'link/window general'에 해당되는 글 71건

  1. 2015.01.06 GPO settting
  2. 2014.12.31 GPO Function
  3. 2014.12.10 Get command line other program
  4. 2014.11.05 When launch UAC prompt (legacy prgram)
  5. 2014.10.23 Events relate to drive
  6. 2014.09.24 command line parameter
  7. 2014.02.28 Restricting Privileges on Windows
  8. 2014.02.19 Install Printer with RUNDLL32
  9. 2014.02.06 User Account Control (UAC)
  10. 2013.11.15 Redirect Registry on WOW64
2015. 1. 6. 12:51

GPO settting

2015. 1. 6. 12:51 in link/window general

Loopback processing of Group Policy

Posted by cobaltic5
2014. 12. 31. 13:31

GPO Function

2014. 12. 31. 13:31 in link/window general

GPO Function

Determine When Group Policy Changes are Applied

-    RegisterGPNotification

-    WM_SETTINGCHANGE

Posted by cobaltic5
2014. 12. 10. 18:13

Get command line other program

2014. 12. 10. 18:13 in link/window general

Get the command line of a process

Get Process Info with NtQueryInformationProcess

Get command line string of 64-bit process from 32-bit process


hooking

Getting a command line for another process

Posted by cobaltic5
2014. 11. 5. 10:49

When launch UAC prompt (legacy prgram)

2014. 11. 5. 10:49 in link/window general

Installer Detection Technology


Installer Detection only applies to:

1. 32 bit executables

2. Applications without a requestedExecutionLevel

3. Interactive processes running as a Standard User with LUA enabled

Before a 32 bit process is created, the following attributes are checked to determine whether it is an installer:

  • Filename includes keywords like "install," "setup," "update," etc.
  • Keywords in the following Versioning Resource fields: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
  • Keywords in the side-by-side manifest embedded in the executable.
  • Keywords in specific StringTable entries linked in the executable.
  • Key attributes in the RC data linked in the executable.
  • Targeted sequences of bytes within the executable.


Posted by cobaltic5
2014. 10. 23. 16:30

Events relate to drive

2014. 10. 23. 16:30 in link/window general

Events relate to the drive


Win32_VolumeChangeEventNetwork drives are not currently supported.

WM_DEVICECHANGE

SHChangeNotifyRegister

Posted by cobaltic5
2014. 9. 24. 16:15

command line parameter

2014. 9. 24. 16:15 in link/window general

information of command line parameter


http://ss64.com/nt/syntax-esc.html


Parsing C++ Command-Line Arguments

Posted by cobaltic5
2014. 2. 28. 16:01

Restricting Privileges on Windows

2014. 2. 28. 16:01 in link/window general

http://edc.tversu.ru/elib/inf/0088/0596003943_secureprgckbk-chp-1-sect-2.html


Running as Limited User - the Easy Way


Posted by cobaltic5
2014. 2. 19. 17:55

Install Printer with RUNDLL32

2014. 2. 19. 17:55 in link/window general

http://support.microsoft.com/kb/314486/en-us

rundll32 printui.dll,PrintUIEntry /?
rundll32 printui.dll,PrintUIEntry /il


Posted by cobaltic5
2014. 2. 6. 15:47

User Account Control (UAC)

2014. 2. 6. 15:47 in link/window general

Windows Vista for Developers – Part 4 – User Account Control

http://weblogs.asp.net/kennykerr/archive/2006/09/29/Windows-Vista-for-Developers-_1320_-Part-4-_1320_-User-Account-Control.aspx


Designing Applications to Run at a Low Integrity Level


Communication between low-integrity and higher-integrity processes

Low-integrity processes are not completely isolated from other applications. They can interact with other processes. In fact, without some forms of collaboration, applications running at low integrity may seem to the user to be completely broken.

Some forms of IPC are available for low-integrity processes to communicate with higher-integrity processes. Components in Windows Vista block the following types of communication.

  • Most window messages and process hooks are blocked by UIPI.
  • Opening a process and using CreateRemoteThread is blocked by the mandatory label on process objects.
  • Opening a shared memory section for write access is blocked.
  • Using a named object created by a higher integrity process for synchronization is blocked by the default mandatory label.
  • Binding to a running instance of a COM service is block.
    However, you can use other types of communication between a low-integrity process and a higher-integrity process. The types of communication that you can use include:
  • Clipboard (copy and paste)
  • Remote procedure call (RPC)
  • Sockets
  • Window messages that the higher-integrity process has been explicitly allowed to receive from lower-integrity processes by calling ChangeWindowMessageFilter
  • Shared memory, where the higher-integrity process explicitly lowers the mandatory label on the shared memory section
    Important
    This is particularly dangerous, and the higher-integrity process must be careful to validate all data that is written to the shared section.

  • COM interfaces, where the launch activation rights are set programmatically by the higher-integrity process to allow binding from low integrity clients
  • Named pipes, where the creator explicitly sets the mandatory label on the pipe to allow access to lower-integrity processes

http://msdn.microsoft.com/en-us/library/bb625960.aspx

Posted by cobaltic5
2013. 11. 15. 10:40

Redirect Registry on WOW64

2013. 11. 15. 10:40 in link/window general

Registry ReDirect

http://msdn.microsoft.com/en-us/library/windows/desktop/aa384232(v=vs.85).aspx

http://msdn.microsoft.com/en-us/library/windows/desktop/aa384253(v=vs.85).aspx


Posted by cobaltic5
prev Prev 1 2 3 4 5 6 ··· 8 Next next

티스토리툴바