Accessed Files and Registry Keys
Posted: Tue Jan 27, 2009 2:07 pm
For Vista Ultimate 32b and GW2_2_21, so far I could log these accesses. Note that (CI)(OI) means "access also to containers or objects (i.e., folders or files, subkeys or keys' data) further below the tree". I do not mention such access that is obviously initiated by Windows or is specific to my PC.
Access by GOWrite.exe:
C:\
C:\Program Files
C:\Program Files\MyGowriteDir (CI)(OI)
C:\Program Files\MyJavaDir (CI)(OI)
HKLM\Software\GOWrite2\install
HKLM\SOFTWARE\GOWrite2\install\language
HKLM\Software\GOWrite2\startup\gowrite
HKLM\Software\GOWrite2\startup\java
HKLM\Software\JavaSoft\Java Runtime Environment
HKLM\SOFTWARE\JavaSoft\Java Runtime Environment\CurrentVersion
HKLM\SOFTWARE\JavaSoft\Java Runtime Environment\1.6
HKLM\SOFTWARE\JavaSoft\Java Runtime Environment\1.6\JavaHome
Access by javaw.exe:
C:\
C:\Program Files\MyCGobanDir (CI)(OI)
C:\Program Files\MyGowriteDir (CI)(OI)
C:\Program Files\MyJavaDir (CI)(OI)
C:\Users
C:\Users\MyUserName
C:\Users\MyUserName\gowrite.cfg
C:\Users\MyUserName\.gowrite
C:\Users\MyUserName\.gowrite\gowrite22.cfg
C:\Users\MyUserName\AppData\Local\Temp\hsperfdata_MyUserName (CI)(OI)
HKLM\Hardware\DeviceMap\VIDEO (CI)(OI)
HKLM\System\CurrentControlSet\ENUM (CI)(OI)
HKLM\SYSTEM\CurrentControlSet\Services (CI)(OI)
**********************************************************
Questions:
1) Why are higher level folders like C:\ or C:\Program Files also accessed? Can this not be avoided? I wonder whether this fact alone might suffice to prevent a Low integrity level setting for Gowrite because obviously I cannot set these folders to Low (or I would have to run all my applications Low, what would not make sense).
2) Does javaw's access of C:\Program Files\MyCGobanDir mean that both Gowrite and CGoban have to be run Low - or neither? I want to run both Low anyway. But I wonder how to ease testing. Will it be possible to set only Gowrite Low or can't this work because of a Medium integrity level CGoban?
3) Will a Low Java directory and Low Java registry keys cause conflicts with a Medium OpenOfficeOrg?
4) I think that, under Vista,
C:\Users\MyUserName\gowrite.cfg
C:\Users\MyUserName\.gowrite
C:\Users\MyUserName\.gowrite\gowrite22.cfg
are at the wrong location.
I'd rather guess that the right location should be either
C:\Users\MyUserName\AppData\Local\MyGowriteDir
or
C:\Users\MyUserName\AppData\Roaming\MyGowriteDir
where
MyGowriteDir is the same as under C:\Program Files\.
Wouldn't you agree? I saw some other old softwares with the same mistake, but they become fewer and fewer.
5) Why \.gowrite with a dot?
6) What is the purpose of javaw accessing
C:\Users\MyUserName\AppData\Local\Temp\hsperfdata_MyUserName (CI)(OI)
HKLM\Hardware\DeviceMap\VIDEO (CI)(OI)
HKLM\System\CurrentControlSet\ENUM (CI)(OI)
HKLM\SYSTEM\CurrentControlSet\Services (CI)(OI)
?
7) Are there further containers or objects that I might have overlooked?
8 ) Which should I set to Low if I want to run Gowrite as Low? All?
Access by GOWrite.exe:
C:\
C:\Program Files
C:\Program Files\MyGowriteDir (CI)(OI)
C:\Program Files\MyJavaDir (CI)(OI)
HKLM\Software\GOWrite2\install
HKLM\SOFTWARE\GOWrite2\install\language
HKLM\Software\GOWrite2\startup\gowrite
HKLM\Software\GOWrite2\startup\java
HKLM\Software\JavaSoft\Java Runtime Environment
HKLM\SOFTWARE\JavaSoft\Java Runtime Environment\CurrentVersion
HKLM\SOFTWARE\JavaSoft\Java Runtime Environment\1.6
HKLM\SOFTWARE\JavaSoft\Java Runtime Environment\1.6\JavaHome
Access by javaw.exe:
C:\
C:\Program Files\MyCGobanDir (CI)(OI)
C:\Program Files\MyGowriteDir (CI)(OI)
C:\Program Files\MyJavaDir (CI)(OI)
C:\Users
C:\Users\MyUserName
C:\Users\MyUserName\gowrite.cfg
C:\Users\MyUserName\.gowrite
C:\Users\MyUserName\.gowrite\gowrite22.cfg
C:\Users\MyUserName\AppData\Local\Temp\hsperfdata_MyUserName (CI)(OI)
HKLM\Hardware\DeviceMap\VIDEO (CI)(OI)
HKLM\System\CurrentControlSet\ENUM (CI)(OI)
HKLM\SYSTEM\CurrentControlSet\Services (CI)(OI)
**********************************************************
Questions:
1) Why are higher level folders like C:\ or C:\Program Files also accessed? Can this not be avoided? I wonder whether this fact alone might suffice to prevent a Low integrity level setting for Gowrite because obviously I cannot set these folders to Low (or I would have to run all my applications Low, what would not make sense).
2) Does javaw's access of C:\Program Files\MyCGobanDir mean that both Gowrite and CGoban have to be run Low - or neither? I want to run both Low anyway. But I wonder how to ease testing. Will it be possible to set only Gowrite Low or can't this work because of a Medium integrity level CGoban?
3) Will a Low Java directory and Low Java registry keys cause conflicts with a Medium OpenOfficeOrg?
4) I think that, under Vista,
C:\Users\MyUserName\gowrite.cfg
C:\Users\MyUserName\.gowrite
C:\Users\MyUserName\.gowrite\gowrite22.cfg
are at the wrong location.
I'd rather guess that the right location should be either
C:\Users\MyUserName\AppData\Local\MyGowriteDir
or
C:\Users\MyUserName\AppData\Roaming\MyGowriteDir
where
MyGowriteDir is the same as under C:\Program Files\.
Wouldn't you agree? I saw some other old softwares with the same mistake, but they become fewer and fewer.
5) Why \.gowrite with a dot?
6) What is the purpose of javaw accessing
C:\Users\MyUserName\AppData\Local\Temp\hsperfdata_MyUserName (CI)(OI)
HKLM\Hardware\DeviceMap\VIDEO (CI)(OI)
HKLM\System\CurrentControlSet\ENUM (CI)(OI)
HKLM\SYSTEM\CurrentControlSet\Services (CI)(OI)
?
7) Are there further containers or objects that I might have overlooked?
8 ) Which should I set to Low if I want to run Gowrite as Low? All?