a must read: "Windows 7's dirty secrets revealed" (not what you expect)

very interesting article, a few quotes:

Another of his themes was MinWin, a lightweight version of Windows whose purpose has sparked speculation. MinWin exists, he said, and contains the minimum necessary to boot and access the network: kernel, file system driver, device drivers, services and TCP/IP stack. It amounts to around 150 binaries, and requires 25MB disk space and 40MB RAM.

MinWin is handy for setup and system recovery, but its real purpose is to introduce what he calls “architectural layering” to Windows. Microsoft needs small footprint versions of Windows, both for embedded use and for the GUI-free Server Core edition. The problem is that the operating system is full of internal dependencies, and as Russinovich admitted: “We don’t really understand those dependencies”. ??? ??? ??? ;D

Engineers have added features to low-level APIs that assume the presence of dynamic link libraries (DLLs) that belong with higher level APIs, and when you try to extract just those low-level components, they break. MinWin is a first step in making Windows layered, maintainable and understandable.

Russinovich also spoke about the contentious User Account Control (UAC), which prompts the user to approve actions that should require administrative rights. "UAC is not an anti-malware solution," he said. "If you think you are safe from malware because you are in one of those prompting modes, you're wrong. If malware gets on your box, and you are admin, you must assume that malware will gain admin rights."

Proving the point, he showed how a genuine, signed Microsoft executable might load a malicious process, invisible to the user. So what is the point of UAC? “It is about one thing, which is about getting you guys to write your code so that it runs well as standard user.”

http://www.theregister.co.uk/2009/11/18/windows_7_heart/

Hi Logos,

Some answers you can find with the tool I present here: http://forum.avast.com/index.php?topic=52362.0
APIMON came in Windows NT and Windows 2000. I do not know the reason why the dll help website from Microsoft is going to be discontinued from Febr. 8th 2010: http://support.microsoft.com/dllhelp/
Just curious why they are gonna leave developers etc. in the cold, new obscurity or are they aware of development we do not know of yet? Questions, questions and few answers…
Fire up your version of APIMON and start investigating…

polonus

Hi Polonus,

thanks for that link to ApiMon…will check this later tomorrow …sounds like even MS is sometimes paying the price for making their OS too hermetical. Good they’re looking for solutions though (MiniWin).

Hi Logos,

Your welcome, my friend, and keep this info coming, with the right tools - apimon, dependency walker etc.
and dll checkers we get quite a bit of insight, hook explorer and an analysis of what goes on in the lower layers will reveal a lot of security through obscurity. Better we get there before the malcreants,

pol