Hi all !
I'm writing this mail to announce to you that in one week (if everything works as expected till this time) I will be ready to merge my ros-csrss branch into our current codebase.
The ros-csrss branch (http://svn.reactos.org/svn/reactos/branches/ros-csrss/?view=log) was started 5 months ago (October 14, 2012 to be precise) with a three-fold purpose:
- Use the new Windows-compatible Client-Server Runtime Subsystem (csrss + csrsrv) written by Alex Ionescu, unused at the moment and which currently lives in trunk/reactos/subsystems/csr/, and as such was a replacement for the older one in trunk/reactos/subsystems/win32/csrss/. This last one was progressively hacked to include functionalities from the new csrss; however most of the old code remained and as such it was a big hack. Also the CSR client part, residing in ntdll, was updated (thanks to comments put by Alex inside it). To communicate between the server-part and the client-part, some messaging protocol is used (thanks to LPC); the used structures were not so up-to-date, but the new ones were in the code, not used. So I could use them instead of the older ones. That meant that some work was needed in ntdll (as previously stated). Disregarding the details (you can see them in the commit log), I also had to rework a little bit on the dlls which communicate with CSR, namely kernel32.
- Replacing our very old win32csr.dll csr server by the collection basesrv / winsrv as it is done under Windows. For that I tried to match accurately our existing code with what should exist on Windows according to this list of CSR servers APIs : http://j00ru.vexillium.org/csrss_list/api_list.html .
- Since the console subsystem is (for historical purposes on Windows) the only subsystem which exploits all the possibilities of the CSR, much of the work in the branch was done to make it working with the new csrss. Even if on Windows it is included together with other APIs inside the winsrv dll (since Windows NT 3.1 release), I decided to put it in a separate dll, called consrv, on ReactOS (I took the name from the dll where it was included in Windows NT 3.1 beta from October 1991). Also, because I believe that the console subsystem is something that, on Windows, was somewhat neglected (no ANSI control, (almost?)no TTY-like flavour...) I decided to work on its internal architecture (the exterior one being unchanged for compatibility reasons) such as to exacerbate the following things: * the "console server" which dialogs with the console applications, and which maintains a list of all the created consoles. * different "front-ends" corresponding to where you want to output the information (~= console hardware) (it is of course work-in-progress). At the moment only one is working: the GUI console. I have to make the TUI interfacing correctly with the rest of the code (but since it's not used for now, it's not extremely urgent). The idea would be to have also a front-end for serial ports, so that we could interact with the serial port (with Putty if running ROS on a virtual machine, or with a serial console, etc...). And another idea would be to make those front-ends dynamically-loadable (instead of being compiled inside consrv). - I also fixed some parts of the console properties dialog box.
Here is the JIRA report for the merge: http://jira.reactos.org/browse/CORE-7002 Here are the test results with revision 58723 (plus comparison with revisions 58722 and 58720): http://old.reactos.org/testman/compare.php?ids=16213,16218,16219,16221 You will see that the ntdll:exception seems to run 24 more tests, but 4 failed compared to non-patched r58723. The errors are "exception.c:821: Test failed: Eip at 0x77f2b2a3 instead of 0079000B". It would be interesting to investigate further on these failings. Also, gdi32:font executes 33 more tests, and 10 more fail, due to the Fixedsys font. A problem, already existing in trunk, remains: http://jira.reactos.org/browse/CORE-6397 (see description inside).
You are encouraged to make comments, etc... etc...
Cheers, Hermès.
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~= ~=~=
Documentation I've used : =========================
- The oldest trace of CSRSS in NT 3.1 beta (where I've found the existence of csrsrv.dll, which was merged with winsrv.dll in the 3.1 release and the subsequent versions of NT): http://www.logotypes.se/NT310CSRSS.txt
- "Windows CSRSS cross-version API Table" http://j00ru.vexillium.org/?p=349 and the subsequent links. - "Windows CSRSS Write Up: the basics (part 1/1)" http://j00ru.vexillium.org/?p=492 - "Windows CSRSS Write Up: Inter-process Communication (part 1/3)" http://j00ru.vexillium.org/?p=502 - "Windows CSRSS Write Up: Inter-process Communication (part 2/3)" http://j00ru.vexillium.org/?p=527 (the messaging system CSR server <--> client is explained here) (the part 3/3 seems to not exist) - "CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability" http://j00ru.vexillium.org/?p=893 and http://mysterie.fr/blog/2011/07/31/cve-2011-1281-privilege-escalation-in-csr ss-proof-of-concept/ - Something that would be interesting for console and thread desktops : "Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops" http://j00ru.vexillium.org/?p=1393 - " Windows Subsytem Csrss" (in French) http://www.ivanlef0u.tuxfamily.org/?p=188
- "Story of a dumb patch", Cesar Cerrudo, http://www.argeniss.com/research/MSBugPaper.pdf or http://www.scn.rain.com/~neighorn/PDF/MSBugPaper.pdf
- CsrWalker : http://forum.sysinternals.com/csrwalker-processes-detection-from-user-mode_t opic15457.html - Concerning console modes flags: https://sites.google.com/site/marckupper/utilities/setconsolemode - Documentation about consoles on MSDN: http://msdn.microsoft.com/en-us/library/windows/desktop/ms682010(v=vs.85).as px
- "Custom console hosts on Windows 7 (Hack in the Box Magazine #4)" http://magazine.hitb.org/issues/HITB-Ezine-Issue-004.pdf - "Windows CSRSS Tips & Tricks (Hack in the Box Magazine #5)" http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf
- "Win32 Console (Wikipedia)" and the note 3 of the article: http://en.wikipedia.org/wiki/Win32_console#cite_note-3
- Undocumented flags of ConsoleProcess: http://www.catch22.net/tuts/undocumented-createprocess
Congrats! This is an awesome work! I will miss all the beauty screenshots now that your work in Console is almost over! I'm willing to enjoy the ros-csrss asap! :)
From: hermes.belusca@sfr.fr To: ros-dev@reactos.org Date: Tue, 9 Apr 2013 12:47:48 +0200 Subject: [ros-dev] Future merge of the ros-csrss branch into the trunk
Hi all !
I'm writing this mail to announce to you that in one week (if everything works as expected till this time) I will be ready to merge my ros-csrss branch into our current codebase.
