3.7.4.1.17 RpcWinStationBreakPoint (Opnum 29)
The RpcWinStationBreakPoint method breaks into the debugger in either the session process of a specific session or in the terminal server service process. When this method is called, the server impersonates the caller and then tries to enable SeShutdownPrivilege (see [MSDN-PRVLGECNSTS]). If the attempt to enable this privilege fails, the RpcWinStationBreakPoint call fails.<185>
-
BOOLEAN RpcWinStationBreakPoint( [in] SERVER_HANDLE hServer, [out] DWORD* pResult, [in] DWORD LogonId, [in] BOOLEAN KernelFlag );
hServer: Handle to the server object. This is of type SERVER_HANDLE. The hServer argument MUST be obtained from a previous call to RpcWinStationOpenServer.
pResult: Failure error code if the call to RpcWinStationBreakPoint failed. If the call was successful, this parameter MUST be STATUS_SUCCESS (0x00000000).
-
Value
Meaning
STATUS_SUCCESS
0x00000000
The call succeeded.
STATUS_ACCESS_DENIED
0xC0000022
The SeShutdownPrivilege (see [MSDN-PRVLGECNSTS]) privilege cannot be enabled.
LogonId: The ID of the session to break into the debugger. If this parameter is -2, the terminal server service MUST break into the debugger instead.<186>
KernelFlag: Set to TRUE to indicate that the server will break into the debugger in a particular session in kernel mode. If LogonId is -2, the server MUST break into the debugger in user mode.
Return Values: Returns TRUE if the call succeeded, or FALSE if the method failed. On failure, pResult indicates the failure status code.
-
Return value/code
Description
0x01
TRUE
Successful completion.
0x00
FALSE
Method call failed.