flat assembler
Message board for the users of flat assembler.

Index > Windows > XP scheduler is broken

Goto page Previous  1, 2, 3
Author
Thread Post new topic Reply to topic
sinsi



Joined: 10 Aug 2007
Posts: 692
Location: Adelaide
sinsi
Process Explorer uses a driver, doesn't it? Or a service? All those zw and ke functions available...
Post 19 Jul 2010, 11:22
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17248
Location: In your JS exploiting you and your system
revolution
sinsi wrote:
Process Explorer uses a driver, doesn't it? Or a service? All those zw and ke functions available...
I don't think so. It run perfectly fine as a standard non-admin user.
Post 19 Jul 2010, 11:25
View user's profile Send private message Visit poster's website Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 692
Location: Adelaide
sinsi
There are 4 resources in the file (BINRES), all have the MZ header...
If you run it as admin in win7 it shows a lot more info.
It also spawns procexp64.exe on my (win7 x64) machine.

Quote:
d:\winddk\1381\lib\i386\free\procexp100.sys

Maybe because it is signed it can run without admin privileges?
Post 19 Jul 2010, 11:42
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
I wouldn't be surprised if you can get thread state with some undocumented ZwQuerySystemInformation class. As for the Process Explorer driver, it might only be necessary for some advanced functionality - and it might be installed the first time you launch ProcExp, but with permissions set so a non-elevated ProcExp can communicate with it?
Post 19 Jul 2010, 12:29
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.