The ros-csrss branch (http://svn.reactos.org/svn/reactos/branches/ros-csrss/?view=log) was started 5 months ago (October 14, 2012 to be precise) with a three-fold purpose:
- Use the new Windows-compatible Client-Server Runtime Subsystem (csrss +
csrsrv) written by Alex Ionescu, unused at the moment and which currently lives in trunk/reactos/subsystems/csr/, and as such was a replacement for the older one in trunk/reactos/subsystems/win32/csrss/. This last one was progressively hacked to include functionalities from the new csrss; however most of the old code remained and as such it was a big hack. Also the CSR client part, residing in ntdll, was updated (thanks to comments put by Alex inside it). To communicate between the server-part and the client-part, some messaging protocol is used (thanks to LPC); the used structures were not so up-to-date, but the new ones were in the code, not used. So I could use them instead of the older ones. That meant that some work was needed in ntdll (as previously stated). Disregarding the details (you can see them in the commit log), I also had to rework a little bit on the dlls which communicate with CSR, namely kernel32.
- Replacing our very old win32csr.dll csr server by the collection basesrv /
winsrv as it is done under Windows. For that I tried to match accurately our existing code with what should exist on Windows according to this list of CSR servers APIs : http://j00ru.vexillium.org/csrss_list/api_list.html .
- Since the console subsystem is (for historical purposes on Windows) the
only subsystem which exploits all the possibilities of the CSR, much of the work in the branch was done to make it working with the new csrss. Even if on Windows it is included together with other APIs inside the winsrv dll (since Windows NT 3.1 release), I decided to put it in a separate dll, called consrv, on ReactOS (I took the name from the dll where it was included in Windows NT 3.1 beta from October 1991). Also, because I believe that the console subsystem is something that, on Windows, was somewhat neglected (no ANSI control, (almost?)no TTY-like flavour...) I decided to work on its internal architecture (the exterior one being unchanged for compatibility reasons) such as to exacerbate the following things:
- the "console server" which dialogs with the console applications,
and which maintains a list of all the created consoles.
- different "front-ends" corresponding to where you want to output
the information (~= console hardware) (it is of course work-in-progress). At the moment only one is working: the GUI console. I have to make the TUI interfacing correctly with the rest of the code (but since it's not used for now, it's not extremely urgent). The idea would be to have also a front-end for serial ports, so that we could interact with the serial port (with Putty if running ROS on a virtual machine, or with a serial console, etc...). And another idea would be to make those front-ends dynamically-loadable (instead of being compiled inside consrv).
- I also fixed some parts of the console properties dialog box.
Here is the JIRA report for the merge: http://jira.reactos.org/browse/CORE-7002 Here are the test results with revision 58723 (plus comparison with revisions 58722 and 58720): http://old.reactos.org/testman/compare.php?ids=16213,16218,16219,16221 You will see that the ntdll:exception seems to run 24 more tests, but 4 failed compared to non-patched r58723. The errors are "exception.c:821: Test failed: Eip at 0x77f2b2a3 instead of 0079000B". It would be interesting to investigate further on these failings. Also, gdi32:font executes 33 more tests, and 10 more fail, due to the Fixedsys font. A problem, already existing in trunk, remains: http://jira.reactos.org/browse/CORE-6397 (see description inside).
You are encouraged to make comments, etc... etc...
Cheers, Hermès.
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~= ~=~=
Documentation I've used :
- The oldest trace of CSRSS in NT 3.1 beta (where I've found the existence
of csrsrv.dll, which was merged with winsrv.dll in the 3.1 release and the subsequent versions of NT): http://www.logotypes.se/NT310CSRSS.txt
- "Windows CSRSS cross-version API Table" http://j00ru.vexillium.org/?p=349
and the subsequent links.
- "Windows CSRSS Write Up: the basics (part 1/1)"
http://j00ru.vexillium.org/?p=492
- "Windows CSRSS Write Up: Inter-process Communication (part 1/3)"
http://j00ru.vexillium.org/?p=502
- "Windows CSRSS Write Up: Inter-process Communication (part 2/3)"
http://j00ru.vexillium.org/?p=527 (the messaging system CSR server <--> client is explained here) (the part 3/3 seems to not exist)
- "CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation
vulnerability" http://j00ru.vexillium.org/?p=893 and http://mysterie.fr/blog/2011/07/31/cve-2011-1281-privilege-escalation-in-csr ss-proof-of-concept/
- Something that would be interesting for console and thread desktops :
"Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops" http://j00ru.vexillium.org/?p=1393
- " Windows Subsytem Csrss" (in French)
http://www.ivanlef0u.tuxfamily.org/?p=188
- "Story of a dumb patch", Cesar Cerrudo,
http://www.argeniss.com/research/MSBugPaper.pdf or http://www.scn.rain.com/~neighorn/PDF/MSBugPaper.pdf
- CsrWalker :
http://forum.sysinternals.com/csrwalker-processes-detection-from-user-mode_t opic15457.html
- Concerning console modes flags:
https://sites.google.com/site/marckupper/utilities/setconsolemode
- Documentation about consoles on MSDN:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682010(v=vs.85).as px
- "Custom console hosts on Windows 7 (Hack in the Box Magazine #4)"
http://magazine.hitb.org/issues/HITB-Ezine-Issue-004.pdf
- "Windows CSRSS Tips & Tricks (Hack in the Box Magazine #5)"
http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf
- "Win32 Console (Wikipedia)" and the note 3 of the article:
http://en.wikipedia.org/wiki/Win32_console#cite_note-3
- Undocumented flags of ConsoleProcess:
http://www.catch22.net/tuts/undocumented-createprocess
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
hope this will lead to a sooner 0.5 release :D
On Tue, Apr 9, 2013 at 4:50 PM, victor martinez vicmarcal@hotmail.comwrote:
Congrats! This is an awesome work! I will miss all the beauty screenshots now that your work in Console is almost over! I'm willing to enjoy the ros-csrss asap! :)
From: hermes.belusca@sfr.fr To: ros-dev@reactos.org Date: Tue, 9 Apr 2013 12:47:48 +0200 Subject: [ros-dev] Future merge of the ros-csrss branch into the trunk
Hi all !
I'm writing this mail to announce to you that in one week (if everything works as expected till this time) I will be ready to merge my ros-csrss branch into our current codebase.
