Archive for March, 2008

This simple code excerpt can only be run under SYSTEM account (say in a service). It retrieves the token from the logged on user – especially the user at the physical console. Or in other words the user data of the person that sits in front of the computer. The main code which does the [...]

The units from JWSCL

This is just an index of available units of the JEDI Windows Security Code Library. Find out more about these units in the corresponding help documentation by clicking on it. The help is also available from the JWSCL doc site. And if you seek an offline version with search function, download it directly from the [...]

A NULL-DACL (or nil if you wish) defines a none existing discretionary access control list. If the system encounters such a nil pointer, it automatically grants access to all principals including foreigners who are not authenticated. WinAPI receives a nil pointer and checks for a flag like SE_DACL_PRESENT (security descriptor flag) or DACL_SECURITY_INFORMATION (functions like [...]

ACE order

The order of access control elements in an access control list is the following: explicit Deny elements explicit Allow elements inherited Deny elements inherited Deny elements It is also called the canonical order.

Obtain the user’s profile picture (2nd update).

In Windows XP there is a simple way to obtain the image you can see on the logon desktop right next to the username. All images are located in one folder and named after the user’s name. “C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\User Account Pictures\<username>.bmp” I am using a german translation, so you dont just copy the [...]

Because exceptions are more likely to be noticed. Nearly all Windows API functions use boolean return values in combination with GetLastError. However a programmer is not binded to check for a return value or use GetLastError. In contrast to return values, exceptions are more shattering. You have to catch them or otherwise the following code [...]

It is used for debugging purposes only. Define DEBUG in compiler directives in your project settings to enable it. You can get information about the SID and display them in the watch window or use the mouse hoover feature.

There are many error messages in a Windows System. Actually a MSDN article describes them – or better: part of them. However they weren’t enough for me, so I decided to get all of them.

Why are your samples incomplete?

Our sample codes are often not complete as they were posted. Here are the reasons: We are lazy Samples are called samples because they aren’t whole projects. Neither are examples. Long lines of code are boring to read Readers should not expect from us to do their work It is more fun to create your [...]

How to use a Security Attribute structure Part #2

This discussion continues How to use a SecurityAttribute structure. Last time we used the SecurityAttribute parameter in CreateFile to change the security descriptor of the newly created file. However this approach did not add inherited access control elements from the parent folder. We are about to change that. Filesystem and Registry-key inheritance is implemented since [...]

Paypal donation (EUR)



March 2008
« Dec   Apr »