Windows Internals covering windows server 2008 and windows vista- P11

Windows Internals covering windows server 2008 and windows vista- P11: In this chapter, we’ll introduce the key Microsoft Windows operating system concepts andterms we’ll be using throughout this book, such as the Windows API, processes, threads, virtualmemory, kernel mode and user mode, objects, handles, security, and the registry.
Nội dung trích xuất từ tài liệu:
Windows Internals covering windows server 2008 and windows vista- P11 ■ The Windows command prompt (%SystemRoot%System32Cmd.exe) enforces it for batch file execution. ■ Windows Scripting Host components that start scripts—%SystemRoot%System32Cscript.exe (for command-line scripts), %SystemRoot%System32Wscript.exe (for UI scripts), and %SystemRoot%System32Scrobj.dll (for script objects)—enforce it for script execution. Each of these components determines whether the restriction policies are enabled by reading the registry value HKEY_LOCAL_MACHINESoftwareMicrosoftPoliciesWindowsSafer CodeIdentifiersTransparentEnabled, which if set to 1 indicates that policies are in effect. Then it determines whether the code it’s about to execute matches one of the rules specified in a subkey of the CodeIdentifiers key and, if so, whether or not the execution should be allowed. If there is no match, the default policy, as specified in the DefaultLevel value of the CodeIdentifiers key, determines whether the execution is allowed. Software Restriction Policies are a powerful tool for preventing the unauthorized access of code and scripts, but only if properly applied. Unless the default policy is set to disallow execution, a user can make minor changes to an image that’s been marked as disallowed so that he can bypass the rule and execute it. For example, a user can change an innocuous byte of a process image so that a hash rule fails to recognize it, or copy a file to a different location to avoid a path-based rule. EXPERIMENT: Watching Software Restriction Policy enforcement You can indirectly see Software Restriction Policies being enforced by watching accesses to the registry when you attempt to execute an image that you’ve disallowed. 1. Run secpol.msc to open the Local Security Policy Editor, and navigate to the Software Restriction Policies node. 2. Choose Create New Policies from the context menu if no policies are defined. 3. Create a path-based disallow restriction policy for %SystemRoot%System32Notepad.exe. 4. Run Process Monitor, and set an include filter for Safer. (See Chapter 4 for a description of Process Monitor.) 5. Open a command prompt, and run Notepad from the prompt. Your attempt to run Notepad should result in a message telling you that you cannot execute the specified program, and Process Monitor should show the command prompt (cmd.exe) querying the local machine restriction policies. 6.9 Conclusion Windows provides an extensive array of security functions that meet the key requirements of both government agencies and commercial installations. In this chapter, we’ve taken a brief tour of the internal components that are the basis of these security features. In the next chapter, we’ll look at the I/O system. 490Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 7. I/O System The Windows I/O system consists of several executive components that together manage hardware devices and provide interfaces to hardware devices for applications and the system. In this chapter, we’ll first list the design goals of the I/O system, which have influenced its implementation. We’ll then cover the components that make up the I/O system, including the I/O manager, Plug and Play (PnP) manager, and power manager. Then we’ll examine the structure and components of the I/O system and the various types of device drivers. We’ll look at the key data structures that describe devices, device drivers, and I/O requests, after which we’ll describe the steps necessary to complete I/O requests as they move through the system. Finally, we’ll present the way device detection, driver installation, and power management work. 7.1 I/O System Components The design goals for the Windows I/O system are to provide an abstraction of devices, both hardware (physical) and software (virtual or logical), to applications with the following features: ■ Uniform security and naming across devices to protect shareable resources. (See Chapter 6 for a description of the Windows security model ...