WMI & ETW Question regarding the CLP of a process
- From: Basil Hellas <Basil Hellas@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 25 Dec 2008 17:49:01 -0800
I'm developing software for a company that has some public computers. One
software calls from command line some 3rd party software with sensitive
command line parameters (like username & Password).
I've recently discovered that anyone with access to the computer (public
computer), could either run SysInternal's Process Monitor or a simple query
to the Win32_Process Class @ WMI and get in plain text the command line
parameters of the executed process.
Since the executed process is a 3rd party application, changes to the way
the application get the credentials are not applicable.
And the questions are: How can i either:
a) Hide the application's command line parameters
b) Delete an entry from WMI
c) Detect if an application has hooked the Event Trace for Windows (ETW)
or d) find any other way to protect the command line parameters passed to
the 3rd party applications.
I am searching for a solution regardless the programming language it would
be on
Thank you in advance
.
- Prev by Date: WMI & ETW Question regarding the CLP of a process
- Next by Date: Problem with Associators of {Win32_Directory.Name='
- Previous by thread: WMI & ETW Question regarding the CLP of a process
- Next by thread: Problem with Associators of {Win32_Directory.Name='
- Index(es):
Relevant Pages
|
