JEDI Windows API
Recently, I found an article about some API headers of the JEDI library. The article pointed to the very old JEDI API site
which contains FTP links to the Delphi API header units.
However the FTP server is empty and so all the links are invalid.
Luckily, you can find the most recent versions in our Download Area. (The unit may slightly be changed.)
If you ever want to point to the API headers you should use the Sourceforge download site (Of course you can choose a package).
convert this post to pdf. Frequently Given Answers written by Jonathan de Boyne Pollard is a plain html website that you may be interested in. Well, I was because it has some good points about how Windows works - and some more unrelated Windows stuff:
convert this post to pdf. Reading physical memory size from the registry
20 Mar
Posted by: Remko in: Common, JEDI Windows API Headers
I’m working on a new build of TSAdminEx for which I need to query the total amount of physical memory. Locally we can use the GlobalMemoryStatusEx API but there’s no API to do this remotely. It would be possible using WMI but I decided not to use that because I dislike it because of it’s slowness and I need support for older OS versions which might not have WMI. So I found in the registry the following key:
HKLM\HARDWARE\RESOURCEMAP\System Resources\Physical Memory
It has a value .Translated of type RES_RESOURCE_LIST which seems undocumented besides stating that it exists. Regedit knows how to handle it though. If you doubleclick on the key you will see something like this: Read the rest of this entry »
convert this post to pdf. There are a lot of setups out there which just copy some files and then run the application. I often wonder why they really need Administrator rights at all. So IMO, if you want to create a setup for your product you should really consider the following question:
Does your setup really need Administrator rights?
convert this post to pdf. When 4 bytes can be too much
16 Mar
Posted by: Christian Wimmer in: JEDI Windows API Headers, JEDI Windows Security Code Lib
Recently, I’ve found a bug in JWSCL. It happened that the function GetInheritanceSourceW didn’t work for me anymore. A long time ago I used this function for the last time and now again. However the strange thing was that the function returned no error but it didn’t fill a result array with expected inheritance data. The result was always zero for all members of the structure. What happened?
convert this post to pdf. TakeControl of Your Files
10 Mar
Posted by: Christian Wimmer in: JEDI Windows Security Code Lib, JWSCL Downloads
Recently my Windows Vista partition ran out of disk space. Well, the partition has 30GiB but that is not enough even if you choose to install 3rd party software on a separate disk. The main reason why Windows Vista needs so much space is the WinSxS folder which contains a lot of DLL files and more (at least for me). I don’t want to go into detail here but this folder holds (nearly) duplicate files for compability and language reasons.
Read the rest of this entry »
convert this post to pdf.
TSAdminEx Beta release
23 Feb
Posted by: Remko in: JEDI Windows API Headers, JEDI Windows Security Code Lib
A couple of days ago I finished a first beta of my tool TSAdminEx. If you don’t know what TSAdminEx is let me briefly introduce it:
TSAdminEx is a tool that combines functionality of several existing tools: it has the power of task manager combined with the details of Process Explorer and the Terminal Server support of TSAdmin. On top of that it fully supports remote systems out of the box without installing any agents or services. It also has some unique features that neither of the mentioned tools can do!
You may wonder why I am writing about it on the Delphi Jedi blog, the answer is that TSAdminEx was written in Delphi and uses Jwa and Jwscl. As you might expect my Terminal Server unit (JwsclTerminalServer) is the engine of TSAdminEx.
If you got interested you can take a look at my personal blog.
PS: I am still looking for beta testers!
convert this post to pdf. If you wonder why articles aren’t released that frequently any more, you should know that currently I am in the middle of some other (not JEDI related) projects (at my university). However I’m also going to prepare some huge improvements in JWSCL. New features are added and more testing is done too - for your benefit.
If you like you can also release a Windows API or JWSCL (Security API) related article here. I would be happy to help! Just contact me here.
convert this post to pdf. Some people know Remko Weijnen’s blog about stuff regarding Windows Terminal Server. If you don’t you should read his articles. You’ll get a deep insight how Windows works.
Recently another author published an article about TS internals on Remko’s blog. Danila Galimov exposes how communication is done between Terminal Service and a Terminal Session (like RDP or Console Session).
He uses this knowledge to create a completely new Session in Windows XP, which contains an idle winlogon. Read the rest of this entry »
convert this post to pdf. The following code is really simple. It restricts access to the current process. In this way no other process can open the process handle and for example terminate this process.
JwaWindows,
JwsclSecureObjects,
JwsclDescriptor,
JwsclToken,
JwsclTypes,
JwsclAcl,
JwsclKnownSid;
var
SD : TJwSecurityDescriptor;
hProcess : TJwProcessHandle;
begin
JwInitWellKnownSIDs;
hProcess := OpenProcess(READ_CONTROL or WRITE_DAC, false, GetCurrentProcessId());
if hProcess <> 0 then
try
SD := TJwSecureGeneralObject.GetSecurityInfo(hProcess,SE_KERNEL_OBJECT, [siDaclSecurityInformation]);
try
SD.DACL.Clear;
SD.DACL.Add(TJwDiscretionaryAccessControlEntryAllow.Create(nil, [], GENERIC_ALL, JwLocalSystemSID));
//allow read access to the current user
SD.DACL.Add(TJwDiscretionaryAccessControlEntryAllow.Create(nil, [], GENERIC_READ, JwSecurityProcessUserSID));
TJwSecureGeneralObject.SetSecurityInfo(hProcess, SE_KERNEL_OBJECT, [siDaclSecurityInformation], SD);
finally
SD.Free;
end;
finally
CloseHandle(hProcess);
end;
end;
However there are some problems:
- This code does not prevent the user from reverting the process DACL to the original state. An owner of the process can always change the DACL even if she is not listed in it. So the code just prevents a beginner from closing the application forcefully.
- Any user with the DEBUG privilege can open the process with full access using OpenProcess. The taskmanager uses this way to terminate a process - if TaskManager is started with administrative rights.
The only way to prevent a restricted user from terminating the application is to run the process with a foreign account (e.g. CreateProcessAsUser) and make sure that the user is not listed in the DACL. However if this user gets the DEBUG privilege the game is over.
convert this post to pdf. Search
Paypal donation (EUR)
Categories
Archives
Tags
ACL callback COM Conversion CreateProcess DACL Delphi dialog DidYouKnow DLL documentation Download elevation factory file Handle header HowTo interface JWA JWSCL Kernel Microsoft KillProcess Laptop mail mailinglist manifest permission Privilege Process ProcessExplorer RunEl Russinovich Service Setup Sid TerminateProcess Theme Thread Token UAC user Vista Window WindowsRecent Posts
Recent Comments
Blogroll
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « May | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | ||