June 20, 2011

Tip 41: The Phantom of the Session 0

This tip is for Windows Vista, 7, 2008 and 2008 R2.

Windows Vista introduced session 0 driver and service isolation. To understand why this is cool, see the following article; http://msdn.microsoft.com/en-us/windows/hardware/gg463353.aspx.

When a program running in session 0 displays a window an icon shows up in the taskbar that looks like the one in red.

Clicking on this icon shows a very interesting looking message that notifies you that a program is trying to display a message to you and if you would like to view it or have Windows ask later.

Selecting “View the message” will take you to the hidden session 0 desktop. Where you can view the window that the service or driver has displayed.

To create your very own session 0 message window you can use Sysinternals tool, PSEXEC to run Notepad.exe in session 0. Download PSEXEC and run from an elevated Command Prompt, by right-clicking the Command Prompt in Start->All Programs->Accessories->Command Prompt and selecting ”Run as administrator”.

psexec -i 0 -d notepad.exe


You may also like...