Comments on: My second playdate with utilman.exe http://blog.didierstevens.com/2006/08/31/my-second-playdate-with-utilmanexe/ (blog 'DidierStevens) Tue, 09 Mar 2010 09:33:38 +0000 http://wordpress.com/ hourly 1 By: Didier Stevens http://blog.didierstevens.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-35876 Didier Stevens Tue, 06 Oct 2009 19:06:59 +0000 https://didierstevens.wordpress.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-35876 Yes, \\ The \\\\ stems from an old issue with the PRE format in Wordpress. Yes, \\ The \\\\ stems from an old issue with the PRE format in WordPress.

]]> By: MF http://blog.didierstevens.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-35870 MF Tue, 06 Oct 2009 07:03:04 +0000 https://didierstevens.wordpress.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-35870 The example only works for me when LPTSTR szDesktop = _tcsdup(TEXT("WinSta0\\\\Winlogon")); is replaced with LPTSTR szDesktop = _tcsdup(TEXT("WinSta0\\Winlogon")); The \ has to be doubled (not quadrupled) for masking. The example only works for me when
LPTSTR szDesktop = _tcsdup(TEXT(“WinSta0\\\\Winlogon”));
is replaced with
LPTSTR szDesktop = _tcsdup(TEXT(“WinSta0\\Winlogon”));

The \ has to be doubled (not quadrupled) for masking.

]]> By: Jacky http://blog.didierstevens.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-30710 Jacky Wed, 16 Apr 2008 13:56:51 +0000 https://didierstevens.wordpress.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-30710 Hi, i compile you're script with no error, replace in dllcache and system32, block sfc when prompt to restore, but when i press "Windows key" + U, nothing, you're script in the 3 exemple work, but not the last with CMD. Hi, i compile you’re script with no error, replace in dllcache and system32, block sfc when prompt to restore, but when i press “Windows key” + U, nothing, you’re script in the 3 exemple work, but not the last with CMD.

]]> By: Playing with utilman.exe, The Motion Picture « Didier Stevens http://blog.didierstevens.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-89 Playing with utilman.exe, The Motion Picture « Didier Stevens Tue, 05 Sep 2006 10:00:26 +0000 https://didierstevens.wordpress.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-89 [...] For a demo of My second playdate with utilman.exe, go here on YouTube. [...] [...] For a demo of My second playdate with utilman.exe, go here on YouTube. [...]

]]> By: evilbitz http://blog.didierstevens.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-78 evilbitz Fri, 01 Sep 2006 20:00:56 +0000 https://didierstevens.wordpress.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-78 It doesn't matter on which desktop the cmd runs. utilman.exe always runs as SYSTEM. Nice man ;-) It doesn’t matter on which desktop the cmd runs.
utilman.exe always runs as SYSTEM.

Nice man ;-)

]]> By: Didier Stevens http://blog.didierstevens.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-76 Didier Stevens Fri, 01 Sep 2006 16:28:54 +0000 https://didierstevens.wordpress.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-76 It's the SYSTEM account, read this: http://didierstevens.wordpress.com/2006/08/21/playing-with-utilmanexe/ It’s the SYSTEM account, read this: http://didierstevens.wordpress.com/2006/08/21/playing-with-utilmanexe/

]]> By: Jay http://blog.didierstevens.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-73 Jay Fri, 01 Sep 2006 14:14:32 +0000 https://didierstevens.wordpress.com/2006/08/31/my-second-playdate-with-utilmanexe/#comment-73 What user account does the shell run as? If it is system then their is a huge security hole. What user account does the shell run as? If it is system then their is a huge security hole.

]]>