windowsdesktop

In Windows session 0, I was able to get the desktop even though there was no desktop, why?


I was able to get the Window Station Handle from the IIS process and get the name "Service-0x0" with GetUserObjectInformation. Similarly, when I got the Desktop Handle from the thread and got the name, I got "Desktop". I think there is a windowing station in the service for session 0, and no desktop. Why does it exist?

IntPtr hWinSta = GetProcessWindowStation();
IntPtr hDesktop =  GetThreadDesktop(GetCurrentThreadId());

GetUserObjectInformation(hWinSta, ...
GetUserObjectInformation(hDesktop, ...

Solution

  • The desktop is still there. The reason it is still there is because it is required to create windows (HWNDs) and for various APIs to function (SetWindowsHookEx etc.). The Session 0 isolation was added in Vista and too many legacy services exist to be able to fully remove the window station and desktop, these services rely on too many functions in USER32 and GDI32.

    In Vista you could actually switch to the Session 0 desktop if Windows detected that a interactive service required UI input but I don't think this feature exists in current Windows versions.