在 Windows 10 上模拟 .Net 时强制调试输出
Forced debug output when impersonating in .Net on Windows 10
在我们公司的应用程序中,我们使用模拟来做很多事情。多年来,我们一直以同样的方式这样做。几周前,当从 advapi32.dll.
调用任何版本的 LogonUser 时,我们开始看到强制调试输出
也就是说,当调用任何版本的 LogonUser 时,我们会立即受到转储到控制台或我们的日志文件的输出的轰炸。我们无法阻止转储,也看不到拦截它的方法。这是我们在每个请求中看到的输出示例:
11/20/2019 04:42:27.072 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(2) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: Informing Windows we are a Credential Manager
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(2) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(4) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: Informing Windows we don't support the requested feature
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(4) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(6) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: Informing Windows we don't support the requested feature
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(6) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(11) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: Informing Windows we don't support the requested feature
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(11) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(9) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: Informing Windows we don't support the requested feature
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(9) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(8) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: Informing Windows we don't support the requested feature
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(8) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> CredentialManager.Debug: NPLogonNotify({****, ****}, 'MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********, 'SvcCtl', nullptr, 0x********) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackagePair.Debug: AuthPackagePair::AuthPackagePair('MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackagePair.Debug: AuthPackagePair::AuthPackagePair('MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> CredentialManager.Debug: Validated supplied credential package; delegating to appropriate handler
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: netprov::raise_logon_complete() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Activity: Received notification of Interactive account log-on
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: AccountLogonEventHandler::on_auth_complete() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Debug: Querying whether to communicate with business logic...
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::AuthPackageProperties() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: Determining whether username contains a domain name...
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::AuthPackageProperties() Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_domain_account() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_local_account() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: Determining whether supplied domain-name represents a domain or computer name
11/20/2019 04:42:27.075 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_local_account() Exited
11/20/2019 04:42:27.075 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_domain_account() Exited
11/20/2019 04:42:27.075 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Activity: Network provider is enabled; notifying the business logic
11/20/2019 04:42:27.075 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Debug: Transmitting information to business logic
11/20/2019 04:42:27.075 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Debug: Requesting COM interface from business logic
11/20/2019 04:42:27.084 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: AccountLogonEventHandler::on_auth_complete() Exited
11/20/2019 04:42:27.084 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: netprov::raise_logon_complete() Exited
11/20/2019 04:42:27.084 AM TestConsoleApp(26668,26672) <my_ID> CredentialManager.Debug: NPLogonNotify({****, ****}, 'MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********, 'SvcCtl', nullptr, 0x********) Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> CredentialManager.Debug: NPLogonNotify({****, ****}, 'MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********, 'SvcCtl', nullptr, 0x********) Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackagePair.Debug: AuthPackagePair::AuthPackagePair('MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********) Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackagePair.Debug: AuthPackagePair::AuthPackagePair('MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********) Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> CredentialManager.Debug: Validated supplied credential package; delegating to appropriate handler
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: netprov::raise_logon_complete() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Activity: Received notification of Interactive account log-on
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: AccountLogonEventHandler::on_auth_complete() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Debug: Querying whether to communicate with business logic...
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::AuthPackageProperties() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: Determining whether username contains a domain name...
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::AuthPackageProperties() Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_domain_account() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_local_account() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: Determining whether supplied domain-name represents a domain or computer name
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_local_account() Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_domain_account() Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Activity: Network provider is enabled; notifying the business logic
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Debug: Transmitting information to business logic
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Debug: Requesting COM interface from business logic
11/20/2019 04:42:27.128 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: AccountLogonEventHandler::on_auth_complete() Exited
11/20/2019 04:42:27.128 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: netprov::raise_logon_complete() Exited
11/20/2019 04:42:27.128 AM TestConsoleApp(26668,26672) <my_ID> CredentialManager.Debug: NPLogonNotify({****, ****}, 'MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********, 'SvcCtl', nullptr, 0x********) Exited
我们已将其移交给我们的 IT 部门,但找不到任何人知道最近的更新发生了什么变化。以上情况发生在登录类型和登录提供程序的任意组合中。输出与呈现给我们的完全一样,除了我在每一行用 my_ID 替换了我自己的 ID。
这不是我们以任何方式特别要求的,谷歌搜索每一行的任何部分似乎都没有产生任何信息。有谁知道这些消息的原因(在 Windows、Active Directory 中设置,其他)? CredentialManager 行脱颖而出,但我找不到与 Credential Manager 相关的任何内容来排除此信息。
我们在想,也许这是一个可以在某个地方启用的设置,用于一些后端故障排除并被保留,或者它可能是一个通过最新一轮更新推送到我们所有机器的设置,但我们真的不知道。
如有任何帮助,我们将不胜感激!
因为某些操作可能会将程序的日志级别设置为高级别,导致一些信息,如info、debug、系统状态变化等信息被记录。可以试试这个link中的方法修改注册表
这些不是 Windows 任何形式的调试条目。 None 这些文本行匹配任何内容 Windows 将永远写入内部调试跟踪或外部日志(或者至少,不是任何最近的 Win 10 版本)。
因此我希望这是一个第三方安全插件。我会查看哪些 DLL 加载到 lsass.exe 或您的进程中没有经过 Microsoft 签名,或者您的应用程序的元数据。
在我们公司的应用程序中,我们使用模拟来做很多事情。多年来,我们一直以同样的方式这样做。几周前,当从 advapi32.dll.
