Archive for May, 2008

Winlogon Notification Package

What is that? MSDN say’s: A Winlogon Notification Package is a DLL that exports functions that handle Winlogon events. For example, when a user logs onto the system, Winlogon calls each notification package’s logon event handler function to provide information about the event.

Header conversion of Event Tracing API for Windows

I am proud to announce the completed conversion of the Microsoft Event Tracing API for Windows (ETW). What is ETW anyway? MSDN says: Event Tracing for Windows (ETW) provides application programmers the ability to start and stop event tracing sessions, instrument an application to provide trace events, and consume trace events. Trace events contain an [...]

JWSCL provides access to auto pointers or objects. It means that allocated space or objects are automtically destroyed/freed as soon as the auto object runs out of scope. What is a scope? A scope exists as long as the (I say) parent object exists. Parent objects can be: The process. The auto pointer and thus [...]

This simple example shows how you can change the target session of a new process.

Article recommendation: Code injection

I just finished reading this excellent article about code injection. However the article doesn’t go just into the “how to” stuff but also goes deeply into the organization of executable files. I have to thank Ashkbiz Danehkar for sharing his expert knowledge. Go ahead, take your time and read Inject your code to a Portable [...]

Did you know? #9

The group TrustedInstaller is not called “TrustedInstaller” but “NT SERVICE\Trusted Installer“. Yes with a slash and space in it.

Did you know? ShellExecuteEx ignores the active desktop (the one that has input). It just starts the application on the default desktop (winsta0\default). However ShellExecute (without Ex) works fine with multiple desktops. Unfortunately, the last function isn’t that powerful.

Did you know? #8

TMessage is not TMsg! TMessage is defined in Unit Messages and should not be mixed up with TMsg (Windows.pas) in the following case:

Did you know? #7

You cannot impersonate a pipe until you have read from it. Even a write call doesn’t work. So a service has to wait for a dummy client write call until it can check the client’s token. The following codes shows how multi instance pipe server could look like. Be aware that I wrote this to [...]

Did you know? #6

If you create a new process without adding the environment block (by calling CreateEnvironmentBlock) the new process may fail to call Shellexecute and some other functions. Don’t think that the enviroment variables aren’t that important. Find out more about CreateProcess in the post about “CreateProcess in full glory“.

Paypal donation (EUR)



May 2008
« Apr   Jun »