So, I was hacking on some code on Windows the other day. The DRM for a piece of proprietary software I had a legitimate license for wasn’t working, and thus I had to seek out some… licencing facilitation software. Since such software usually originates from the sketchier regions of the Internet, I ended up infecting my copy of Vista with a trojan horse. That’s one demerit point on my Geek Licence!
Here’s the manifest from the executable:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
For those without Windows-fu, the manifest is basically a PE resource containing some XML metadata that describes the executable. They first found use with the release of XP, where they were primarily used by software developers to ask Windows to dynamically load version 6 of the Common Controls library (which also saw its debut in XP) instead of the venerable version 5. The practical upshot of all this was that it gave you the nice new Windows themed controls, without any ABI changes. Microsoft obliged developers to explicitly specify their desire for version 6 so that they could basically ship version 5 as is, to avoid any compatibility issues.
Returning to the trojan hourse, I assume they were trying to intentionally prevent Vista’s UAC feature from asking the user for extra permissions. This actually makes sense because most malware authors’ goals do not include completely compromising the user’s machine, but rather the purpose of creating botnets, which don’t need administrator access to commit their nefarious deeds. All they need to do is stay resident and use the network, all of which the regular Windows limited account allows them to do.