调用任何版本的 LogonUser 时,我们开始看到强制调试输出也就是说,当调用任何版本的 LogonUser 时,我们会立即受到转储到控制台或我们的日志文件的输出的轰炸。我们无法阻止转储,也看不到拦截它的方法。这是我们在每个请求中看到的输出示例:
11/20/2019 04:42:27.072 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(2) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: Informing Windows we are a Credential Manager
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(2) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(4) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: Informing Windows we don't support the requested feature
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(4) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(6) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: Informing Windows we don't support the requested feature
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(6) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(11) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: Informing Windows we don't support the requested feature
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(11) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(9) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: Informing Windows we don't support the requested feature
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(9) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(8) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: Informing Windows we don't support the requested feature
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> NetworkProvider.Debug: NPGetCaps(8) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> CredentialManager.Debug: NPLogonNotify({****, ****}, 'MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********, 'SvcCtl', nullptr, 0x********) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackagePair.Debug: AuthPackagePair::AuthPackagePair('MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********) Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackagePair.Debug: AuthPackagePair::AuthPackagePair('MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********) Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> CredentialManager.Debug: Validated supplied credential package; delegating to appropriate handler
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: netprov::raise_logon_complete() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Activity: Received notification of Interactive account log-on
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: AccountLogonEventHandler::on_auth_complete() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Debug: Querying whether to communicate with business logic...
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::AuthPackageProperties() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: Determining whether username contains a domain name...
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::AuthPackageProperties() Exited
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_domain_account() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_local_account() Entered
11/20/2019 04:42:27.074 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: Determining whether supplied domain-name represents a domain or computer name
11/20/2019 04:42:27.075 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_local_account() Exited
11/20/2019 04:42:27.075 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_domain_account() Exited
11/20/2019 04:42:27.075 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Activity: Network provider is enabled; notifying the business logic
11/20/2019 04:42:27.075 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Debug: Transmitting information to business logic
11/20/2019 04:42:27.075 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Debug: Requesting COM interface from business logic
11/20/2019 04:42:27.084 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: AccountLogonEventHandler::on_auth_complete() Exited
11/20/2019 04:42:27.084 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: netprov::raise_logon_complete() Exited
11/20/2019 04:42:27.084 AM TestConsoleApp(26668,26672) <my_ID> CredentialManager.Debug: NPLogonNotify({****, ****}, 'MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********, 'SvcCtl', nullptr, 0x********) Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> CredentialManager.Debug: NPLogonNotify({****, ****}, 'MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********, 'SvcCtl', nullptr, 0x********) Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackagePair.Debug: AuthPackagePair::AuthPackagePair('MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********) Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> InteractiveAuthPackage.Debug: InteractiveAuthPackage::InteractiveAuthPackage() Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackagePair.Debug: AuthPackagePair::AuthPackagePair('MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********) Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> CredentialManager.Debug: Validated supplied credential package; delegating to appropriate handler
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: netprov::raise_logon_complete() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Activity: Received notification of Interactive account log-on
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: AccountLogonEventHandler::on_auth_complete() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Debug: Querying whether to communicate with business logic...
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::AuthPackageProperties() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: Determining whether username contains a domain name...
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::AuthPackageProperties() Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_domain_account() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_local_account() Entered
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: Determining whether supplied domain-name represents a domain or computer name
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_local_account() Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> AuthPackageProperties.Debug: AuthPackageProperties::is_domain_account() Exited
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Activity: Network provider is enabled; notifying the business logic
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Debug: Transmitting information to business logic
11/20/2019 04:42:27.127 AM TestConsoleApp(26668,26672) <my_ID> ServiceCommsChannel.Debug: Requesting COM interface from business logic
11/20/2019 04:42:27.128 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: AccountLogonEventHandler::on_auth_complete() Exited
11/20/2019 04:42:27.128 AM TestConsoleApp(26668,26672) <my_ID> AccountLogonEventHandler.Debug: netprov::raise_logon_complete() Exited
11/20/2019 04:42:27.128 AM TestConsoleApp(26668,26672) <my_ID> CredentialManager.Debug: NPLogonNotify({****, ****}, 'MSV1_0:Interactive', 0x********, 'MSV1_0:Interactive', 0x********, 'SvcCtl', nullptr, 0x********) Exited
我们已将其移交给我们的 IT 部门,但找不到任何人知道最近的更新发生了什么变化。以上情况发生在登录类型和登录提供程序的任意组合中。输出与呈现给我们的完全一样,除了我在每一行用 my_ID 替换了我自己的 ID。
这不是我们以任何方式特别要求的,谷歌搜索每一行的任何部分似乎都没有产生任何信息。有谁知道这些消息的原因(在 Windows、Active Directory 中设置,其他)? CredentialManager 行脱颖而出,但我找不到与 Credential Manager 相关的任何内容来排除此信息。
我们在想,也许这是一个可以在某个地方启用的设置,用于一些后端故障排除并被保留,或者它可能是一个通过最新一轮更新推送到我们所有机器的设置,但我们真的不知道。
如有任何帮助,我们将不胜感激!
因为某些操作可能会将程序的日志级别设置为高级别,导致一些信息,如info、debug、系统状态变化等信息被记录。可以试试这个link中的方法修改注册表
这些不是 Windows 任何形式的调试条目。 None 这些文本行匹配任何内容 Windows 将永远写入内部调试跟踪或外部日志(或者至少,不是任何最近的 Win 10 版本)。
因此我希望这是一个第三方安全插件。我会查看哪些 DLL 加载到 lsass.exe 或您的进程中没有经过 Microsoft 签名,或者您的应用程序的元数据。