Frank More to the point, not many people have gone through the MS OPK (OEM Pre-Install Kit) to see exactly how "modified" one can make a windows build.
There is also a shortcut for the default Program Files directory (if it was changed in Install) I can't find it right now. And using TweakUI from the Windows XP Resource kit, there are uite a few unique customisations one can do too. http://www.microsoft.com/mspress/books/sampchap/6232.asp (and its continuing page) is 1 example of the info it contains. like being able to modify the location of all the users "special folders" however they still appear as virtual links like %USERPROFILE%\My documents . You can also hide drives from the gui, but I have never had to do that yet. Lan Guy ----- Original Message ----- From: "Frank Knobbe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; "Full Disclosure" <[EMAIL PROTECTED]> Sent: Monday, November 03, 2003 6:50 AM Subject: Re: [Full-Disclosure] Gates: 'You don't need perfect code' forgood security On Sun, 2003-11-02 at 21:09, [EMAIL PROTECTED] wrote: > On Mon, 03 Nov 2003 12:23:06 +1300, Nick FitzGerald <[EMAIL PROTECTED]> said: > > Finding the actual location of the startup folder was beyond the > > exploit because it was running in an environment that could not query > > the registry or other system APIs that would reveal the location. Actually, I think it was beyond the knowledge of the exploit writer. :) > And for bonus points, explain how you fix the scheme so the poor sysadmin who > has to run stuff at startup is able to find the folder, but an exploit running > with 'administrator' or 'system' can't find it? Sure. %SYSTEMROOT%. %WINDIR%, or %USERPROFILE% should work just fine for most cases of scripting and such. Of course viruses and other malware can use the same environment vars. I guess the writers of these annoyances didn't think that far.... lucky us :) Regards, Frank _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
