windows - How Internet Explorer(IE11)Creates low Integrity child process without CreateProcess Call -



windows - How Internet Explorer(IE11)Creates low Integrity child process without CreateProcess Call -

i want know how net explorer creates low integrity un-trusted sandboxed kid processes without calling createprocess api.

here tried:

opened executable (iexplore.exe) in windbg. @ time of initial bp nail set break point @ kernel32!createprocessa. allow main ie process run. see it's created sandboxed kid processes (low integrity kid iexplore.exe) in process explorer / process hacker utility, not touch createprocess break point.

i wanna know how ie that.

kernel32!createprocessa @ top of chain , wrapper calls farther downwards chain

the final phone call crosses usermode kernelmode border ntdll!ntcreateprocessex in api form , hacks can used burrow deeper , cross border setting stack , calling sysenter directly

try setting breakpoints in kernel32!createprocessw / kernel32!createprocessinternal advapi32!createprocessasuser / ntdll!ntcreateprocessex etc

windows debugging winapi windbg

Comments

Post a Comment

Popular posts from this blog

model view controller - MVC Rails Planning -

model view controller - MVC Rails Planning - i'm starting rails , i'm building app stores films info, user can watch film , give grade on web application. i have coded cinema model, controller , views. now, have 2 questions: should need create model , controller grading? in case, should create or should wait , create first users model , controller? yes, on model , controller grades. that'd feasible way maintain track of who's graded what. it's create first, i'd start users, since grades depend on both films , users. ruby-on-rails model-view-controller
Read more

ruby on rails - Devise Logout Error in RoR -

ruby on rails - Devise Logout Error in RoR - while using devise in ror, encountering unusual error when trying log out url different root url. displays me : actioncontroller::invalidauthenticitytoken in devise::sessionscontroller#destroy" for illustration if rooting path after log in '/structure', , seek log out '/general' error, while logging out '/structure' fine. any help highly appreciated. ruby-on-rails ruby devise
Read more

html - Submenu setup with jquery and effect 'fold' -

html - Submenu setup with jquery and effect 'fold' - i want open submenu jquery effect fold, problem if user "hover effect" fast menu remain open, how can avoid this, jquery code is: $('ul.mainmenu li').hover( function() { $(this).children('ul').show('fold', 570); }, function() { $(this).children('ul').hide('fold', 500); } ); my jsfiddle link is: http://jsfiddle.net/9wkbf/ updated fiddle the reason behind problem is, first event $(this).children('ul').show('fold', 570); queued , until completes, sec animation not start. the next snippet can workaround $('ul.mainmenu > li').hover( function() { $(this).children('ul').show('fold', 570); }, function() { $('ul:not(.mainmenu)').hide('fold', 500); } ); *important note : work current scenario. jquery html css
Read more