G
Guest
I am trying to figure out how to bypass Windows 7 NTOSKRNL.exe's security,
does anyone know how? John
does anyone know how? John
D
Dave \Crash\ Dummy
I don't have an answer, but I have a related question. What has replacedI am trying to figure out how to bypass Windows 7 NTOSKRNL.exe's
security, does anyone know how? John
boot.ini in Windows 7?
In Windows 2000, when I wanted to use an edited version of NTOSKRNL.exe,
I just gave the new version a new name and specified it with a switch in
the boot path. That way, I didn't have to worry about overcoming system
security to replace the original.
J
Joe Morris
Flip response: turn off antivirus, firewall, spam filters, etc., put theI am trying to figure out how to bypass Windows 7 NTOSKRNL.exe's security,
does anyone know how?
machine directly on the Internet, and click every link in every email you
receive, especially spam. Go get a cup of coffee; by the time you return
NTOSKERNL.EXE will almost certainly be changed, probably more than once.
Serious question: why do you want to do this? The significantly improved
security features, while sometimes irritating, are there to prevent malware
from being able to compromise the system.
(The following is based on Windows 7 Enterprise, and assumes that you're
referring to the security on the NTOSKERNL.EXE *file* and not security that
is implemented by the code within the kernel. YMMV.)
Like most of the critical (and many non-critical) files, NTOSKERNL.EXE gives
only read, and read&execute, permissions to "Users", "Administrators", and
"SYSTEM". Note that not even "SYSTEM" has permissions to delete, replace,
or modify the file. The only "user" (note the quotes) with authority to
make any changes is the pseudo-account "TrustedInstaller", which is also the
owner of the file. If you really, positively MUST play in the guts of the
system you can seize ownership of the file, then use that authority to
change the access control list. to give yourself full control. The might
(or might not; I've not tested it) either cause problems, or be overridden,
if an update from Microsoft replaces the kernel file.
I ran into this issue about a year ago while creating the master build
scripts for my POE: I needed to fix the brain-dead design of the
Microsoft-provided themes, all of which quietly turn off the screen saver.
I finally built a script that saved the ACL, seized ownership, forced
ADMINISTRATOR into the ACL with full control, made the change, then restored
the original ACL and returned ownership to TrustedInstaller. The same logic
would work with any similarly protected file, but I'll repeat my question:
why do you want to do it?
Joe Morris
D
Dave \Crash\ Dummy
<snipped>Joe said:Flip response: turn off antivirus, firewall, spam filters, etc., put
the machine directly on the Internet, and click every link in every
email you receive, especially spam. Go get a cup of coffee; by the
time you return NTOSKERNL.EXE will almost certainly be changed,
probably more than once.
Serious question: why do you want to do this? The significantly
improved security features, while sometimes irritating, are there to
prevent malware from being able to compromise the system.
I don't know why the OP wants to change it, and I don't know if it is
relevant in Windows 7, but I used to edit ntoskrnl.exe in Windows 2000
to change the startup logo.
V
VanguardLH
Maybe you skipped Vista.Dave said:I don't have an answer, but I have a related question. What has replaced
boot.ini in Windows 7?
http://en.wikipedia.org/wiki/Windows_Vista_startup_process
http://technet.microsoft.com/en-us/library/cc709667.aspx
D
Dave \Crash\ Dummy
Yes, I did. I reluctantly went from Windows 2000 to Windows 7.VanguardLH said:
D
Dick Mahar
Give Bill Gates a call.I am trying to figure out how to bypass Windows 7 NTOSKRNL.exe's security,
does anyone know how? John
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.