Remko Weijnen's Blog (Remko's Blog)
About Terminal Server, Citrix, Delphi and other stuff
In part 1 I showed how to create and open objects in Terminal Server Sessions. However, these are not all of the possible places where you can place objects via documented kernel32.dll functions.
If we look into Winobj again, we notice, that every BaseNamedObjects directory has a subdirectory named Restricted. To be honest, I do not know why it’s created; it’s security allows object creation for LocalSystem and RESTRICTED special user (in windows 2000, Everyone can also create objects in it). So, we can use it as prefix for object creation, for example, Restricted\MyAppEvent: 
Of course, you can still use Global, Local, or Session links for accessing objects in Restricted directory, e.g. Global\Restricted\Objname, Session\6\Restricted\Objname. You can always create objects in Global\Restricted directory, while may fail creating objects in session’s Restricted directory.
What if you will use Session link, but do not add the session number to it (like Session\MyAppEvent)? It is allowed, and you’ll have your object created into the \Sessions\BNOLINKS directory: 
So if you want to hide your object, but still share it with someone else, you can use it.
Download new SessionObjects version 1.1: it creates objects in all possible places.
Session Objects 1.1 (136)
Related posts:
Profile
Tags
Active Directory Altiris bug Citrix Dell Delphi Exchange Exchange2003 Exchange2010 Hewlett-Packard HP iOS Jailbreak Java LinkedIn Linux MSI MySQL Navigation Objects Office Outlook Passat PowerPoint PowerShell referall was returned RNS315 RNS510 SasLibEx script slow Terminal Server ThinApp TSAdmin TSAdminEx VBS VCDS Vista VMWare Volkswagen Windows PE WLAN Wordpress WTSWaitSystemEvent wts_event_flush
WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.
Recent Tweets
- 249 followers, would be nice to make that a round number... 15 hours ago
- RT @FlitsApp: Nieuwe update van flitsers iphone over enkele uren online. ~ Nice, nog andere verbeteringen/toevoegingen? 1 day ago
- RT @JeroenTielen: Er ligt al 24 cm sneeuw in Zeewolde. :) http://t.co/IJRQgars <~LOL! 1 day ago
- Quicky: Lookup kms licensing server DNS record: nslookup -type=srv _vlmcs._tcp #Windows #KMS #Licensing 1 day ago
- Did anyone manage to get the Lync client running multiple times so we can have multiple connections? Maybe using ThinApp? 3 days ago
Views
Recent Comments
- Tony K on Patch Windows 2003 Terminal Server to allow more than 2 concurrent sessions
- Remko on VM not joined to Domain after Deploying from Template
- Remko on Patch Windows 2003 Terminal Server to allow more than 2 concurrent sessions
- Tony K on Patch Windows 2003 Terminal Server to allow more than 2 concurrent sessions
- Konflikt on VM not joined to Domain after Deploying from Template
Donate
Blogroll
- Andrew Morgan
- Arnout’s blog
- Assa’s Blog
- Barry Schiffer
- Delphi Praxis
- Ingmar Verheij
- Jedi Api Blog
- Jedi API Library
- Jeroen Tielen
- Kees Baggerman
Categories
- .NET (1)
- Active Directory (25)
- Altiris (36)
- Apple (3)
- Application Compatibility (7)
- Automotive (2)
- C# (1)
- C++ (1)
- Citrix (54)
- Delphi (55)
- Embedded (4)
- Exchange (16)
- General (57)
- iPhone (4)
- Java (7)
- Oracle (4)
- Packaging (18)
- PowerShell (31)
- Programming (73)
- RES (1)
- script (18)
- SQL Server (10)
- Strange Error (3)
- Terminal Server (64)
- Unattended Installation (18)
- Uncategorized (31)
- Vista (34)
- VMWare (20)
- Windows 2003 (20)
- Windows 2008 (32)
- Windows 2008 R2 (11)
- Windows 7 (23)
- Windows Internals (8)
- Windows XP (12)
Archives
- January 2012 (9)
- December 2011 (9)
- November 2011 (4)
- October 2011 (5)
- September 2011 (10)
- August 2011 (10)
- July 2011 (2)
- June 2011 (8)
- May 2011 (12)
- April 2011 (4)
- March 2011 (14)
- February 2011 (8)
- January 2011 (32)
- December 2010 (23)
- November 2010 (19)
- October 2010 (10)
- September 2010 (6)
- August 2010 (1)
- July 2010 (1)
- June 2010 (6)
- March 2010 (7)
- February 2010 (3)
- December 2009 (3)
- November 2009 (11)
- September 2009 (2)
- July 2009 (1)
- June 2009 (5)
- May 2009 (1)
- April 2009 (2)
- March 2009 (3)
- February 2009 (6)
- January 2009 (3)
- December 2008 (8)
- November 2008 (5)
- October 2008 (3)
- September 2008 (3)
- August 2008 (3)
- June 2008 (6)
- May 2008 (2)
- April 2008 (3)
- March 2008 (5)
- January 2008 (3)
- December 2007 (3)
- November 2007 (13)
- October 2007 (10)
2 Responses for "Accessing kernel objects in other sessions part 2"
> So if you want to hide your object, but still share it with someone else, you can use it.
If I understand correctly, this is “security by obscurity”? Ie. you are creating the object in an unexpected location, but if someone else did know the location, could still access it? Isn’t this equivalent with appending an arbitrary suffix to your object which is know to both parties? (Ie, instead of MyAppEvent you would create MyAppEvent.31337)
Yes, you’re correct. You can treat the objects and prefixes just like files and directories. Unfortunately, win32 api doesn’t provide a way for enumerating them, so it doesn’t make sense if you would modify your object name, or move it into other directory. I think the most useful info is that you can create the objects with the same name on different session, and access them from any other session.
Leave a reply