$theTitle=wp_title(" - ", false); if($theTitle != "") { ?>
About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
Beta Release | Part 1 | Part 2 |
This is part 3 of the TSAdminEx Features series. Today I will discuss the Process View. As usual we will start by comparing TSAdmin to TSAdminEx again. So let’s look at TSAdmin Process View:
And the one from TSAdminEx:
Now that a TSAdminEx beta is ready I will be showing you some features. In this part I will show the Sessions View.
Let’s start again with a compare of TSAdmin and TSAdminEx:
As you can see TSAdminEx shows more details, it shows the following extra columns:
Now that a TSAdminEx beta is ready I will be showing you some features. In this part 1 I will be comparing the Users view to TSAdmin.
Let’s start TSAdmin, this tool is present by default on Windows 2003. If you use Windows XP or Windows Vista you can get it by installing the Administration Pack. Please note that TSAdmin does not work on Vista RTM due to a bug that was corrected in Vista SP1 (TSAdminEx works fine on both RTM as well as SP1)
Now let’s open TSAdminEx and start comparing…
Over the last months I have been working hard on TSAdminEx and now, finally, I can now present a first beta release.
If you don’t know what TSAdminEx is let me briefly introduce it. TSAdminEx is a tool that combines functionality of several existing tools: it has the power of task manager combined with the details of Process Explorer and the Terminal Server support of TSAdmin. On top of that it fully supports remote systems out of the box without installing any agents or services. It also has some unique features that neither of the mentioned tools can do!
Several new features have been implemented since the last time I talked about TSAdminEx and I will show you the most exciting ones here:
In part 1 I showed how to create and open objects in Terminal Server Sessions. However, these are not all of the possible places where you can place objects via documented kernel32.dll functions.
If we look into Winobj again, we notice, that every BaseNamedObjects directory has a subdirectory named Restricted. To be honest, I do not know why it’s created; it’s security allows object creation for LocalSystem and RESTRICTED special user (in windows 2000, Everyone can also create objects in it). So, we can use it as prefix for object creation, for example, Restricted\MyAppEvent:
Of course, you can still use Global, Local, or Session links Read the rest of this entry »
As you know, many kernel32.dll functions, which are working with named objects, like OpenEvent, can be used to work with global and local objects. So what are global and local objects? Global objects are created in session 0 and are actually located in the \BaseNamedObjects directory, while local objects are created in the caller’s session (for example in the \Sessions\5\BaseNamedObjects directory (for session 0, global and local has no meaning since they point to the same object)). MSDN says that you can access only the objects in your own session(via the Local\ prefix) and in session 0 (via the Global\ prefix). But what if you need to access an object in another session? Read the rest of this entry »
In part 1 I’ve showed how to get rid of some terminal server restrictions on Windows xp x64. But there are still some problems:
1) You cannot connect to the localhost (127.0.0.1) (but can to 127.a.b.c, where a,b,c in [0..255] (except 127.0.0.0 and 127.255.255.255)).
When you’re connecting to remote server, Remote Desktop Connection (mstsc.exe) checks through mtscax.dll that you’re connecting to your own address, connections are only allowed and you’re in the server mode. If this is not true, the connection is denied, usually with this message: . The logic of checking is the same: call gethostbyname for server name and check if it’s not equal to 127.0.0.1. Read the rest of this entry »
In part 1 I showed how winlogon.exe registers its process and main window handle.
In the SasCreate function, winlogon.exe registers hotkeys like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | const MOD_SAS = $8000; RegisterHotKey(SasWindow, 0, MOD_SAS or MOD_CONTROL or MOD_ALT, VK_DELETE); {$IFDEF CHECKED_BUILD} RegisterHotKey(SasWindow, 1, MOD_ALT or MOD_CONTROL or MOD_SHIFT, VK_DELETE); // handler just calls NtShutdownSystem if EnableDesktopSwitching then RegisterHotKey(SasWindow, 2, MOD_ALT or MOD_CONTROL, VK_TAB); // handler switches default and winlogon desktops if WinlogonInfoLevelFlag then RegisterHotkey(SasWindow, 3, MOD_ALT or MOD_CONTROL or MOD_SHIFT, VK_TAB); // handler just calls DebugBreak {$ENDIF} RegisterHotKey(SasWindow, 4, MOD_CONTROL or MOD_SHIFT, VK_ESCAPE); // handler executes task manager {$IFDEF WINXP_OR_LATER} RegisterHotKey(SasWindow, 5, MOD_WIN, Byte('L'); // handler locks the workstation RegisterHotkey(SasWindow, 6, MOD_WIN, Byte('U'); // handler executes utilman on current desktop {$ENDIF} |
Did you notice the MOD_SAS constant? Read the rest of this entry »
19 Dec // php the_time('Y') ?>
Windows XP X64 shares the same binaries with Windows 2003 X64, but Terminal Server has some restrictions on XP. This article shows you how to get rid of them and is based on cw2k ideas from the original Windows XP Terminal Server patch.
Version 1.1 contains bug#1 fix and is smaller (less bytes are changed).
1) Winlogon.exe contains a function, called EnumerateMatchingUsers which in turn calls IsProfessionalTerminalServer function. We need to patch this function to return zero (false):
.text:0000000100042F77 IsProfessionalTerminalServer proc near ; CODE XREF: EnumerateMatchingUsers:loc_10002B44Bp
.text:0000000100042F77 ; DATA XREF: .pdata:00000001000D01DCo …
.text:0000000100042F77
.text:0000000100042F77 VersionInformation= _OSVERSIONINFOW ptr -138h
.text:0000000100042F77 var_20 = word ptr -20h
.text:0000000100042F77 var_ 1E = byte ptr -1Eh
.text:0000000100042F77 var_18 = qword ptr -18h
.text:0000000100042F77
.text:0000000100042F77 48 81 EC 58 01 00 00 sub rsp, 158h => 31 C0 C3 xor eax, eax; retn
.text:0000000100042F7E 48 8B 05 F3 3A 08 00 mov rax, cs:__security_cookie
.text:0000000100042F85 48 89 84 24 40 01 00 00 mov [rsp+158h+var_18], rax
.text:0000000100042F8D 48 8D 4C 24 20 lea rcx, [rsp+158h+VersionInformation] ; void *
.text:0000000100042F92 33 D2 xor edx, edx ; int