Friday, May 15, 2009
Monday, May 4, 2009
Making a console application invisible, avoid unnecessary pop-ups.
If you have a non interactive console application, let it be an invisible application, you can always generate logs for troubleshooting. If you want to run a console application without console pop-ups, from startup folder or ‘Run’ registry key, you need to make following changes to the console project. The basic idea is to make your console project a windows application.
Step 1:
Go to Project Properties -> C/C++ ->Preprocessor.
Replace _CONSOLE with _WINDOWS.
Step 2:
Go to Project Properties-> Linker -> Subsytem.
Replace Console (/SUBSYSTEM:CONSOLE) with Windows (/SUBSYSTEM:WINDOWS).
Step 3:
Replace _tmain()/main() with WinMain(). If your console application uses command line arguments you need to make appropriate changes for WinMain().
Step 4:
Build and run the application, it will do the same operations, however, without any console pop-up.
Step 1:
Go to Project Properties -> C/C++ ->Preprocessor.
Replace _CONSOLE with _WINDOWS.
Step 2:
Go to Project Properties-> Linker -> Subsytem.
Replace Console (/SUBSYSTEM:CONSOLE) with Windows (/SUBSYSTEM:WINDOWS).
Step 3:
Replace _tmain()/main() with WinMain(). If your console application uses command line arguments you need to make appropriate changes for WinMain().
Step 4:
Build and run the application, it will do the same operations, however, without any console pop-up.
Friday, April 24, 2009
Tuesday, March 31, 2009
Buffer Overflow Attacks
Sunday, March 29, 2009
Vista session 0 isolation, launching UI based applications from Windows Services in Vista.
/*
After going thru few samples, I came up with the following code which worked for me. I used a service running in Local System Account to test this sample.
http://blogs.technet.com/askperf/archive/2007/04/27/application-compatibility-session-0-isolation.aspx
*/
BOOL LaunchAppIntoInteractiveSession(CHAR *szCommandline, DWORD &dwExitCode)
{
BOOL bResult = TRUE;
DWORD dwSessionId = 0;
HANDLE hUserToken = NULL, hUserTokenDup = NULL;
DWORD dwCreationFlags = 0;
// Get active session
dwSessionId = WTSGetActiveConsoleSessionId();
if (!WTSQueryUserToken(dwSessionId, &hUserToken))
{
//handle the error
goto Cleanup;
}
if (!DuplicateTokenEx(hUserToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hUserTokenDup))
{
//handle the error
goto Cleanup;
}
LPVOID lpEnvironment = NULL;
/*if(CreateEnvironmentBlock(&lpEnvironment, hUserTokenDup, TRUE))
{
dwCreationFlags = CREATE_UNICODE_ENVIRONMENT;
}
else
{
lpEnvironment = NULL;
}*/
PROCESS_INFORMATION pi;
STARTUPINFO si;
dwCreationFlags = NORMAL_PRIORITY_CLASS CREATE_NEW_CONSOLE;
ZeroMemory(&si, sizeof(STARTUPINFO));
si.cb= sizeof(STARTUPINFO);
si.lpDesktop = "winsta0\\default";
ZeroMemory(&pi, sizeof(pi));
// Launch the process in the client's logon session.
if (!CreateProcessAsUser(
hUserTokenDup, // client's access token
NULL, // file name
szCommandline, // commandline to execute
NULL, // pointer to process SECURITY_ATTRIBUTES
NULL, // pointer to thread SECURITY_ATTRIBUTES
FALSE, // handles are not inheritable
dwCreationFlags, // creation flags
lpEnvironment, // pointer to new environment block
NULL, // name of current directory
&si, // pointer to STARTUPINFO structure
&pi // receives information about new process
))
{
//handle the error
}
//Wait until process exits.
