Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for November, 2007

Announcement: Dear Visitor

If this is your first visit, take your time and look around. Here are some things you might be looking for:

Do you like my work? Did my work help you?

  • Leave a comment and tell me how it was usefull to you.
  • If you want you can make a donation with the Paypal Donate Button in the right Sidebar.

Thank you!

  • Comments Off on Announcement: Dear Visitor
  • Filed under: Uncategorized
  • Delphi and Terminal Server Aware

    When an application is not Terminal Server aware (also known as a legacy application), Terminal Server makes certain modifications to the legacy application to make it work properly in a multiuser environment. For example, Terminal Server will create a virtual Windows folder, such that each user gets a Windows folder instead of getting the system’s Windows directory. This gives users access to their own INI files. In addition, Terminal Server makes some adjustments to the registry for a legacy application. These modifications slow the loading of the legacy application on Terminal Server and require up to 8 MegaBytes extra memory. This behaviour can be avoided if the TSAware flag is present in the PE header of an executable as can be read here at MSDN.

    But how do we set this property in Delphi?

    In Windows.pas we can see that the constant is defined:

    But how to use this in your application?
    Add the line

    somewhere below the uses clause and we’re done!

    Offcourse you are now responsible for making your application Terminal Server compliant which according to Microsoft means: If an application is Terminal Server aware, it must neither rely on INI files nor write to the HKEY_CURRENT_USER registry during setup.

    I was contact by Danila Galimov a while ago because he was working with my JwaWinsta unit. Together we were able (and are still working on) uncovering more of the undocumented API’s in winsta.dll.

     We found several new classes for WinStationQueryInformationW that return lots of information:

    • The user’s password (under special circumstances).
    • The Windows Product ID (server and client’s).
    • Client Info such as Timezone information.

    We got the following API’s working:

    • WinStationGetAllProcesses
    • WinStationGetTermSrvCountersValue (“QWinsta /Counter”)
    • WinStationFreeGAPMemory
    • WinStationSendMessage
    • WinStationCloseServer
    • WinStationDisconnect
    • WinStationReset
    • WinStationShutdownSystem

    Further testing is needed to determine if the functions work on different OS versions and produce the same results.

    Multiple Terminal Sessions in Windows Vista

    There were 2 ways (known to me) of extending Windows XP to offer mulitple concurrent Terminal Sessions. One with the RC1 version of XP SP2 and one that patches Winlogon and Termsrv.dll. The latter offers not only multiple sessions but also multiple sessions under the same account and sessions to the local machine.

    Seems like the someone hacked Windows Vista Terminal server too by patching Termsrv.dll. Read more at source.

    More undocumented Terminal Server API’s

    I added some more undocumented API’s to my Jwawinsta unit, the unit is now becoming a collection of the undocumented API’s in winsta.dll.

    These are the functions I added:

    • WinStationDisconnect
    • WinStationGetProcessSid
    • CachedGetUserFromSid (exported by utildll.dll)

    I also added some more parts of the undocumented structure returned by WinStationQueryInformationW, it now contains:

    • Session State
    • WinStationName
    • SessionId
    • ConnectTime
    • DisconnectTime
    • LastInputTime
    • LogonTime
    • OutgoingFrames
    • OutgoingBytes
    • OutgoingCompressedBytes
    • IncomingCompressedBytes
    • IncomingFrames
    • IncomingBytes
    • Domain
    • Username
    • CurrentTime

    Terminal Server Client annoyances

    If you want to get rid of this message: 

    Remote Desktop cannot verify the identity of the computer you want to connect to.  This problem can occur if:

    1) The remote computer is running a version of Windows that is earlier than Windows Vista.
    2) The remote computer is configured to support only the RDP security layer.

    Contact your network administrator or the owner of the remote computer for assistance.

    Do you want to connect anyway?

    Set the DWORD value AuthenticationLevelOverride of HKCU\Software\Microsoft\Terminal Server Client\AuthenticationLevelOverride to 0.

    Read more on Scott Forsyth’s blog

    Citrix Solutions Conference 2007

    Yesterday I attended the Citrix Solutions Conference in Antwerp. Brad Pedersen (Chief Architect and Senior Fellow at  Citrix Systems) held an interesting speech about The End User Experience. I liked especially liked the part about the history of Citrix and the early versions of their products like Wincredible and Winframe. Since Brad wrote the original code for Citrix and thus Terminal Server (the stuff that is in winsta.dll now) I hoped he could share some info with me on the undiscovered parts of winsta.dll. Unfortunately Brad could not do this because of a non disclosure agreement with Microsoft. He did tell me that Citrix is pushing Microsoft to make more Terminal Server API’s public. I presume that’s why Vista and Windows 2008 offer some new API’s which I wrote about earlier.

    Command Prompt IconA little while ago I wrote an article on launching a process in another Terminal Session (https://www.remkoweijnen.nl/blog/2007/10/20/how-to-launch-a-process-in-a-terminal-session/).

    The article didn’t have a demo app yet so I’ve attached it here. (more…)

    It has been a little silent on the JEDI Apilib project lately, but this will change!

    We had some change in the team members: Marcel van Brakel, founder and large contributor of the project has signed off because he no longer actively uses Delphi. Christian Wimmer has joined the team and he is a very promising member.

    Christian has been working on a new include model (optional) of the Jedi Apilib which has the advantage that you only need to use one unit (JwaWindows) for the whole library.

    Chris has also published the JEDI Windows Security Code Library (Jwscl). This is library that tremendously simplifies using Win32 API calls from Delphi. At this point the library contains:

    • Windows Version
    • Token
    • Impersonation
    • Login
    • SID
    • Access Control List
    • Security Descriptor
    • Owner, Group, DACL, SACL
    • WindowStation
    • Desktop
    • LSA
    • Rights mapping
    • Secured Objects Files, Registry (+Inheritance), etc.
    • Credentials (Login Dialog)
    • Encryption (MS Crypto API)
    • Well Known SIDs
    • Privileges
    • Security Dialogs (The “ACL Editor” you see on the security yab when you rightclick object in Explorer)
    • Terminal Sessions
    • Unicode + Ansicode
    • Vista Elevation
    • Vista Integrity Level

    Although Jwscl is in beta stage it is already very well useable.

    (more…)

    Encrypt RDP password in Python

    Dirk Schmitz send me his Python version of encrypting the RDP Password:


    Read the original article here: https://www.remkoweijnen.nl/blog/2007/10/18/how-rdp-passwords-are-encrypted/

    Donate


    Blogroll


    Categories


    Archives