bigmuscle

Could you use this utility to check what my code returns before and after? http://glass8.berlios.de/stuff/HDDDetector.7z

Could you provide more info about this problem, because this situation should not happen. It would be good to know what HDD serial number is returned before and after driver update so I check what's the problem. Serial number should be always the same regardless any software/driver update.

It's not correct. Actually, the taskbar is handled in the same way as any other window. I don't provide the blur effect for title bars/frames explicitly. It is implemented to blur anything which is marked to be the glass region. The only difference from Win7 is that Win7 switches the glass region's transparency according to the user settings. In Win8, the transparency of glass regions is always off. My implementation changes itg to be always on. DwmEnableBlurBehindWindow API function changes the region into the glass. Because the underlined fact above, such region becomes fully opaque on Win8 (w/o my Aero Glass) and it is also the reason why most of the utilities has it called "Disable transparency" although it calls the function to enable blur. I added the basic info about blurring the taskbar into the website guide.

It is what tools such as WinAeroglass are using - periodally spams all visible windows with WinAPI message to set layered flag on that window. It causes all windows to be rendered with alpha value of 254 which makes the content behind the window visible.

I guess that nothing more than layered windows hack - it has nothing to do with Aero Glass effect.

If your theme has rounded textures then, of course, this rounding will be visible when such texture is rendered on the screen.

AERO GLASS for Win8.1 1.2.5 * hardcoded symbol patterns for Win8.1 Spring2014 update * some minor fixes * added setup option to adjust access permissions for those who don't know how to set them on their own.

Because aerohost is not for executing, read the guide.

What system architecture do you use? I have tried x64, no new updates are present and Aero Glass still works even without the need to download the symbols.

I'm not aware of any command, however I don't say it is not possible. You just need to call this function: http://msdn.microsoft.com/en-us/library/windows/desktop/aa969508%28v=vs.85%29.aspx where you enable the blur in DWM_BLURBEHIND structure. It will cause fully opaque window without Aero Glass and fully glass window with Aero Glass.

This is nothing new. I'm saying this from the beginning. You just need to alter one flag to enable blur on any window (including taskbar etc.). The another hack is to rename your theme file to aerolite.msstyles.

Nobody forces you to use it. No, it cannot. His reason is much more paranoid, he's afraid that some dark power can replace DWMGlass.dll with some malicious file and thus he's making the scenes. Yes, of course, this happen, but the probability is rather theoretical. That's why I already said if someone worries about it, he will probably install this software into some secure folder (or at least change the folder permissions on his own) and not the into user folder (and no, I didn't meant C:\Users as he stated but any folder with "Authenticed Users" write privilege). He completely ignored this and still continues with shouting how Aero Glass is unsecure and harmful to your computer - you can even notice the form of his posts, he's creating new and new and still around edit his existing posts. And if I respond to someone else (and not to him), he starts blaming me from lying etc. He just wants to attract attention. I have nothing more to say to this.

You don't have to post anything more, I'm ending the discussion with you because it is non-sense. I said everything it was required. Create your own application and go away.

Nope, it was you who was complaining that Aero Glass is left unprotected in the user folder. So I just stated if user installs the software in the user folder then he should not complain that it is accessible without admin rights there. You cannot, it is debug version intended for testing only as already stated. Release version will be available in several days. No, nobody did... or why do you think there is several pages where this has already been discussed?

I already explained why I think this and it's especially the form of presenting it here. Sure, there is nothing wrong with questioning but it is wrong to state how Aero Glass behaves bad although it does not behaves in that way at all. And... as in the past, doesn't it look bad when user installs debug version and then he complains that it displays debug messages? It does to me and it is same in this situation, user installs the software into the user folder and then complains that it gets "on disk zero protection not even admin" and he can simply replace DLL with one batch file, because the file is protected in the same way as any file on the desktop.

McKay91: if Aero Glass is really uninstalled, it means no DWMGlass.dll is loaded into DWM, then this problem is not caused by Aero Glass. The most probable reason is that you applied some 3rd party tweak during Aero Glass period which results in this behaviour after AG was uninstalled.