The ros-csrss branch (http://svn.reactos.org/svn/reactos/branches/ros-csrss/?view=log) was started 5 months ago (October 14, 2012 to be precise) with a three-fold purpose:
- Use the new Windows-compatible Client-Server Runtime Subsystem (csrss +
csrsrv) written by Alex Ionescu, unused at the moment and which currently lives in trunk/reactos/subsystems/csr/, and as such was a replacement for the older one in trunk/reactos/subsystems/win32/csrss/. This last one was progressively hacked to include functionalities from the new csrss;
however
most of the old code remained and as such it was a big hack. Also the CSR client part, residing in ntdll, was updated (thanks to comments put by
Alex
inside it). To communicate between the server-part and the client-part,
some
messaging protocol is used (thanks to LPC); the used structures were not
so
up-to-date, but the new ones were in the code, not used. So I could use
them
instead of the older ones. That meant that some work was needed in ntdll
(as
previously stated). Disregarding the details (you can see them in the
commit
log), I also had to rework a little bit on the dlls which communicate
with
CSR, namely kernel32.
- Replacing our very old win32csr.dll csr server by the collection
basesrv /
winsrv as it is done under Windows. For that I tried to match accurately
our
existing code with what should exist on Windows according to this list of CSR servers APIs : http://j00ru.vexillium.org/csrss_list/api_list.html .
- Since the console subsystem is (for historical purposes on Windows) the
only subsystem which exploits all the possibilities of the CSR, much of
the
work in the branch was done to make it working with the new csrss. Even
if
on Windows it is included together with other APIs inside the winsrv dll (since Windows NT 3.1 release), I decided to put it in a separate dll, called consrv, on ReactOS (I took the name from the dll where it was included in Windows NT 3.1 beta from October 1991). Also, because I
believe
that the console subsystem is something that, on Windows, was somewhat neglected (no ANSI control, (almost?)no TTY-like flavour...) I decided to work on its internal architecture (the exterior one being unchanged for compatibility reasons) such as to exacerbate the following things:
- the "console server" which dialogs with the console applications,
and which maintains a list of all the created consoles.
- different "front-ends" corresponding to where you want to output
the information (~= console hardware) (it is of course
work-in-progress). At
the moment only one is working: the GUI console. I have to make the TUI interfacing correctly with the rest of the code (but since it's not used
for
now, it's not extremely urgent). The idea would be to have also a
front-end
for serial ports, so that we could interact with the serial port (with
Putty
if running ROS on a virtual machine, or with a serial console, etc...).
And
another idea would be to make those front-ends dynamically-loadable
(instead
of being compiled inside consrv).
- I also fixed some parts of the console properties dialog box.
Here is the JIRA report for the merge: http://jira.reactos.org/browse/CORE-7002 Here are the test results with revision 58723 (plus comparison with revisions 58722 and 58720): http://old.reactos.org/testman/compare.php?ids=16213,16218,16219,16221 You will see that the ntdll:exception seems to run 24 more tests, but 4 failed compared to non-patched r58723. The errors are "exception.c:821:
Test
failed: Eip at 0x77f2b2a3 instead of 0079000B". It would be interesting
to
investigate further on these failings. Also, gdi32:font executes 33 more tests, and 10 more fail, due to the Fixedsys font. A problem, already existing in trunk, remains: http://jira.reactos.org/browse/CORE-6397 (see description inside).
You are encouraged to make comments, etc... etc...
Cheers, Hermès.
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=
Documentation I've used :
- The oldest trace of CSRSS in NT 3.1 beta (where I've found the
existence
of csrsrv.dll, which was merged with winsrv.dll in the 3.1 release and
the
subsequent versions of NT): http://www.logotypes.se/NT310CSRSS.txt
- "Windows CSRSS cross-version API Table"
http://j00ru.vexillium.org/?p=349
and the subsequent links.
- "Windows CSRSS Write Up: the basics (part 1/1)"
http://j00ru.vexillium.org/?p=492
- "Windows CSRSS Write Up: Inter-process Communication (part 1/3)"
http://j00ru.vexillium.org/?p=502
- "Windows CSRSS Write Up: Inter-process Communication (part 2/3)"
http://j00ru.vexillium.org/?p=527 (the messaging system CSR server <--> client is explained here) (the part 3/3 seems to not exist)
- "CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation
vulnerability" http://j00ru.vexillium.org/?p=893 and
http://mysterie.fr/blog/2011/07/31/cve-2011-1281-privilege-escalation-in-csr
ss-proof-of-concept/
- Something that would be interesting for console and thread desktops :
"Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops" http://j00ru.vexillium.org/?p=1393
- " Windows Subsytem Csrss" (in French)
http://www.ivanlef0u.tuxfamily.org/?p=188
- "Story of a dumb patch", Cesar Cerrudo,
http://www.argeniss.com/research/MSBugPaper.pdf or http://www.scn.rain.com/~neighorn/PDF/MSBugPaper.pdf
- CsrWalker :
http://forum.sysinternals.com/csrwalker-processes-detection-from-user-mode_t
opic15457.html
- Concerning console modes flags:
https://sites.google.com/site/marckupper/utilities/setconsolemode
- Documentation about consoles on MSDN:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682010(v=vs.85).as
px
- "Custom console hosts on Windows 7 (Hack in the Box Magazine #4)"
http://magazine.hitb.org/issues/HITB-Ezine-Issue-004.pdf
- "Windows CSRSS Tips & Tricks (Hack in the Box Magazine #5)"
http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf
- "Win32 Console (Wikipedia)" and the note 3 of the article:
http://en.wikipedia.org/wiki/Win32_console#cite_note-3
- Undocumented flags of ConsoleProcess:
http://www.catch22.net/tuts/undocumented-createprocess
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
Screenshots? Can you post a few of those on here please?
From: ros-dev-bounces@reactos.org [mailto:ros-dev-bounces@reactos.org] On Behalf Of victor martinez Sent: 09 April 2013 15:50 To: ReactOS Development List Subject: Re: [ros-dev] Future merge of the ros-csrss branch into the trunk
Congrats! This is an awesome work! I will miss all the beauty screenshots now that your work in Console is almost over! I'm willing to enjoy the ros-csrss asap! :)
From: hermes.belusca@sfr.fr mailto:hermes.belusca@sfr.fr To: ros-dev@reactos.org mailto:ros-dev@reactos.org Date: Tue, 9 Apr 2013 12:47:48 +0200 Subject: [ros-dev] Future merge of the ros-csrss branch into the trunk
Hi all !
I'm writing this mail to announce to you that in one week (if everything works as expected till this time) I will be ready to merge my ros-csrss branch into our current codebase.
