« Reading Notebook: 09-November-09
Mod N Reading System »

Reading Notebook: 16-November-09

Comments in italics are mine and express my own views, thoughts and opinions

Windows Internals by M. Russinovich, D. Solomon and A. Ionescu:

ChangeServiceConfig2 (p. 292) - http://msdn.microsoft.com/en-us/library/ms681988(VS.85).aspx

sc qprivs <service name> (p. 293) - example for Terminal Service:

C:\Users\Administrator>sc qprivs TermService
[SC] QueryServiceConfig2 SUCCESS

SERVICE_NAME: TermService
        PRIVILEGES       : SeAssignPrimaryTokenPrivilege
                         : SeAuditPrivilege
                         : SeChangeNotifyPrivilege
                         : SeCreateGlobalPrivilege
                         : SeImpersonatePrivilege
                         : SeIncreaseQuotaPrivilege

Union of privileges for svchost.exe (p. 294)

Service SID (restricted and unrestricted) (p. 295)

process - window station - desktop - windows (p. 297) - an entity relationship diagram on slide 14 (Intro: Windows) in my past Selected Citrix Tools presentation: http://www.dumpanalysis.org/CitrixTools/Selected%20Citrix%20Troubleshooting%20Tools.htm

Hung non-interactive services waiting for user input (p. 298) - this partially inspired Message Box crash dump analysis pattern: http://www.dumpanalysis.org/blog/index.php/2008/02/19/crash-dump-analysis-patterns-part-51/

SERVICE_INTERACTIVE_PROCESS Type modifier only for local system accounts (p. 298)

Shatter attacks by window messages (p. 299)

Interactive Services Detection (UI0Detect) service (p. 299)

- Dmitry Vostokov @ SoftwareGeneralist.com -

           

Announcements

Coming Soon:

Debugging Notebook: Essential Concepts, WinDbg Commands and Tools

Crash Dump Analysis for System Administrators and Support Engineers

New Magazines:

Debugged! MZ/PE: MagaZine for/from Practicing Engineers


New Books:

Memory Dump Analysis Anthology, Volume 3

First Fault Software Problem Solving: A Guide for Engineers, Managers and Users

x64 Windows Debugging: Practical Foundations

Also available:

Windows Debugging: Practical Foundations

DLL List Landscape: The Art from Computer Memory Space

Dumps, Bugs and Debugging Forensics: The Adventures of Dr. Debugalov

WinDbg: A Reference Poster and Learning Cards

Memory Dump Analysis Anthology, Volume 2

Memory Dump Analysis Anthology, Volume 1

New Children's Book:

Baby Turing

This entry was posted on Monday, November 16th, 2009 at 4:54 pm and is filed under Notes on Windows Internals, Reading Notebook. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply