The AppInfo service, which starts consent.exe, use a trick to fake the children process tree when calling CreateProcessAsUser() to make look like the creating process did indeed create the child process, which is false (1). That's well... "non-standard". I don't think that faking the process tree is the way to go, even for "user-friendliness".
So now the only thing we need to know is: How? :)
Reference
#1 "Windows Vista User Account Control Internals", Mark Russinovich
http://www.microsoft.com/emea/msdnshowtime/sessionh.aspx?videoid=360
The information is embeded in Mark's video around minute 37.
---
Update
It seems they pulled the plug of this presentation.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.