The ros-csrss branch (http://svn.reactos.org/svn/reactos/branches/ros-csrss/?view=log) was started 5 months ago (October 14, 2012 to be precise) with a three-fold purpose:
- Use the new Windows-compatible Client-Server Runtime Subsystem (csrss +
csrsrv) written by Alex Ionescu, unused at the moment and which currently lives in trunk/reactos/subsystems/csr/, and as such was a replacement for the older one in trunk/reactos/subsystems/win32/csrss/. This last one was progressively hacked to include functionalities from the new csrss;
however
most of the old code remained and as such it was a big hack. Also the CSR client part, residing in ntdll, was updated (thanks to comments put by
Alex
inside it). To communicate between the server-part and the client-part,
some
messaging protocol is used (thanks to LPC); the used structures were not
so
up-to-date, but the new ones were in the code, not used. So I could use
them
instead of the older ones. That meant that some work was needed in ntdll
(as
previously stated). Disregarding the details (you can see them in the
commit
log), I also had to rework a little bit on the dlls which communicate with CSR, namely kernel32.
- Replacing our very old win32csr.dll csr server by the collection basesrv
/
winsrv as it is done under Windows. For that I tried to match accurately
our
existing code with what should exist on Windows according to this list of CSR servers APIs : http://j00ru.vexillium.org/csrss_list/api_list.html .
- Since the console subsystem is (for historical purposes on Windows) the
only subsystem which exploits all the possibilities of the CSR, much of
the
work in the branch was done to make it working with the new csrss. Even if on Windows it is included together with other APIs inside the winsrv dll (since Windows NT 3.1 release), I decided to put it in a separate dll, called consrv, on ReactOS (I took the name from the dll where it was included in Windows NT 3.1 beta from October 1991). Also, because I
believe
that the console subsystem is something that, on Windows, was somewhat neglected (no ANSI control, (almost?)no TTY-like flavour...) I decided to work on its internal architecture (the exterior one being unchanged for compatibility reasons) such as to exacerbate the following things:
- the "console server" which dialogs with the console applications,
and which maintains a list of all the created consoles.
- different "front-ends" corresponding to where you want to output
the information (~= console hardware) (it is of course work-in-progress).
At
the moment only one is working: the GUI console. I have to make the TUI interfacing correctly with the rest of the code (but since it's not used
for
now, it's not extremely urgent). The idea would be to have also a
front-end
for serial ports, so that we could interact with the serial port (with
Putty
if running ROS on a virtual machine, or with a serial console, etc...).
And
another idea would be to make those front-ends dynamically-loadable
(instead
of being compiled inside consrv).
- I also fixed some parts of the console properties dialog box.
Here is the JIRA report for the merge: http://jira.reactos.org/browse/CORE-7002 Here are the test results with revision 58723 (plus comparison with revisions 58722 and 58720): http://old.reactos.org/testman/compare.php?ids=16213,16218,16219,16221 You will see that the ntdll:exception seems to run 24 more tests, but 4 failed compared to non-patched r58723. The errors are "exception.c:821:
Test
failed: Eip at 0x77f2b2a3 instead of 0079000B". It would be interesting to investigate further on these failings. Also, gdi32:font executes 33 more tests, and 10 more fail, due to the Fixedsys font. A problem, already existing in trunk, remains: http://jira.reactos.org/browse/CORE-6397 (see description inside).
You are encouraged to make comments, etc... etc...
Cheers, Hermès.
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=
Documentation I've used :
- The oldest trace of CSRSS in NT 3.1 beta (where I've found the existence
of csrsrv.dll, which was merged with winsrv.dll in the 3.1 release and the subsequent versions of NT): http://www.logotypes.se/NT310CSRSS.txt
- "Windows CSRSS cross-version API Table"
http://j00ru.vexillium.org/?p=349
and the subsequent links.
- "Windows CSRSS Write Up: the basics (part 1/1)"
http://j00ru.vexillium.org/?p=492
- "Windows CSRSS Write Up: Inter-process Communication (part 1/3)"
http://j00ru.vexillium.org/?p=502
- "Windows CSRSS Write Up: Inter-process Communication (part 2/3)"
http://j00ru.vexillium.org/?p=527 (the messaging system CSR server <--> client is explained here) (the part 3/3 seems to not exist)
- "CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation
vulnerability" http://j00ru.vexillium.org/?p=893 and
http://mysterie.fr/blog/2011/07/31/cve-2011-1281-privilege-escalation-in-csr
ss-proof-of-concept/
- Something that would be interesting for console and thread desktops :
"Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops" http://j00ru.vexillium.org/?p=1393
- " Windows Subsytem Csrss" (in French)
http://www.ivanlef0u.tuxfamily.org/?p=188
- "Story of a dumb patch", Cesar Cerrudo,
http://www.argeniss.com/research/MSBugPaper.pdf or http://www.scn.rain.com/~neighorn/PDF/MSBugPaper.pdf
- CsrWalker :
http://forum.sysinternals.com/csrwalker-processes-detection-from-user-mode_t
opic15457.html
- Concerning console modes flags:
https://sites.google.com/site/marckupper/utilities/setconsolemode
- Documentation about consoles on MSDN:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682010(v=vs.85).as
px
- "Custom console hosts on Windows 7 (Hack in the Box Magazine #4)"
http://magazine.hitb.org/issues/HITB-Ezine-Issue-004.pdf
- "Windows CSRSS Tips & Tricks (Hack in the Box Magazine #5)"
http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf
- "Win32 Console (Wikipedia)" and the note 3 of the article:
http://en.wikipedia.org/wiki/Win32_console#cite_note-3
- Undocumented flags of ConsoleProcess:
http://www.catch22.net/tuts/undocumented-createprocess
Ros-dev mailing list Ros-dev@reactos.org mailto:Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
Yes of course ! Here they are :
- When I was testing both setting an adequate console title when an app was launched and the corresponding icon (colors are here for the eyes): http://img594.imageshack.us/img594/3669/consoletest3.png
- Color changes with the console properties dialog (test on Far Manager 3): http://img203.imageshack.us/img203/742/consoletest4.png
- The first run of a mouse-aware console (test on Far Manager 3). Right-click on an item in Far Manager (left, the console is in ENABLE_MOUSE_INPUT mode) and (right) right-click on the console (mode ENABLE_MOUSE_INPUT off): it displays the edition popup menu: http://img856.imageshack.us/img856/6660/consolefarmanagerros.png
- The two modes of selection: (left background) Mark mode, i.e. selection via the keyboard (new) and (right foreground) Selection mode, i.e. selection via the mouse (tested on Far Manager; since usual right-click wont show the edition menu, you have to right-click on the console title-bar and select Modify Selection): http://img832.imageshack.us/img832/7482/consoleselection.png
- To finish, test of Irssi (IRC client in command-line) (this one works ok in the trunk): http://img29.imageshack.us/img29/1102/irssiros.png
The current console font is Fixedsys Excelsior 3.01 from http://www.fixedsysexcelsior.com/ (already added in trunk), which is capable of displaying Unicode characters (but not implemented in the console).
