New version v1.4 has been released as there were few bugs detected. This version also includes a new and very interesting feature, inspecting atoms from windows services. "A Windows Service applications run in a different window station than the interactive station of the logged-on user. A window station is a secure object that contains a Clipboard, a set of global atoms, and a group of desktop objects. Because the station of the Windows service is not an interactive station, dialog boxes raised from within a Windows service application will not be seen and may cause your program to stop responding. Similarly, error messages should be logged in the Windows event log rather than raised in the user interface".
Source : Microsoft.
This actually means that a running service is using a different set of global atoms than the current user. To display those atoms, atom table monitor v1.4 includes an Atom scanner service which uses the same core engine than Atom monitor and retrieves the list of Global atoms and RWM atoms from the system under the window station.
Current version contains: Atom Table monitor v1.4.
- Atom monitor win32 stand-alone tool.
- List of common patterns.
- Atom scanner win32 service.
- Install / Unninstall service batch files.
Session selection screen:
If the service is up and running, we can select the option to display the atoms from the service session. If the service is not detected the monitor will stop itself.
Service session monitoring RWM atoms:
This screen is displaying the amount of atoms which are being monitored by the service session. You can play with that by creating a small tool to leak atoms and use different configurations from the service. Have a look at my previous post How to run an application under active session account from a windows service.
User session monitoring RWM atoms:
Check out the amount of patterns which match an specific subset of atom strings. This will help you to rapidly identify which atoms are being created and which is the source.
Installing the service:
Once up and running, select "Monitor Atoms from service session" on Option's tab and press scan atom table.
Installing the service:
Use the batch files to install / uninstall ATOMScannerService.exe. Once installed, run it under local account.
Related links:
Awesome job on this project. A great and useful tool.
ReplyDeleteThanks Carl!
Delete