$theTitle=wp_title(" - ", false); if($theTitle != "") { ?>
About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
23 Dec // php the_time('Y') ?>
In part 1 I showed how winlogon.exe registers its process and main window handle.
In the SasCreate function, winlogon.exe registers hotkeys like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | const MOD_SAS = $8000; RegisterHotKey(SasWindow, 0, MOD_SAS or MOD_CONTROL or MOD_ALT, VK_DELETE); {$IFDEF CHECKED_BUILD} RegisterHotKey(SasWindow, 1, MOD_ALT or MOD_CONTROL or MOD_SHIFT, VK_DELETE); // handler just calls NtShutdownSystem if EnableDesktopSwitching then RegisterHotKey(SasWindow, 2, MOD_ALT or MOD_CONTROL, VK_TAB); // handler switches default and winlogon desktops if WinlogonInfoLevelFlag then RegisterHotkey(SasWindow, 3, MOD_ALT or MOD_CONTROL or MOD_SHIFT, VK_TAB); // handler just calls DebugBreak {$ENDIF} RegisterHotKey(SasWindow, 4, MOD_CONTROL or MOD_SHIFT, VK_ESCAPE); // handler executes task manager {$IFDEF WINXP_OR_LATER} RegisterHotKey(SasWindow, 5, MOD_WIN, Byte('L'); // handler locks the workstation RegisterHotkey(SasWindow, 6, MOD_WIN, Byte('U'); // handler executes utilman on current desktop {$ENDIF} |
Did you notice the MOD_SAS constant? (more…)
19 Dec // php the_time('Y') ?>
Windows XP X64 shares the same binaries with Windows 2003 X64, but Terminal Server has some restrictions on XP. This article shows you how to get rid of them and is based on cw2k ideas from the original Windows XP Terminal Server patch.
Version 1.1 contains bug#1 fix and is smaller (less bytes are changed).
1) Winlogon.exe contains a function, called EnumerateMatchingUsers which in turn calls IsProfessionalTerminalServer function. We need to patch this function to return zero (false):
.text:0000000100042F77 IsProfessionalTerminalServer proc near ; CODE XREF: EnumerateMatchingUsers:loc_10002B44Bp
.text:0000000100042F77 ; DATA XREF: .pdata:00000001000D01DCo …
.text:0000000100042F77
.text:0000000100042F77 VersionInformation= _OSVERSIONINFOW ptr -138h
.text:0000000100042F77 var_20 = word ptr -20h
.text:0000000100042F77 var_ 1E = byte ptr -1Eh
.text:0000000100042F77 var_18 = qword ptr -18h
.text:0000000100042F77
.text:0000000100042F77 48 81 EC 58 01 00 00 sub rsp, 158h => 31 C0 C3 xor eax, eax; retn
.text:0000000100042F7E 48 8B 05 F3 3A 08 00 mov rax, cs:__security_cookie
.text:0000000100042F85 48 89 84 24 40 01 00 00 mov [rsp+158h+var_18], rax
.text:0000000100042F8D 48 8D 4C 24 20 lea rcx, [rsp+158h+VersionInformation] ; void *
.text:0000000100042F92 33 D2 xor edx, edx ; int
19 Dec // php the_time('Y') ?>
On a Citrix or Terminal Server you will want to disable autoupdate notifications of the flash player.
This can be done by creating a file mm.cfg in the folder where the flash ActiveX control is installed (normally C:\Windows\System32\Macromed\Flash).
Place the following line in this file (with a text editor like Notepad):
AutoUpdateDisable=1
Be sure to save the file with UTF-8 encoding, this can be selected in the Save As dialog in Notepad:
Ofcourse you are aware that only certain Flash versions are supported (and optimized) in Citrix? At this time these versions are: 7a, 8, 8b, 9, 9c, and 9d.
13 Dec // php the_time('Y') ?>
Win32 API provides only 1 function for locking workstation, named LockWorkstation. What does it do and how we can use it?
When a new session is started, smss.exe invokes winlogon.exe. It registers its process id in win32k.sys by calling RegisterLogonProcess. It has this prototype: (more…)
10 Dec // php the_time('Y') ?>
Windows has a couple of different formats for volume names but it is unclear how to convert a Volumename (example: \\?\Volume{GUID}\) to a DeviceName (example: \Device\HarddiskVolume1).
I found at that you can use the QueryDosDevice function but you need to remove the preceeding \\?\ and the trailing \ of the VolumeName:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | function VolumeNameToDeviceName(const VolName: String): String; var s: String; TargetPath: Array[0..MAX_PATH] of WideChar; bSucceeded: Boolean; begin Result := ''; // VolumeName has a format like this: \\?\Volume{c4ee0265-bada-11dd-9cd5-806e6f6e6963}\ // We need to strip this to Volume{c4ee0265-bada-11dd-9cd5-806e6f6e6963} s := Copy(VolName, 5, Length(VolName) - 5); bSucceeded := QueryDosDeviceW(PWideChar(WideString(s)), TargetPath, MAX_PATH) <> 0; if bSucceeded then begin Result := TargetPath; end else begin // raise exception end; end; |
9 Dec // php the_time('Y') ?>
One of the side effects of using sysprep to prepare an image is that drive letter assignments are reset to default. This behaviour is documented in a knowledge base article.
I previously solved this by running a diskpart script but that needed a custom script for each system (if the disk or partition order differs the script needed to be adjusted). So I needed to run a restore with sysprep determine the drive layout after sysprep, change the script, test by restoring again. So I wrote a commandline tool that can change a drive letter assignment based on the volume label.
9 Dec // php the_time('Y') ?>
A while ago I published a patch for Windows 2003 Terminal Server that allows more than 2 concurrent sessions in Remote Administration mode.
Today I publish the same patch but for Windows Server 2003 X64. The patched function (CRAPolicy::Logon) is the same as in the original patch.
9 Dec // php the_time('Y') ?>
Up until now I used VPatch for all my patches. The disadvantage of VPatch is that it uses strict MD5 hash checks. This means that a patch can only be applied to exactly the same file the patch was based on (exact same build and language).
Because many people are asking for patches for other builds and languages I decided to move over to another patch mechanism. This will use search & replace on specific Hex bytes.
The consequence is that patching another build or language version is possible. However there is no absolute certaintity that the patch will work on other builds or languages. Ofcourse the patcher will only patch if the specific bytes were found which is safer than patching an offset.
It’s up to the user to carefully test the patched file and hopefully report back to me if it’s working.
Now I will describe how to use this universal patcher.