http://www.nynaeve.net/?p=136 Adventures in Windows debugging and reverse engineering. Tue, 24 Aug 2010 12:05:39 -0500 http://wordpress.org/?v=2.8.4 hourly 1 http://www.nynaeve.net/?p=136&cpage=1#comment-20840 PeterK Fri, 07 Dec 2007 20:14:08 +0000 http://www.nynaeve.net/?p=136#comment-20840 I want to use the hack with Windows Server 2003 CCS, but it seems that the funtion MsvpPasswordValidate doesn't even get called. I use an local account. I want to use the hack with Windows Server 2003 CCS, but it seems that the funtion MsvpPasswordValidate doesn’t even get called. I use an local account.

]]> http://www.nynaeve.net/?p=136&cpage=1#comment-20812 Skywing Fri, 07 Dec 2007 04:15:42 +0000 http://www.nynaeve.net/?p=136#comment-20812 Yep, you're hosed with EFS if the system is offline and there isn't any useful key material in the page file or in free space, as far as I know, if you don't have the original password (or can bruteforce it). Yep, you’re hosed with EFS if the system is offline and there isn’t any useful key material in the page file or in free space, as far as I know, if you don’t have the original password (or can bruteforce it).

]]> http://www.nynaeve.net/?p=136&cpage=1#comment-20810 Nik Fri, 07 Dec 2007 01:24:37 +0000 http://www.nynaeve.net/?p=136#comment-20810 Only problem is that you might lose access to EFS keys though. Only problem is that you might lose access to EFS keys though.

]]> http://www.nynaeve.net/?p=136&cpage=1#comment-18750 Aditya K Sood Sat, 06 Oct 2007 22:54:03 +0000 http://www.nynaeve.net/?p=136#comment-18750 I tried it on local machine. The whole starting process is okay. As I load my Lsass from kernel mode to usermode by (.process) it shows PEB paged out. It hink this not suppose to happen if the process is running. What do you think the real cause is. No doubt PEB is paged out but still process is in the way. I tried it on local machine. The whole starting process is okay. As I load my Lsass from kernel mode to usermode by (.process) it shows PEB paged out. It hink this not suppose to happen if the process is running. What do you think the real cause is. No doubt PEB is paged out but still process is in the way.

]]> http://www.nynaeve.net/?p=136&cpage=1#comment-16917 Skywing Fri, 13 Jul 2007 15:40:43 +0000 http://www.nynaeve.net/?p=136#comment-16917 Not the same thing. You mignt do that to try and turn every user into an administrator (and you'd probably need to do the same SeSinglePrivilegeCheck and friends), but that doesn't let you log on in the first place. In my case the test VM didn't have any account that I remembered the password to. Not the same thing. You mignt do that to try and turn every user into an administrator (and you’d probably need to do the same SeSinglePrivilegeCheck and friends), but that doesn’t let you log on in the first place. In my case the test VM didn’t have any account that I remembered the password to.

]]> http://www.nynaeve.net/?p=136&cpage=1#comment-16912 kersek Fri, 13 Jul 2007 01:25:09 +0000 http://www.nynaeve.net/?p=136#comment-16912 What about patching SeAccessCheck? What about patching SeAccessCheck?

]]> http://www.nynaeve.net/?p=136&cpage=1#comment-16905 Skywing Thu, 12 Jul 2007 15:20:53 +0000 http://www.nynaeve.net/?p=136#comment-16905 Nothing, though I usually have most of my test systems set up for kernel debugging, and I don't have ERD commander sitting around anywhere. Faster to just use KD in my case; the whole thing takes all of about a minute to do. Nothing, though I usually have most of my test systems set up for kernel debugging, and I don’t have ERD commander sitting around anywhere. Faster to just use KD in my case; the whole thing takes all of about a minute to do.

]]> http://www.nynaeve.net/?p=136&cpage=1#comment-16902 DawnLight Thu, 12 Jul 2007 12:16:03 +0000 http://www.nynaeve.net/?p=136#comment-16902 What happened to booting from good old ERD Commander? What happened to booting from good old ERD Commander?

]]>