Aaron Margosis Principal Consultant Microsoft Corporation SESSION CODE: WCL301.

Slides:



Advertisements
Similar presentations
Death of Security: Breached Hosts/Stolen Data/IP Espionage
Advertisements

Don Jones Senior Partner and Technologist Concentrated Technology, LLC SESSION CODE: WCL308.
Dean Paron Product Unit Manager Microsoft Corporation SESSION CODE: WSV335 © 2010 Microsoft Corporation. All rights reserved.
Joey Snow Technical Evanglist Microsoft Corporation SESSION CODE: WSV310.
Jason Tolley Technical Director ROK Technology Pty Ltd SESSION CODE: WEM305.
Marc Shepard Principal Program Manager Lead Microsoft Corporation SESSION CODE: WCL203.
Jay Ferron- Global Knowledge Jeremy Chapman - Microsoft Corporation SESSION CODE: WCL201.
Raymond P.L. Comvalius IT Infrastructure Specialist Invendows BV – The Netherlands SESSION CODE: WCL310.
Sometimes it is the stuff you know that hinders true progress.
Jeremy Chapman Stephen RoseBruce Jones Senior Product Manager Senior Marketing ManagerDeployment Services Architect Microsoft Corporation Microsoft CorporationMicrosoft.
Anthony (A.J.) Smith Senior Product Manager Microsoft Corporation SESSION CODE: WCL307.
The Secrets of Effective Technical Talks: How to Explain Tech without Tucking Them In! Presented by Mark Minasi and Mark Russinovich SESSION CODE: SIA334.
Ashwin Sarin Program Manager Microsoft Corporation SESSION CODE: COS204.
Maciej Pilecki Consultant, SQL Server MVP Project Botticelli Ltd. SESSION CODE: DAT403.
Boris Jabes Senior Program Manager Microsoft Corporation SESSION CODE: DEV319 Scale & Productivity in Visual C
Peter Provost Sr. Program Manager Microsoft Corporation SESSION CODE: DEV403.
Joe SchulmanAdrienne WuProgram ManagerMicrosoft Corporation SESSION CODE: SIA319.
END USER TOOLS AND PERFORMANCE MANAGEMENT APPS Excel PerformancePoint Svcs/ProClarity BI PLATFORM SQL Server Reporting Services SQL Server Reporting Services.
Janssen Jones Virtual Machine MVP Indiana University SESSION CODE: VIR403.
Mark Russinovich Technical Fellow Microsoft Corporation *Portions derived from David Solomon’s Windows Internals Seminar SESSION CODE: WCL402.
Tim Crabb Sr. Program Manager Microsoft Corporation SESSION CODE: VIR302.
Jim Harrison Program Manager, Forefront TMG Microsoft Corporation SESSION CODE: SIA325.
Suhail Dutta Program Manager Microsoft Corporation SESSION CODE: DEV402.
Matt winkler program manager microsoft corporation SESSION CODE: ASI303.
Chandrika Shankarnarayan Senior Program Manager Microsoft Corporation SESSION CODE: ASI301.
Kevin Sullivan Principal Program Manager Lead Microsoft Corporation SESSION CODE: WCL323.
1 Nelly Porter Group Program Manager Remote Desktop Virtualization Microsoft Corporation SESSION CODE: WSV309.
Thomas Deml Principal Program Manager Web Platform and Tools Microsoft Corporation SESSION CODE: WEB308.
Paul Litwin Programmer Manager Fred Hutchinson Cancer Research Center SESSION CODE: WEB206.
Omar Khan SESSION CODE: WSV331. Simplification.
Jeff King Senior Program Manager, Visual Studio Microsoft Corporation SESSION CODE: WEB305.
Lori Dirks Expression Community Manager Microsoft Corporation SESSION CODE: WEB309.
Chris JacksonMatt Heller Principal ConsultantInternet Explorer “The App Compat Guy”Product ManagementMicrosoft Corporation
Aaron Margosis Principal Consultant Microsoft Session Code: CLI405.
Benny Tritsch CTO, Immidio – SESSION CODE: VIR316.
Chris Mayo Microsoft Corporation SESSION CODE: UNC207.
Dave Franklyn, Microsoft Certified Trainer Senior Information Technology Instructor Auburn University WCL318.
Olivier Bloch Technical Evangelist Microsoft Corporation SESSION CODE: WEM308.
Richard Campbell Co-Founder Strangeloop Networks SESSION CODE: WEB315.
Younus Aftab Program Manager Microsoft Corporation SESSION CODE: WSV324.
SESSION CODE: MGT205 Chris Harris Program Manager Microsoft Corporation.
Reza Chitsaz Senior Program Manager Microsoft Corporation SESSION CODE: DEV302 Building a SharePoint Collaboration Application in Visual Studio 2010.
Jeffery Hicks Principal Consultant JDH Information Technology Solutions SESSION CODE: WCL313.
Andrew Connell, MVP Developer, Instructor & Author Critical Path Training, LLC. SESSION CODE: OSP305.
Pat Altimore Sr. Consultant Microsoft Corporation SESSION CODE: WCL321.
BIO202 | Building Effective Data Visualizations and Maps with Microsoft SQL Server 2008 Reporting Services BIU08-INT | Using.
Jeremy Moskowitz, Group Policy MVP Chief Propeller-Head: GPanswers.com Founder: PolicyPak Software (policypak.com) SESSION CODE: WCL303.
Martin Woodward Program Manager Microsoft Corporation SESSION CODE: DEV308.
SESSION CODE: COS301. So what do we do?
Mir Rosenberg & Refaat Issa Program Managers Microsoft Corporation SESSION CODE: WSV401.
Dustin Johnson Microsoft Practice Lead Dell, Inc. SESSION CODE: UNC302.
David A. Carley Senior SDE Microsoft Corporation SESSION CODE: DEV318.
Dan Holme Director of Training & Consulting Intelliem SESSION CODE: WCL304.
By: Paul D. Sheriff or SESSION CODE: WCL206.
Cube Measure Group Measure Partition Cube Dimension Dimension Attribute Attribute Relationship Hierarchy Level Cube Attribute Cube Hierarchy.
David Chappell Principal Chappell & Associates SESSION CODE: DPR202.
Christophe Fiessinger & Jan Kalis Senior Technical Product Manager Microsoft Corporation SESSION CODE: OSP209.
Ken Getz Senior Consultant MCW Technologies, LLC SESSION CODE: WCL202.
Mark Russinovich Technical Fellow Microsoft Corporation SESSION CODE: WCL315.
3 Business Intelligence with the world’s most popular business productivity suite and most widely deployed information platform IT management & developer.
Yochay Kiriaty Senior Technical Evangelist Microsoft Corporation SESSION CODE: WCL312.
Andrew Connell, MVP Developer, Instructor & Author Critical Path Training, LLC. SESSION CODE: OSP319.
Stephen Forte Chief Strategy Officer Telerik stephenforte.net SESSION CODE: DEV303 Building Data Driven RESTful Applications.
Unleash the Power of Microsoft Deployment Toolkit 2010
MDOP: Advanced Group Policy Management 4.0
Absolute Offline Servicing Windows OS
Troubleshooting Microsoft Deployment Toolkit 2010 Lite Touch
A Lap Around Internet Explorer 9 For Developers
Lap Around the Windows Azure Platform
Building BI applications using PowerPivot for Excel
Presentation transcript:

Aaron Margosis Principal Consultant Microsoft Corporation SESSION CODE: WCL301

(*) Names of apps and vendors have been removed to protect the guilty

Process Kernel32.dllKernel32.dll CreateFileWimplementationCreateFileWimplementation Shim DLL CorrectFilePathsimplementationCorrectFilePathsimplementation App.exeApp.exe IAT CreateFile IAT CreateFile IAT CreateFile IAT CreateFile IAT CreateFile IAT CreateFile IAT CreateFile IAT CreateFile IAT CreateFile IAT CreateFile IAT CreateFile IAT CreateFile

API FamilyIntercepted APIs CreateProcess Routines (4) CreateProcess[AW], WinExec, ShellExecute[AW], ShellExecuteEx[AW] Profile (Ini-File) Routines (8) GetPrivateProfileInt[AW], GetPrivateProfileSection[AW], GetPrivateProfileSectionNames[AW], GetPrivateProfileString[AW], GetPrivateProfileStruct[AW], WritePrivateProfileSection[AW], WritePrivateProfileString[AW], WritePrivateProfileStruct[AW] File Routines (22) CopyFile[AW], CopyFileEx[AW], CreateDirectory[AW], CreateDirectoryEx[AW], CreateFile[AW], DeleteFile[AW], FindFirstFile[AW], FindFirstFileEx[AW], GetBinaryType[AW], GetFileAttributes[AW], GetFileAttributesEx[AW], SetFileAttributes[AW], GetTempFileName[AW], GetLongPathName[AW], MoveFile[AW], MoveFileEx[AW], MoveFileWithProgress[AW], RemoveDirectory[AW], SetCurrentDirectory[AW], OpenFile, _lopen, _lcreat ShellLink Routines (4) IShellLink[AW]::SetPath, IShellLink[AW]::SetArguments, IShellLink[AW]::SetIconLocation, IPersistFile::Save LoadImage Routines (1) LoadImageA

What is the Springboard Series? To the IT pro, our goal is Be the definitive resource for Desktop IT pros Open, honest; show don’t tell Information at right time, right level across Adoption Lifecycle Inside of Microsoft we are A turnkey IT pro engagement platform for depth and breadth The program to mobilize MS marketing and field to focus on desktop OS IT pros DEPLOYPILOTMANAGEEXPLOREDISCOVER one-Windows TechCenter in 10 languages Virtual Roundtable Events Springboard Technical Experts Panel Event Support and Resources Straight-talk Monthly Feature Articles and Overview Guides TalkingAboutWindows Video Blogs

Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31 st You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year

Windows APIs Kernel32 Kernel32 User32 User32 Advapi32 Advapi32 OleAut32 OleAut32 … Windows APIs Kernel32 Kernel32 User32 User32 Advapi32 Advapi32 OleAut32 OleAut32 … AppY.exe v Windows loads app. Checks AppCompat DB(s). Match found: Selected API calls intercepted and modified. AppY.exe v

Problem Type Symptoms Invalid Windows version check Says “This app requires Windows XP” Admin rights issue Says “Requires admin rights”, or Fails non-elevated, works elevated (Caveat about testing elevated) Security configuration Works when Group Policy or security template setting is removed New platform Works with Windows Classic theme

Problem Type Shim Bad Windows version checks Version Lie Shims (e.g., WinXPSP3VersionLie) Writing to HKCR at runtime VirtualizeHKCRLite Unnecessary checks for “am I admin?” ForceAdminAccess Writing to WRP-protected keys and files WRPMitigationWRPDllRegisterWRPRegDeleteKey Windows thinks your app is an installer SpecificNonInstaller Writing to protected folder and registry locations CorrectFilePathsVirtualRegistry Using kernel object in global space LocalMappedObject

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.