WaitForSingleObject(pi.hProcess, INFINITE);
//Get the process exit code.
if (!GetExitCodeProcess(pi.hProcess, &dwExitCode))
{
//handle the error
goto Cleanup;
}
/*if (!DestroyEnvironmentBlock(lpEnvironment))
{
//handle the error
goto Cleanup;
}
*/
Cleanup:
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread );
CloseHandle(hUserToken);
CloseHandle(hUserTokenDup);
return bResult;
}
After going thru few samples, I came up with the following code which worked for me. I used a service running in Local System Account to test this sample.
http://blogs.technet.com/askperf/archive/2007/04/27/application-compatibility-session-0-isolation.aspx
*/
BOOL LaunchAppIntoInteractiveSession(CHAR *szCommandline, DWORD &dwExitCode)
{
BOOL bResult = TRUE;
DWORD dwSessionId = 0;
HANDLE hUserToken = NULL, hUserTokenDup = NULL;
DWORD dwCreationFlags = 0;
// Get active session
dwSessionId = WTSGetActiveConsoleSessionId();
if (!WTSQueryUserToken(dwSessionId, &hUserToken))
{
//handle the error
goto Cleanup;
}
if (!DuplicateTokenEx(hUserToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hUserTokenDup))
{
//handle the error
goto Cleanup;
}
LPVOID lpEnvironment = NULL;
/*if(CreateEnvironmentBlock(&lpEnvironment, hUserTokenDup, TRUE))
{
dwCreationFlags = CREATE_UNICODE_ENVIRONMENT;
}
else
{
lpEnvironment = NULL;
}*/
PROCESS_INFORMATION pi;
STARTUPINFO si;
dwCreationFlags = NORMAL_PRIORITY_CLASS CREATE_NEW_CONSOLE;
ZeroMemory(&si, sizeof(STARTUPINFO));
si.cb= sizeof(STARTUPINFO);
si.lpDesktop = "winsta0\\default";
ZeroMemory(&pi, sizeof(pi));
// Launch the process in the client's logon session.
if (!CreateProcessAsUser(
hUserTokenDup, // client's access token
NULL, // file name
szCommandline, // commandline to execute
NULL, // pointer to process SECURITY_ATTRIBUTES
NULL, // pointer to thread SECURITY_ATTRIBUTES
FALSE, // handles are not inheritable
dwCreationFlags, // creation flags
lpEnvironment, // pointer to new environment block
NULL, // name of current directory
&si, // pointer to STARTUPINFO structure
&pi // receives information about new process
))
{
//handle the error
}
//Wait until process exits.
WaitForSingleObject(pi.hProcess, INFINITE);
//Get the process exit code.
if (!GetExitCodeProcess(pi.hProcess, &dwExitCode))
{
//handle the error
goto Cleanup;
}
/*if (!DestroyEnvironmentBlock(lpEnvironment))
{
//handle the error
goto Cleanup;
}
*/
Cleanup:
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread );
CloseHandle(hUserToken);
CloseHandle(hUserTokenDup);
return bResult;
}
Friday, February 13, 2009
Allowing access when opening a named pipe from a Service
//Basic idea is create the pipe with a NULL DACL. This code worked for Vista as well.
//http://msdn.microsoft.com/en-us/library/aa379286(VS.85).aspx
BYTE sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(sa);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = &sd;
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
{
//handle the error here
}
//A NULL DACL is assigned to the security descriptor, which allows ALL ACCESS to the named pipe.
if (!SetSecurityDescriptorDacl(&sd, TRUE, (PACL) 0, FALSE))
{
//handle the error here
}
//Use the security descriptor in the CreateNamedPipe()
hPipe = CreateNamedPipe(..., &sa);
//http://msdn.microsoft.com/en-us/library/aa379286(VS.85).aspx
BYTE sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
SECURITY_ATTRIBUTES sa;
sa.nLength = sizeof(sa);
sa.bInheritHandle = TRUE;
sa.lpSecurityDescriptor = &sd;
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
{
//handle the error here
}
//A NULL DACL is assigned to the security descriptor, which allows ALL ACCESS to the named pipe.
if (!SetSecurityDescriptorDacl(&sd, TRUE, (PACL) 0, FALSE))
{
//handle the error here
}
//Use the security descriptor in the CreateNamedPipe()
hPipe = CreateNamedPipe(..., &sa);
Tuesday, December 16, 2008
Subscribe to:
Posts (Atom)
