09 Apr
Posted by: Christian Wimmer in: JEDI Windows Security Code Lib
Whenever you impersonate a running thread and create a new thread while impersonating, your new thread will not get impersonated, too. The new thread will run without any thread token and thus a called function will use the process token instead. So you have to impersonate the new thread again. Ignoring that fact may [...]
19 Mar
Posted by: Christian Wimmer in: JEDI Windows API Headers
Yesterday, I described how to get the process of a window. Today I show you how to obtain the threads of a process.
There are two ways to retrieve all the threads of a foreign process.
Use the Tool Help Library. There is also a sample about enumerating threads. So I am not going to to show [...]
19 Mar
Posted by: Christian Wimmer in: JEDI Windows API Headers, JEDI Windows Security Code Lib
It is impossible to use SetThreadDesktop and the VCL at the same time because a thread can only show windows on one desktop at a time. However VCL is not written for the use with multiple threads, so there is no way to show Delphi forms of same process on two different desktops. SetThreadDesktop [...]
This answer is very easy - just use GetWindowThreadProcessId
JWA declares it as followed:
function GetWindowThreadProcessId(hWnd: HWND; lpdwProcessId: LPDWORD): DWORD; stdcall;
The function returns an identifier (not a handle) and also may set lpdwProcessId to the identifier (again not a handle!) if it is not nil. Be aware that identifiers aren’t handles, so you must not close them [...]
As you maybe already have noted, I use the ProcessExplorer of Mark Russinovich a lot. It is a very powerful tool, that can help you finding out what’s going on in your Windows system…
Processes
Threads
Properties
Handles
Kernel
Bluescreens (WinDbg)
and many more
If you are interested in getting an introduction into the great application, you should watch this video. Mark presents [...]
15 Mar
Posted by: Christian Wimmer in: JEDI Windows Security Code Lib
Some functions (like ExitWindowsEx) need a privilege (SE_SHUTDOWN_NAME) to be enabled to work properly.
With the help of JWSCL this task is made very easy.
JWSCL provides several ways to enable and disable privileges.
Use the methods of TJwSecurityToken
Use the function JWEnablePrivilege
Use the interface IJwPrivilegeScope
Send post as PDF to convert this post to pdf.