JEDI Windows API
New threads do not automatically impersonate themselves.
09 Apr
Posted by: Christian Wimmer in: JEDI Windows Security Code Lib
Whenever you impersonate a running thread and create a new thread while impersonating, your new thread will not get impersonated, too. The new thread will run without any thread token and thus a called function will use the process token instead. So you have to impersonate the new thread again. Ignoring that fact may [...]
How to get the threads of a process?
19 Mar
Posted by: Christian Wimmer in: JEDI Windows API Headers
Yesterday, I described how to get the process of a window. Today I show you how to obtain the threads of a process.
There are two ways to retrieve all the threads of a foreign process.
Use the Tool Help Library. There is also a sample about enumerating threads. So I am not going to to show [...]
How to use VCL and SetThreadDesktop
19 Mar
Posted by: Christian Wimmer in: JEDI Windows API Headers, JEDI Windows Security Code Lib
It is impossible to use SetThreadDesktop and the VCL at the same time because a thread can only show windows on one desktop at a time. However VCL is not written for the use with multiple threads, so there is no way to show Delphi forms of same process on two different desktops. SetThreadDesktop [...]
This answer is very easy - just use GetWindowThreadProcessId
JWA declares it as followed:
function GetWindowThreadProcessId(hWnd: HWND; lpdwProcessId: LPDWORD): DWORD; stdcall;
The function returns an identifier (not a handle) and also may set lpdwProcessId to the identifier (again not a handle!) if it is not nil. Be aware that identifiers aren’t handles, so you must not close them [...]
As you maybe already have noted, I use the ProcessExplorer of Mark Russinovich a lot. It is a very powerful tool, that can help you finding out what’s going on in your Windows system…
Processes
Threads
Properties
Handles
Kernel
Bluescreens (WinDbg)
and many more
If you are interested in getting an introduction into the great application, you should watch this video. Mark presents [...]
How to work with privileges EXTENDED version
15 Mar
Posted by: Christian Wimmer in: JEDI Windows Security Code Lib
Some functions (like ExitWindowsEx) need a privilege (SE_SHUTDOWN_NAME) to be enabled to work properly.
With the help of JWSCL this task is made very easy.
JWSCL provides several ways to enable and disable privileges.
Use the methods of TJwSecurityToken
Use the function JWEnablePrivilege
Use the interface IJwPrivilegeScope
Send post as PDF to convert this post to pdf.
Search
Paypal donation (EUR)
Categories
)Most Viewed
- New threads do not automatically impersonate themselves. - 2,449 views
- A rant concerning Unicode and Delphi - 2,023 views
- Run a program elevated. - 1,688 views
- The case of ShellExecute, ShellExecuteEx, CreateProcess and osk.exe (Update) - 1,514 views
- CreateProcess in full glory - 1,451 views
- Winlogon Notification Package - 1,388 views
- The Delphi JEDI Project needs your help - 1,255 views
- Roadmap of JWA & JWSCL - 1,089 views
- RunAsSYS 1.0 preview [update#1] - 1,085 views
- Translucent Windows with Aero - 1,084 views
Tags
ACL callback COM Conversion CreateProcess DACL Delphi dialog DidYouKnow DLL documentation Download elevation factory file Handle header HowTo interface JWA JWSCL Kernel Microsoft KillProcess Laptop mail mailinglist manifest permission Privilege Process ProcessExplorer RunEl Russinovich Service Setup Sid TerminateProcess Theme Thread Token UAC user Vista Window WindowsRecent Posts
Recent Comments
- I am told that size doesn’t matter (anymore)! at Assarbad’s blog on RunAsSYS 1.0 preview [update#1]
- So you want to write a service… by JEDI Windows API on RunAsSYS 1.0 preview [update#1]
- Linco on Calculating Binary Hashes using TJwFileStreamEx
- NeutralGeneral on Calculating Binary Hashes using TJwFileStreamEx
- Ilse on Calculating Binary Hashes using TJwFileStreamEx