This is a good point. It is also a reason why I discourage beginners from using this tool and even guide specifies that this software is intended for advanced users only. I also many times specified that this software uses memory patching and hooking which can be very dangerous (and it is one of the reason why I don't provide this software for regular buying). Advanced user should be aware of any possible security risks when installing such kind of software and if his priority is the security and he worries that some dark power could replace DWMGlass.dll with some malicious code, he surely won't install it in the shared directory but he rather selects some place protected e.g. by UAC (or by any other technology). But if someone sees in Process Explorer that message box is displayed through CSRSS.EXE process, has no knowledge about session isolation and starts making scenes then he is a bit paranoid. EDIT: when I officialy release version 1.2.2, I will create a clean topic for it and ask moderators to close this one. I hope we will keep the new topic cleaner than this one.

Are sure that you never said it hooked csrss.exe ? Your words: "Hooks DWM and elevates privilege using the new tokens to bypass all security so it can hook csrss.exe" Then I don't see reason why you use debug version if you see debugging tools as annoying. Nope, it is not. Your concern is to shout here how Aero Glass is bad. If someone wants to discuss some topic (and especially security problem), he uses completely different means than spamming with tens of posts in increased font, complaining about annoying debug window, nagging message popup and asking for a refund. Because it does not. The only line about obtaining special privileges in code is: //ObtainPrivilege(GetCurrentProcess(), SE_DEBUG_NAME);and as you can see it is commented out so it is never called. DWM group is never touched, the only elevated privilege is for reading HKCU\Software\Microsoft\Windows\DWM and although it is just same trick as uses DWM itself then there is no problem with it. Yes, I ignored some of your stuff and I didn't want and even will not answer it and already said why in previous posts. I just answered to the majority of your first post where you are blaming me that I hook lsass.exe, csrss.exe, modify some protect flags and elevate privileges to display nagging dialog, because I exactly know what you saw in Process Explorer and wanted only a confirmation from you. You provided and it only confirmed me that you had no point what you were talking about. Sorry, nothing more to say.

Your post explains what I meant above. Normally, in software development, when some security vulnerability appears, it is reported to developers in a private way so nobody cannot abuse it. It is described what happens, the potential risk and possible solution. But what is shown here? He only spams the forum with many unuseful messages with the goal "look, look everybody how Aero Glass is unsecure, look how it is dangerous", then he does not forget mention that debug window is annoying and that it can be simply removed and that the biggest vulnerability is in the nagging message popup. And he finishes with request to refund. So that's why I'm saying he's trolling only... Can any moderator clean this discussion so it is readable for regular users only? If someone really wants to report any security bug he can use PM with possible solution and not only cry how he is clever and how Aero Glass is bad.

And here we are, because your answer is what I was exactly expecting. Maybe you should look how process isolation and interactive services works. DWM process is a service with very limited privileges and it runs in its own session thus it cannot interact with user desktop in any way. However, the operating system, since Windows Vista, provides a feature so non-interactive services can send a message to the interactive desktop. And this is handled by CSRSS.EXE process. Very simple, it's no taking over the security policy, elevating some privileges nor hooking any system process. It is official WinAPI feature by calling MessageBox function. I don't comment whether this way is secure or not, I just say that it is handled completely by official OS function and if there is anything unsecure with it, then it is bug in the OS itself and not something which I do.

Yes, I want a proof to all of this, because neither one of these happens in my tool.

Sure, you are right. But your posts contain several things which show that you don't understand it at all and you only saw something somewhere and making some own speculation from it. And if you end it with "can I get refund", it only proofs that you are trying to troll instead of making technical discussion. And it's not worth of normal answer.

Don't worry, nothing need to be quoted by you, I don't need to delete anything. It was you who edited your post several times - you first post contained that you are going to provide some proof for your speculation. So you are free to do it.

Because, it is true. Read the guide http://glass8.berlios.de/guide.html - "How to install this software?", point 2) Don't care about him, it is probably just another troll who wants to spread shit around.

You are wrong. You are wrong. You are wrong. You are wrong. You are wrong. You are wrong. I'm correcting you, because you are completely wrong and you posts has no sense.