At 09:01 AM 3/13/2003 -0500, Buck Buchanan wrote: >Since fport normally does not display the "\??\" prefix, I am wondering if >this might be a clue to how winlogon.exe was run. Winlogon is a native process (as opposed to a Win32 process). It runs early in the boot process. As someone else noted, the path you saw is normal. It *does* have a DLL, MSGINA.DLL; this gets the logon info from the user for Winlogon. It's designed so that third-parties can use, say, a biometric MSGINA in place of the usual prompt. Next question is if it's possible for MSGINA to be co-opted? "Inside Windows 2000" is the best investment any Windows admin can make, next to the RK. Take care, Dave David Moisan, N1KGH ARES/SKYWARN dmoisanat_private Invisible Disability: http://www1.shore.net/~dmoisan/invisible_disability.html ATS-909 FAQ: http://www1.shore.net/~dmoisan/faqs/sangean/ats909faq.html ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Fri Mar 14 2003 - 09:27:00 PST