -----------------------------------

I don't know if there is any WinSta0?