Regards,
Hermès
De : ros-dev-bounces@reactos.org [mailto:ros-dev-bounces@reactos.org] De la part de Ged Murphy Envoyé : mardi 9 avril 2013 19:12 À : 'ReactOS Development List' Objet : Re: [ros-dev] Future merge of the ros-csrss branch into the trunk
Screenshots? Can you post a few of those on here please?
From: ros-dev-bounces@reactos.org [mailto:ros-dev-bounces@reactos.org] On Behalf Of victor martinez Sent: 09 April 2013 15:50 To: ReactOS Development List Subject: Re: [ros-dev] Future merge of the ros-csrss branch into the trunk
Congrats! This is an awesome work! I will miss all the beauty screenshots now that your work in Console is almost over! I'm willing to enjoy the ros-csrss asap! :)
From: hermes.belusca@sfr.fr To: ros-dev@reactos.org Date: Tue, 9 Apr 2013 12:47:48 +0200 Subject: [ros-dev] Future merge of the ros-csrss branch into the trunk
Hi all !
I'm writing this mail to announce to you that in one week (if everything works as expected till this time) I will be ready to merge my ros-csrss branch into our current codebase.
The ros-csrss branch (http://svn.reactos.org/svn/reactos/branches/ros-csrss/?view=log) was started 5 months ago (October 14, 2012 to be precise) with a three-fold purpose:
- Use the new Windows-compatible Client-Server Runtime Subsystem (csrss +
csrsrv) written by Alex Ionescu, unused at the moment and which currently lives in trunk/reactos/subsystems/csr/, and as such was a replacement for the older one in trunk/reactos/subsystems/win32/csrss/. This last one was progressively hacked to include functionalities from the new csrss;
however
most of the old code remained and as such it was a big hack. Also the CSR client part, residing in ntdll, was updated (thanks to comments put by
Alex
inside it). To communicate between the server-part and the client-part,
some
messaging protocol is used (thanks to LPC); the used structures were not
so
up-to-date, but the new ones were in the code, not used. So I could use
them
instead of the older ones. That meant that some work was needed in ntdll
(as
previously stated). Disregarding the details (you can see them in the
commit
log), I also had to rework a little bit on the dlls which communicate with CSR, namely kernel32.
- Replacing our very old win32csr.dll csr server by the collection basesrv
/
winsrv as it is done under Windows. For that I tried to match accurately
our
existing code with what should exist on Windows according to this list of CSR servers APIs : http://j00ru.vexillium.org/csrss_list/api_list.html .
- Since the console subsystem is (for historical purposes on Windows) the
only subsystem which exploits all the possibilities of the CSR, much of
the
work in the branch was done to make it working with the new csrss. Even if on Windows it is included together with other APIs inside the winsrv dll (since Windows NT 3.1 release), I decided to put it in a separate dll, called consrv, on ReactOS (I took the name from the dll where it was included in Windows NT 3.1 beta from October 1991). Also, because I
believe
that the console subsystem is something that, on Windows, was somewhat neglected (no ANSI control, (almost?)no TTY-like flavour...) I decided to work on its internal architecture (the exterior one being unchanged for compatibility reasons) such as to exacerbate the following things:
- the "console server" which dialogs with the console applications,
and which maintains a list of all the created consoles.
- different "front-ends" corresponding to where you want to output
the information (~= console hardware) (it is of course work-in-progress).
At
the moment only one is working: the GUI console. I have to make the TUI interfacing correctly with the rest of the code (but since it's not used
for
now, it's not extremely urgent). The idea would be to have also a
front-end
for serial ports, so that we could interact with the serial port (with
Putty
if running ROS on a virtual machine, or with a serial console, etc...).
And
another idea would be to make those front-ends dynamically-loadable
(instead
of being compiled inside consrv).
- I also fixed some parts of the console properties dialog box.
Here is the JIRA report for the merge: http://jira.reactos.org/browse/CORE-7002 Here are the test results with revision 58723 (plus comparison with revisions 58722 and 58720): http://old.reactos.org/testman/compare.php?ids=16213,16218,16219,16221 You will see that the ntdll:exception seems to run 24 more tests, but 4 failed compared to non-patched r58723. The errors are "exception.c:821:
Test
failed: Eip at 0x77f2b2a3 instead of 0079000B". It would be interesting to investigate further on these failings. Also, gdi32:font executes 33 more tests, and 10 more fail, due to the Fixedsys font. A problem, already existing in trunk, remains: http://jira.reactos.org/browse/CORE-6397 (see description inside).
You are encouraged to make comments, etc... etc...
Cheers, Hermès.
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=
Documentation I've used :
- The oldest trace of CSRSS in NT 3.1 beta (where I've found the existence
of csrsrv.dll, which was merged with winsrv.dll in the 3.1 release and the subsequent versions of NT): http://www.logotypes.se/NT310CSRSS.txt
- "Windows CSRSS cross-version API Table"
http://j00ru.vexillium.org/?p=349
and the subsequent links.
- "Windows CSRSS Write Up: the basics (part 1/1)"
http://j00ru.vexillium.org/?p=492
- "Windows CSRSS Write Up: Inter-process Communication (part 1/3)"
http://j00ru.vexillium.org/?p=502
- "Windows CSRSS Write Up: Inter-process Communication (part 2/3)"
http://j00ru.vexillium.org/?p=527 (the messaging system CSR server <--> client is explained here) (the part 3/3 seems to not exist)
- "CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation
vulnerability" http://j00ru.vexillium.org/?p=893 and
http://mysterie.fr/blog/2011/07/31/cve-2011-1281-privilege-escalation-in-csr
ss-proof-of-concept/
- Something that would be interesting for console and thread desktops :
"Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops" http://j00ru.vexillium.org/?p=1393
- " Windows Subsytem Csrss" (in French)
http://www.ivanlef0u.tuxfamily.org/?p=188
- "Story of a dumb patch", Cesar Cerrudo,
http://www.argeniss.com/research/MSBugPaper.pdf or http://www.scn.rain.com/~neighorn/PDF/MSBugPaper.pdf
- CsrWalker :
http://forum.sysinternals.com/csrwalker-processes-detection-from-user-mode_t
opic15457.html
- Concerning console modes flags:
https://sites.google.com/site/marckupper/utilities/setconsolemode
- Documentation about consoles on MSDN:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682010(v=vs.85).as
px
- "Custom console hosts on Windows 7 (Hack in the Box Magazine #4)"
http://magazine.hitb.org/issues/HITB-Ezine-Issue-004.pdf
- "Windows CSRSS Tips & Tricks (Hack in the Box Magazine #5)"
http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf
- "Win32 Console (Wikipedia)" and the note 3 of the article:
http://en.wikipedia.org/wiki/Win32_console#cite_note-3
- Undocumented flags of ConsoleProcess:
http://www.catch22.net/tuts/undocumented-createprocess
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
Cool! You're really making good progress.
