-
February 6th, 2004, 05:58 AM
#31
The solution is very simple for a local TSR (like an AV):
Getting a little nostalgic now are we nihil? TSR, LOL. Haven't heard that term in a while. Technically, modern AV's aren't TSR's because they actually keep a process running. They don't terminate and stay resident. A TSR is a throwback to the old DOS days where you wanted certain programs to keep running (some drivers for instance), but since DOS couldn't multi-task, the only way to do it was to have a program that ran, stopped but stayed in memory, thus fulfilling their function.
BTW, this isn't for nihil, it's just in case people were wondering what TSR's were.
Cheers,
cgkanchi
-
February 6th, 2004, 06:41 AM
#32
Member
http://www.sysinternals.com/ntw2k/fr.../procexp.shtml
It has lots of features with it... shows the process tree, handles and dll in use.
There are some other utilities from sysinternals.com - have a look
-
February 6th, 2004, 07:54 AM
#33
would rename the executables, re-boot, run the update & rename the executables back to .exe, re-boot and it ran with the latest definitions?
i've found another way to getting full access by renaming a file and booting, so thanks for the thought, it helped me a lot
The only thing I can think of is what I use at school to access the command prompt. Right click somewhere, and click "Create Shortcut". Then create a shortcut to where ever you want, many times, these are not blocked. I did it on a Win2K machine that connected to a Win2K3 server.
this might come in handy, i'll keep it in mind!
this was what i meant! it works perfectly! thanks!
**EDIT**i made a misstake, the program works fine, but not with user privilages. so still looking for a process list program with a gui **EDIT**
i dont know if avg has an html type help file
many apps that run with system privilages and use the winhlp api call a browser that runs at the same privilage level. although there is no tool bar you can right click on the title bar and "jump to url" c:\whatever you should be ablle to start taskmgr or right click and "open with" cmd.exe and have a shell operating as system.
this one doesn't, it runs with user privilages, so that wouldn't help me a lot
and thanks cgkanchi, that's something i didn't knew yet about the TSR!
-
February 6th, 2004, 04:10 PM
#34
Senior Member
lepricaun is cornered by his admin...
How about this little twist in the story... ask your admin to make one more account with admin priviledges... your task would be to get it's pass...
that will check security of admin accounts... you can't use yours for that because you already know your password
I sugest this because anyone can make shortcut on desktop and start some progie with runas so it can run with admin rights (if she/he know admin pass ofcourse)
as for killing proceses with user rights, there is no progie that will do, no matter is it cmd-line or gui... it must somehow elevate it's priviledges...
experiment with programs that run interactive, but with system rights...
edit:
try this: make shortcut on desktop. In command line of that shortcute put this command
Code:
at 12:00 /interactive taskmgr
and then when you doubleclick on the shortcut, wait till noon and TaskManager will pop up... ofcourse you can put any other time if you want... just make it minute or two later than current time.
Ikalo
------
Make your knowledge your deadliest weapon.
-
February 6th, 2004, 04:41 PM
#35
the killing of the process is possible cause it is run with my user account, as for the taskmgr schedular, there are two reasons why this doesn't work:
1. the schedular only works for admins
2. the taskmgr is disabled, otherwise it would work as well with getting a shortcut to taskmgr.exe
and as for getting admin, that's nice, but there are dozens of ways to get that password, with or without knowing one, so that wouldn't be a challenge...
i even wrote a tutorial about it on this forum
I sugest this because anyone can make shortcut on desktop and start some progie with runas so it can run with admin rights (if she/he know admin pass ofcourse)
of course with knowing the password, but without it gets a lot harder
and i just want to solve this problem without the use of another account or password, cause that is no challenge....
at the moment i'm writing a proggie which will be named spoolsv.exe and which contains a menu with several options and calls to programs.
so when i copy this program to the c:\winnt\system32 directory, and overwrite the old one, it should be executed on bootup with system privilages, cause spoolsv.exe also is ( this is the printer spool program )
-
February 6th, 2004, 04:46 PM
#36
Hrmm... I wonder if that will work. IIRC, Win2K/XP has a feature by which it keeps copies of the last version of the files (default install or Service Pack versions) and will overwrite any that are altered. (aka WFP or Windows File Protection). Here's an information article on it.
-
February 6th, 2004, 10:02 PM
#37
Hrmm... I wonder if that will work. IIRC, Win2K/XP has a feature by which it keeps copies of the last version of the files (default install or Service Pack versions) and will overwrite any that are altered. (aka WFP or Windows File Protection). Here's an information article on it.
i was afraid that something like that would give a problem, cause i've tried renaming cmd.exe to spoolsv.exe and removing spoolsv.exe, but this didn't gave me a command prompt
but i know that there are some files vulnerable for this type of attack, i.e. explorer.exe, but explorer.exe is ran as the user that logged in, so i'm not able to use this...
but perhaps there are other files that are "forgotten" too which are started as system, who knows?!
for instance, everything you start with the schedular will run with system privilages, but as a user, you can not use this approach so that ends right here...
but i won't give up! for everything that has something to do with the subject, but isn't what i mean, i still learn something from it, so it is absolutely NOT a waste of time and efford!
-
February 6th, 2004, 10:36 PM
#38
Well.. there is a way of doing it but it requires a reboot. This site has info on dealing with the password for the Admin of an ADS. But I wonder if you could do something similar for along the lines of what you want.
-
February 6th, 2004, 11:19 PM
#39
I thought regular users couldn't alter registry settings?
-
February 6th, 2004, 11:33 PM
#40
they cant sorry i thought it was this post but looking back i dont see where he said he did this
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|