Digg this topic Add to my del.icio.us Submit to SlashDot  
Reply to this topicStart new topic
> Winbuilder problems with UAC
booty#1
post Aug 27 2007, 01:44 PM
Post #1


Advanced Member
***

Group: .script developer
Posts: 184
Joined: 30-March 07
Member No.: 4,830


Germany


QUOTE(Nuno Brito @ Aug 27 2007, 02:51 PM) *
Can you load registry hives under user permissions? (IMG:../forums/style_emoticons/default/huh.gif)

That is a good argument - the answer is no.

QUOTE(Nuno Brito @ Aug 27 2007, 02:51 PM) *
It is possible to bypass all security permissions on registry keys when you read them in raw mode - and I guess this is possible even under the guest account.

But not from within a running Windows.

QUOTE(Nuno Brito @ Aug 27 2007, 02:51 PM) *
btw: noticed your latest scripts - excellent work! (IMG:../forums/style_emoticons/default/thumbsup.gif)

Thanks - they can only be good because WinBuilder allows them to be good (IMG:../forums/style_emoticons/default/wink.gif)

booty#1

EDIT by jaclaz:
This thread was splitted from here:
http://www.boot-land.net/forums/index.php?...ic=2940&hl=
Go to the top of the page
 
+Quote Post
smiley
post Aug 27 2007, 01:50 PM
Post #2


Advanced Member
***

Group: .script developer
Posts: 1,011
Joined: 11-August 06
Member No.: 149


Greece


QUOTE
Can you load registry hives under user permissions? (IMG:../forums/style_emoticons/default/huh.gif)

Well, the ansuer is yes!
When microsoft introduced UAC, they added a new api call named RegLoadAppKey which can load a key in the registry with UAC enabled. See here: http://msdn2.microsoft.com/en-us/library/ms724886.aspx
Warning: this function exists only in vista

I suggest you, to make winbuilder use RegLoadKey and if it is run under vista it should use RegLoadAppKey.
Go to the top of the page
 
+Quote Post
Nuno Brito
post Aug 27 2007, 07:07 PM
Post #3


Advanced Member
***

Group: .script developer
Posts: 4,156
Joined: 13-July 06
From: Azores
Member No.: 1


Portugal


QUOTE(smiley @ Aug 27 2007, 01:50 PM) *
I agree with booty#1 that winbuilder's operations should be able to work with user privileges whenever posiible.
Well, the ansuer is yes!
When microsoft introduced UAC, they added a new api call named RegLoadAppKey which can load a key in the registry with UAC enabled. See here: http://msdn2.microsoft.com/en-us/library/ms724886.aspx
Warning: this function exists only in vista

I suggest you, to make winbuilder use RegLoadKey and if it is run under vista it should use RegLoadAppKey.


Thank you - this is something new and I'll look into it as soon as I get back home.

Will it load our traditional setupreg.hiv files? (IMG:../forums/style_emoticons/default/huh.gif)

--------------------------

The registry hives are loaded to a specific kernel memory area - I'm not sure how restricted is the access to this specific memory section but I remember reading some notes from russinovich where he mentions some of his tests.

It seems that hive files are loaded to memory and written back every 2 seconds whenever some of his hive sectors are marked as "dirty".

These details are better provided on a systernals guide. You can find the link on the raw registry discussion topic at the windows sub-forum here on boot-land.

So, from this idea, you can *likely* scan the memory area to find where the registry is placed and from this location read the needed key values.

Since we're just reading data it should be a quite safe process but I can only confirm this method in action once I get back to work and have some time to test it properly.

------------------------------------------------

btw: Are we really going to have a wb that doesn't work on sundays? (IMG:../forums/style_emoticons/default/huh.gif)

How about limiting the daily use of each project to around 10 minutes per day? (my wife would surely like this one.. (IMG:../forums/style_emoticons/default/wink.gif) )

(IMG:../forums/style_emoticons/default/cheers.gif)
Go to the top of the page
 
+Quote Post
smiley
post Aug 27 2007, 07:52 PM
Post #4


Advanced Member
***

Group: .script developer
Posts: 1,011
Joined: 11-August 06
Member No.: 149


Greece


@Nuno:

Nuno, RegLoadAppKey works *almost* in the same way as RegLoadKey (the only difference is that RegLoadAppKey returns a root key handle, whereas RegLoadKey lets you mount the hive under an existing root key)
You don't need to try to write in kernel memory. Usual registry operations will work.
Go to the top of the page
 
+Quote Post
smiley
post Aug 29 2007, 04:33 PM
Post #5


Advanced Member
***

Group: .script developer
Posts: 1,011
Joined: 11-August 06
Member No.: 149


Greece


Bump!
Go to the top of the page
 
+Quote Post
« Next Oldest · Suggestions and Requests · Next Newest »
 

Fast ReplyReply to this topicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:

Collapse

> Similar Topics

  Topic Replies Topic Starter Views Last Action
No New Posts WinBuilder Caption
3 psc 81 10th October 2007 - 11:20 AM
Last post by: Nuno Brito
No New Posts Winbuilder Licensing
8 rt10k 245 4th October 2007 - 07:50 AM
Last post by: Alexei
No New Posts Winbuilder and user account restrictions
13 psc 629 29th August 2007 - 05:11 PM
Last post by: smiley
No New Posts Problems to get VistaPE working :-(
5 Surfy 459 29th July 2007 - 02:50 PM
Last post by: Surfy
No New Posts WINBUILDER
WINBUILDER
1 LAURELADA 993 27th July 2007 - 11:26 PM
Last post by: Giloz


 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

- Lo-Fi Version Time is now: 12th October 2007 - 02:48 PM

MKPortal ©2003-2006 mkportal.it