Regards, Aleksey Bragin
On 09.04.2013 22:25, Hermès BÉLUSCA - MAÏTO wrote:
Yes of course ! Here they are :
-When I was testing both setting an adequate console title when an app was launched and the corresponding icon (colors are here for the eyes): http://img594.imageshack.us/img594/3669/consoletest3.png
-Color changes with the console properties dialog (test on Far Manager 3): http://img203.imageshack.us/img203/742/consoletest4.png
-The first run of a mouse-aware console (test on Far Manager 3). Right-click on an item in Far Manager (left, the console is in ENABLE_MOUSE_INPUT mode) and (right) right-click on the console (mode ENABLE_MOUSE_INPUT off): it displays the edition popup menu: http://img856.imageshack.us/img856/6660/consolefarmanagerros.png
-The two modes of selection: (left background) "Mark" mode, i.e. selection via the keyboard (new) and (right foreground) "Selection" mode, i.e. selection via the mouse (tested on Far Manager; since usual right-click won't show the edition menu, you have to right-click on the console title-bar and select "Modify" -- "Selection"): http://img832.imageshack.us/img832/7482/consoleselection.png
-To finish, test of Irssi (IRC client in command-line) (this one works ok in the trunk): http://img29.imageshack.us/img29/1102/irssiros.png
The current console font is Fixedsys Excelsior 3.01 from http://www.fixedsysexcelsior.com/ (already added in trunk), which is capable of displaying Unicode characters (but not implemented in the console).
Regards,
Hermès
*De :*ros-dev-bounces@reactos.org [mailto:ros-dev-bounces@reactos.org] *De la part de* Ged Murphy *Envoyé :* mardi 9 avril 2013 19:12 *À :* 'ReactOS Development List' *Objet :* Re: [ros-dev] Future merge of the ros-csrss branch into the trunk
Screenshots? Can you post a few of those on here please?
*From:*ros-dev-bounces@reactos.org mailto:ros-dev-bounces@reactos.org [mailto:ros-dev-bounces@reactos.org] *On Behalf Of *victor martinez *Sent:* 09 April 2013 15:50 *To:* ReactOS Development List *Subject:* Re: [ros-dev] Future merge of the ros-csrss branch into the trunk
Congrats! This is an awesome work! I will miss all the beauty screenshots now that your work in Console is almost over! I'm willing to enjoy the ros-csrss asap! :)
From:hermes.belusca@sfr.fr mailto:hermes.belusca@sfr.fr To: ros-dev@reactos.org mailto:ros-dev@reactos.org Date: Tue, 9 Apr 2013 12:47:48 +0200 Subject: [ros-dev] Future merge of the ros-csrss branch into the trunk
Hi all !
I'm writing this mail to announce to you that in one week (if everything works as expected till this time) I will be ready to merge my ros-csrss branch into our current codebase.
The ros-csrss branch (http://svn.reactos.org/svn/reactos/branches/ros-csrss/?view=log) was started 5 months ago (October 14, 2012 to be precise) with a three-fold purpose:
- Use the new Windows-compatible Client-Server Runtime Subsystem
(csrss +
csrsrv) written by Alex Ionescu, unused at the moment and which
currently
lives in trunk/reactos/subsystems/csr/, and as such was a
replacement for
the older one in trunk/reactos/subsystems/win32/csrss/. This last
one was
progressively hacked to include functionalities from the new csrss;
however
most of the old code remained and as such it was a big hack. Also
the CSR
client part, residing in ntdll, was updated (thanks to comments put
by Alex
inside it). To communicate between the server-part and the
client-part, some
messaging protocol is used (thanks to LPC); the used structures were
not so
up-to-date, but the new ones were in the code, not used. So I could
use them
instead of the older ones. That meant that some work was needed in
ntdll (as
previously stated). Disregarding the details (you can see them in
the commit
log), I also had to rework a little bit on the dlls which
communicate with
CSR, namely kernel32.
- Replacing our very old win32csr.dll csr server by the collection
basesrv /
winsrv as it is done under Windows. For that I tried to match
accurately our
existing code with what should exist on Windows according to this
list of
CSR servers APIs : http://j00ru.vexillium.org/csrss_list/api_list.html .
- Since the console subsystem is (for historical purposes on
Windows) the
only subsystem which exploits all the possibilities of the CSR, much
of the
work in the branch was done to make it working with the new csrss.
Even if
on Windows it is included together with other APIs inside the winsrv dll (since Windows NT 3.1 release), I decided to put it in a separate dll, called consrv, on ReactOS (I took the name from the dll where it was included in Windows NT 3.1 beta from October 1991). Also, because I
believe
that the console subsystem is something that, on Windows, was somewhat neglected (no ANSI control, (almost?)no TTY-like flavour...) I
decided to
work on its internal architecture (the exterior one being unchanged for compatibility reasons) such as to exacerbate the following things:
- the "console server" which dialogs with the console applications,
and which maintains a list of all the created consoles.
- different "front-ends" corresponding to where you want to output
the information (~= console hardware) (it is of course
work-in-progress). At
the moment only one is working: the GUI console. I have to make the TUI interfacing correctly with the rest of the code (but since it's not
used for
now, it's not extremely urgent). The idea would be to have also a
front-end
for serial ports, so that we could interact with the serial port
(with Putty
if running ROS on a virtual machine, or with a serial console,
etc...). And
another idea would be to make those front-ends dynamically-loadable
(instead
of being compiled inside consrv).
- I also fixed some parts of the console properties dialog box.
