Final word on WINLOGON
From: David Moisan (dmoisan@shore.net)
Date: 03/14/03
- Previous message: Jason Falciola: "Re: unidentified DOS "bad traffic""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Mar 2003 09:47:47 -0500 To: incidents@securityfocus.com From: David Moisan <dmoisan@shore.net>
Here's a quote from "Inside Windows 2000" that should put Winlogon and
"\??\" questions to rest:
"One place in which the executive uses symbolic link objects is in
translating MS-DOS-style device names into Windows 2000 internal device
names. In Win32, a user refers to floppy and hard disk drives using the
names A:, B:, C:, and so on. Moreover, the user can add pseudo drive names
with the subst (substitute) command or by mapping a drive letter to a
network share. Once they are created, these drive names must be visible to
all processes on the system.
The Win32 subsystem makes drive letters protected, global data by placing
them in the object manager namespace under the \?? object directory. (Prior
to Windows NT 4, this directory was named \DosDevices; it was renamed \??
for performance reasons--that name places it first alphabetically.) When
the user or an application creates a new drive letter, the Win32 subsystem
adds another object under the \?? object directory."
Take care,
Dave
David Moisan, N1KGH ARES/SKYWARN dmoisan@davidmoisan.org
Invisible Disability: http://www1.shore.net/~dmoisan/invisible_disability.html
ATS-909 FAQ: http://www1.shore.net/~dmoisan/faqs/sangean/ats909faq.html
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
- Previous message: Jason Falciola: "Re: unidentified DOS "bad traffic""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
