Hello Heiko, > Did you try it?
No but I understand the concept of security levels in Windows. A user can spawn a process with his rights or with lower rights. > The service should have sufficient rights to modify it I guess. No. If you start a process in users context the user can modify it. There is nothing you could do against. >> b) dll injection is ONE example of how a user can manipulate his own >> process. I'm no expert at hacking windows but you can trust me, it >> exists 1001 possibilities to do the same. You have no chance to block >> them. > I file that under FUD until you're more explicit. I would propose you ask somebody in your company that is experienced in hacking of windows (maybe someone of the antivir team?) If a process runs within my security context I can modify it arbitrarily. That's a very basic concept in operating systems. I showed you one example how to break your design - injecting a dll. I'm no expert in hacking processes in windows but from OS design there have to exists plenty of other ways. To gave you some ideas, study process hacker. Try what you could do with your own processes (disable kernel hacker, otherwise you have full kernel privileges) http://processhacker.sourceforge.net/ Take a non-admin user, start notepad, start process hacker, go to properties, view permissions. You could see that on your own process you have "full control", for example "create thread", "write memory". greetings Carsten