Here is the JIRA report for the merge: http://jira.reactos.org/browse/CORE-7002 Here are the test results with revision 58723 (plus comparison with revisions 58722 and 58720): http://old.reactos.org/testman/compare.php?ids=16213,16218,16219,16221 You will see that the ntdll:exception seems to run 24 more tests, but 4 failed compared to non-patched r58723. The errors are
"exception.c:821: Test
failed: Eip at 0x77f2b2a3 instead of 0079000B". It would be
interesting to
investigate further on these failings. Also, gdi32:font executes 33 more tests, and 10 more fail, due to the Fixedsys font. A problem, already existing in trunk, remains: http://jira.reactos.org/browse/CORE-6397 (see description inside).
You are encouraged to make comments, etc... etc...
Cheers, Hermès.
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=
Documentation I've used :
- The oldest trace of CSRSS in NT 3.1 beta (where I've found the
existence
of csrsrv.dll, which was merged with winsrv.dll in the 3.1 release
and the
subsequent versions of NT): http://www.logotypes.se/NT310CSRSS.txt
- "Windows CSRSS cross-version API Table"
http://j00ru.vexillium.org/?p=349
and the subsequent links.
- "Windows CSRSS Write Up: the basics (part 1/1)"
http://j00ru.vexillium.org/?p=492
- "Windows CSRSS Write Up: Inter-process Communication (part 1/3)"
http://j00ru.vexillium.org/?p=502
- "Windows CSRSS Write Up: Inter-process Communication (part 2/3)"
http://j00ru.vexillium.org/?p=527 (the messaging system CSR server <--> client is explained here) (the part 3/3 seems to not exist)
- "CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation
vulnerability" http://j00ru.vexillium.org/?p=893 and
http://mysterie.fr/blog/2011/07/31/cve-2011-1281-privilege-escalation-in-csr
ss-proof-of-concept/
- Something that would be interesting for console and thread desktops :
"Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops" http://j00ru.vexillium.org/?p=1393
- " Windows Subsytem Csrss" (in French)
http://www.ivanlef0u.tuxfamily.org/?p=188
- "Story of a dumb patch", Cesar Cerrudo,
http://www.argeniss.com/research/MSBugPaper.pdf or http://www.scn.rain.com/~neighorn/PDF/MSBugPaper.pdf
http://www.scn.rain.com/%7Eneighorn/PDF/MSBugPaper.pdf
- CsrWalker :
http://forum.sysinternals.com/csrwalker-processes-detection-from-user-mode_t
opic15457.html
- Concerning console modes flags:
https://sites.google.com/site/marckupper/utilities/setconsolemode
- Documentation about consoles on MSDN:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682010(v=vs.85).as http://msdn.microsoft.com/en-us/library/windows/desktop/ms682010%28v=vs.85%29.as
px
- "Custom console hosts on Windows 7 (Hack in the Box Magazine #4)"
http://magazine.hitb.org/issues/HITB-Ezine-Issue-004.pdf
- "Windows CSRSS Tips & Tricks (Hack in the Box Magazine #5)"
http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf
- "Win32 Console (Wikipedia)" and the note 3 of the article:
http://en.wikipedia.org/wiki/Win32_console#cite_note-3
- Undocumented flags of ConsoleProcess:
http://img29.imageshack.us/img29/1102/irssiros.png
The current console font is Fixedsys Excelsior 3.01 from http://www.fixedsysexcelsior.com/ (already added in trunk), which is capable of displaying Unicode characters (but not implemented in the console).
That one looks much better than the one we currently use.
So, if everybody here is ok, we can keep Fixedsys for the console. In a previous commit in the trunk Ive created a font-substitute (called Lucida Console) for the older one (the DejaVu Sans Mono font), because we dont have yet a real Lucida Console font. Something that needs to be implemented is changing the current console font via the properties dialog.
De : ros-dev-bounces@reactos.org [mailto:ros-dev-bounces@reactos.org] De la part de Timo Kreuzer Envoyé : mardi 9 avril 2013 20:56 À : ReactOS Development List Objet : Re: [ros-dev] Future merge of the ros-csrss branch into the trunk
The current console font is Fixedsys Excelsior 3.01 from http://www.fixedsysexcelsior.com/ (already added in trunk), which is capable of displaying Unicode characters (but not implemented in the console).
That one looks much better than the one we currently use.
Very impressive, great work Hermés!
From: ros-dev-bounces@reactos.org [mailto:ros-dev-bounces@reactos.org] On Behalf Of Hermès BÉLUSCA - MAÏTO Sent: 09 April 2013 19:26 To: 'ReactOS Development List' Subject: Re: [ros-dev] Future merge of the ros-csrss branch into the trunk
Yes of course ! Here they are :
- When I was testing both setting an adequate console title when an app was launched and the corresponding icon (colors are here for the eyes): http://img594.imageshack.us/img594/3669/consoletest3.png
- Color changes with the console properties dialog (test on Far Manager 3): http://img203.imageshack.us/img203/742/consoletest4.png
- The first run of a mouse-aware console (test on Far Manager 3). Right-click on an item in Far Manager (left, the console is in ENABLE_MOUSE_INPUT mode) and (right) right-click on the console (mode ENABLE_MOUSE_INPUT off): it displays the edition popup menu: http://img856.imageshack.us/img856/6660/consolefarmanagerros.png
- The two modes of selection: (left background) Mark mode, i.e. selection via the keyboard (new) and (right foreground) Selection mode, i.e. selection via the mouse (tested on Far Manager; since usual right-click wont show the edition menu, you have to right-click on the console title-bar and select Modify Selection): http://img832.imageshack.us/img832/7482/consoleselection.png
- To finish, test of Irssi (IRC client in command-line) (this one works ok in the trunk): http://img29.imageshack.us/img29/1102/irssiros.png
The current console font is Fixedsys Excelsior 3.01 from http://www.fixedsysexcelsior.com/ (already added in trunk), which is capable of displaying Unicode characters (but not implemented in the console).
Regards,
Hermès
De : ros-dev-bounces@reactos.org mailto:ros-dev-bounces@reactos.org [mailto:ros-dev-bounces@reactos.org] De la part de Ged Murphy Envoyé : mardi 9 avril 2013 19:12 À : 'ReactOS Development List' Objet : Re: [ros-dev] Future merge of the ros-csrss branch into the trunk
Screenshots? Can you post a few of those on here please?
From: ros-dev-bounces@reactos.org mailto:ros-dev-bounces@reactos.org [mailto:ros-dev-bounces@reactos.org] On Behalf Of victor martinez Sent: 09 April 2013 15:50 To: ReactOS Development List Subject: Re: [ros-dev] Future merge of the ros-csrss branch into the trunk
Congrats! This is an awesome work! I will miss all the beauty screenshots now that your work in Console is almost over! I'm willing to enjoy the ros-csrss asap! :)
From: hermes.belusca@sfr.fr mailto:hermes.belusca@sfr.fr To: ros-dev@reactos.org mailto:ros-dev@reactos.org Date: Tue, 9 Apr 2013 12:47:48 +0200 Subject: [ros-dev] Future merge of the ros-csrss branch into the trunk
Hi all !
