[funsec] Administrator Accounts

Blue Boar BlueBoar at thievco.com
Thu Feb 23 11:28:40 CST 2006


James Kehl wrote:
> For instance, check out the Win64 file system redirector - needed because
> somehow System32 is now the province of 64-bit DLLs. Funny, I would have
> thought those would really suit a System64 directory...
> 
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/win64/win64/file_system_redirector.asp
> 
> (Sounds like Win64's got a built-in rootkit! 32-bit virus scanners? Why
> on earth would they want to see the filesystem as it really is?)
> 
> [Whups, sorry for OT-ness!]

My company has been having to code for that.  (We make systems & patch 
management software for the enterprise.)  That's been a little bit of a 
pain.  There's a straightforward API you can call to turn it off from 
your 32-bit app.  But really, you want different views at different 
times, so keeping track of that has been some work.

Plus, there are differences in things like ODBC connections.  There are 
a different set of regkeys where the ODBC connections are defined for 
32-bit apps and 64-bit apps.  And if you simply open the Control Panel 
and look at the applet for them, you're seeing the 64-bit view.  If you 
want the 32-bit view, you have to go find the 32-bit version of the 
control panel.  Which is in a directory named WOW64.

Rant, rant, rant...

						BB


More information about the funsec mailing list