Today, we will introduce you to the new feature of Windows 7 /Windows Server 2008 R2 - Console Host (ConHost.exe).
In fact, whether as a normal user or a corporate administrator, we use the console application more or less in the daily Windows application and operation and maintenance process. The console application has no user interface. We need to input and output the command prompt (CMD, which is not DOS, many people are confused).
So everyone thinks back and forth, what console applications does Windows bring?
In fact, the most typical ones are cmd.exe, nslookup.exe and telnet.exe.
In earlier versions of Windows, all applications that represented non-GUI activities (ie, console applications) were coordinated by the system process Csrss.exe when running on the desktop. When the console application needs to receive characters, a small "console APIs" is called in Kernel32.dll to let Kernel32 generate LPC to call CSRSS. At this point CSRSS checks and verifies the input queue of the console window and returns the result of the character mode to the console application via Kernel32 for association. The handling mechanism of the console application in the early Windows version is as shown in the following figure:
This processing mechanism has already produced a problem: even a console application is in the context of a normal user. Executed in, but Csrss.exe is always running under the local system account permissions. Therefore, in some cases, malware developed by "bad guys" has the potential to gain more privileges through Csrss.exe, which is executed by local system account privileges. This attack mode is called Shatter Attack.
In the era of Win7 and Windows Server 2008 R2, all console applications were put into a new context process ConHost.exe to execute, while ConHost (console host) and console programs run on In the context of the same security level, instead of issuing a LPC message request to the CSRSS for processing, the request is to request ConHost. Therefore, any application attempting to exploit a message request to cause an automatic elevation of privilege will not succeed. The following figure shows the new mechanism used in Windows 7 and Windows Server 2008 R2:
ConHost replaces the permanent change of I/O processing in the console application, the user can not pass the registry. Or Group Policy enforces the behavior (mechanism) of restoring Windows to the Legacy Mode console. Therefore, users need to fully test the application before upgrading to Windows 7 or Windows Server 2008 R2. Don't forget, although some of the functions of the application are implemented through the GUI, the data is still processed in batches through the console or other functional interfaces in the background. Therefore, it is necessary to conduct a comprehensive application functional test before migration or level.
When an application cannot be used normally in Windows 7, we should first test it again with administrator privileges to see if the problem occurs. In fact, use PRocess Monitor to monitor the application's access to the file or registry. Whether the permissions are normal. If the above problem still does not work properly, you should consider contacting ISV or its developers.
If the application crashes, the corresponding crash dump file is most beneficial to developers and ISVs to find the crux of the problem. If the application stops responding, you can try to use ADPlus to crawl it and its associated ConHost.exe process Dump. The console application can share many of the child processes of the Windows console. For example, when a user starts Telnet from the CMD window, Telnet.exe becomes a child of Cmd.exe. In this case, the ConHost.exe host processes both the parent and child message instances. By using Process Explorer we can confirm which processes ConHost.exe is processing:
You can also view the ConHost.exe process using the "Analyze Waiting Chain" feature that comes with the Windows 7 Resource Monitor feature. The application process:
Finally, don't forget, the application before the migration is fully tested!
Win7 system quickly became the most popular operating system in the world with its cool inte
U disk installation system is currently the most common PC installation system, many people are not
Although many websites now offer music download services, the downloaded music files have relatively
With the increasing share of WIN7, many friends have gradually upgraded the system to WIN7, but rega
What should I do if the computer icon on the left side of the folder is not found?
Log in to change the sound system tips 1.
Quickly correct boot screen issues
Net speed is breathless, Thunder download is the murderer
Teach you how to improve the security of Win 7 system
Win7 taskbar is shy. Taskbar adds love graphic tutorial
Windows 7 VHD magic: give the system a double insurance (1)
Windows 7 Safe Mode Repair System Failure
Windows 7 cancels the hard drive automatically off
Solve the problem that the error 16389 can not create a new library under Win7
How to create a system recovery disk in win10? Win10 create system recovery u disk tutorial
Notepad features you don't know
Rescuing your eyebrows Receive faxes with Windows XP
Cleverly set the Vista taskbar and start menu properties
Windows XP does not work properly shutdown solution
Three ways to run PHP under Linux
"Windows optimization master" application three bogey
King's glory computer version simulator used ??
Windows 10 10158 Preview Windows Hello Face Recognition Demo