I'm writing this mail to announce to you that in one week (if everything works as expected till this time) I will be ready to merge my ros-csrss branch into our current codebase.
The ros-csrss branch (http://svn.reactos.org/svn/reactos/branches/ros-csrss/?view=log) was started 5 months ago (October 14, 2012 to be precise) with a three-fold purpose:
- Use the new Windows-compatible Client-Server Runtime Subsystem (csrss +
csrsrv) written by Alex Ionescu, unused at the moment and which currently lives in trunk/reactos/subsystems/csr/, and as such was a replacement for the older one in trunk/reactos/subsystems/win32/csrss/. This last one was progressively hacked to include functionalities from the new csrss;
however
most of the old code remained and as such it was a big hack. Also the CSR client part, residing in ntdll, was updated (thanks to comments put by
Alex
inside it). To communicate between the server-part and the client-part,
some
messaging protocol is used (thanks to LPC); the used structures were not
so
up-to-date, but the new ones were in the code, not used. So I could use
them
instead of the older ones. That meant that some work was needed in ntdll
(as
previously stated). Disregarding the details (you can see them in the
commit
log), I also had to rework a little bit on the dlls which communicate with CSR, namely kernel32.
- Replacing our very old win32csr.dll csr server by the collection basesrv
/
winsrv as it is done under Windows. For that I tried to match accurately
our
existing code with what should exist on Windows according to this list of CSR servers APIs : http://j00ru.vexillium.org/csrss_list/api_list.html .
- Since the console subsystem is (for historical purposes on Windows) the
only subsystem which exploits all the possibilities of the CSR, much of
the
work in the branch was done to make it working with the new csrss. Even if on Windows it is included together with other APIs inside the winsrv dll (since Windows NT 3.1 release), I decided to put it in a separate dll, called consrv, on ReactOS (I took the name from the dll where it was included in Windows NT 3.1 beta from October 1991). Also, because I
believe
that the console subsystem is something that, on Windows, was somewhat neglected (no ANSI control, (almost?)no TTY-like flavour...) I decided to work on its internal architecture (the exterior one being unchanged for compatibility reasons) such as to exacerbate the following things:
- the "console server" which dialogs with the console applications,
and which maintains a list of all the created consoles.
- different "front-ends" corresponding to where you want to output
the information (~= console hardware) (it is of course work-in-progress).
At
the moment only one is working: the GUI console. I have to make the TUI interfacing correctly with the rest of the code (but since it's not used
for
now, it's not extremely urgent). The idea would be to have also a
front-end
for serial ports, so that we could interact with the serial port (with
Putty
if running ROS on a virtual machine, or with a serial console, etc...).
And
another idea would be to make those front-ends dynamically-loadable
(instead
of being compiled inside consrv).
- I also fixed some parts of the console properties dialog box.
Here is the JIRA report for the merge: http://jira.reactos.org/browse/CORE-7002 Here are the test results with revision 58723 (plus comparison with revisions 58722 and 58720): http://old.reactos.org/testman/compare.php?ids=16213,16218,16219,16221 You will see that the ntdll:exception seems to run 24 more tests, but 4 failed compared to non-patched r58723. The errors are "exception.c:821:
Test
failed: Eip at 0x77f2b2a3 instead of 0079000B". It would be interesting to investigate further on these failings. Also, gdi32:font executes 33 more tests, and 10 more fail, due to the Fixedsys font. A problem, already existing in trunk, remains: http://jira.reactos.org/browse/CORE-6397 (see description inside).
You are encouraged to make comments, etc... etc...
Cheers, Hermès.
~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
~=~=
Documentation I've used :
- The oldest trace of CSRSS in NT 3.1 beta (where I've found the existence
of csrsrv.dll, which was merged with winsrv.dll in the 3.1 release and the subsequent versions of NT): http://www.logotypes.se/NT310CSRSS.txt
- "Windows CSRSS cross-version API Table"
http://j00ru.vexillium.org/?p=349
and the subsequent links.
- "Windows CSRSS Write Up: the basics (part 1/1)"
http://j00ru.vexillium.org/?p=492
- "Windows CSRSS Write Up: Inter-process Communication (part 1/3)"
http://j00ru.vexillium.org/?p=502
- "Windows CSRSS Write Up: Inter-process Communication (part 2/3)"
http://j00ru.vexillium.org/?p=527 (the messaging system CSR server <--> client is explained here) (the part 3/3 seems to not exist)
- "CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation
vulnerability" http://j00ru.vexillium.org/?p=893 and
http://mysterie.fr/blog/2011/07/31/cve-2011-1281-privilege-escalation-in-csr
ss-proof-of-concept/
- Something that would be interesting for console and thread desktops :
"Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops" http://j00ru.vexillium.org/?p=1393
- " Windows Subsytem Csrss" (in French)
http://www.ivanlef0u.tuxfamily.org/?p=188
- "Story of a dumb patch", Cesar Cerrudo,
http://www.argeniss.com/research/MSBugPaper.pdf or http://www.scn.rain.com/~neighorn/PDF/MSBugPaper.pdf
- CsrWalker :
http://forum.sysinternals.com/csrwalker-processes-detection-from-user-mode_t
opic15457.html
- Concerning console modes flags:
https://sites.google.com/site/marckupper/utilities/setconsolemode
- Documentation about consoles on MSDN:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682010(v=vs.85).as
px
- "Custom console hosts on Windows 7 (Hack in the Box Magazine #4)"
http://magazine.hitb.org/issues/HITB-Ezine-Issue-004.pdf
- "Windows CSRSS Tips & Tricks (Hack in the Box Magazine #5)"
http://magazine.hitb.org/issues/HITB-Ezine-Issue-005.pdf
- "Win32 Console (Wikipedia)" and the note 3 of the article:
http://en.wikipedia.org/wiki/Win32_console#cite_note-3
- Undocumented flags of ConsoleProcess:
http://www.catch22.net/tuts/undocumented-createprocess
Ros-dev mailing list Ros-dev@reactos.org mailto:Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
-
Aleksey Bragin -
Ged Murphy -
Hermès BÉLUSCA - MAÏTO -
Javier Agustìn Fernàndez Arroyo -
Timo Kreuzer -
victor martinez