Microsoft KB Archive/328665

= INFO: Changes in WM_TIMER Message Handling =

Article ID: 328665

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Win32 Application Programming Interface, when used with:
 * Microsoft Windows XP Embedded

-



This article was previously published under Q328665



SUMMARY
The SetTimer function creates a timer with a specified time-out value and cannot be used to associate a timer with a window that is owned by another process. The operating system maintains an internal list of timers that are created with the SetTimer function.

When two processes that are running in the interactive desktop have different privileges, the lower-privileged process can post a WM_TIMER message with a pointer to a callback procedure to a window created by a higher-privileged process. The callback procedure executes with the privileges of the higher-privileged service.

By design, all services in the interactive desktop are peers and, as discussed in Knowledge Base article Q327618, are supposed to have the same privileges. Nevertheless, allowing one process to impose a callback function on another process does provide a simple way to misuse services that run with extra privileges. Additionally, there is no reason for services to be able to issue timer functions for other processes.

After you install the Windows XP Service Pack 1, the WM_TIMER messages are handled differently. The change prevents the handling of WM_TIMER messages that are generated this way (as described earlier in this article) by validating the contents of the WM_TIMER message when processed by DispatchMessage. To validate a timer, DispatchMessage verifies that the callback procedure exists in the timer list and that the timer was created by the calling process.

IMPORTANT: This change does not change the recommendations that are made in Knowledge Base Q327618. Although this change does make it more difficult for one service to use the privileges of another service, the change does not make it impossible. As before, all services in the interactive desktop are peers and ultimately can make requests on each other.

