30Kas
What is the effect of the arguments in the following: conhost.exe 0xffffffff -ForceV1
I'm fairly well acquainted with the role of conhost in Windows. I am aware of conhostV1.dll and conhostV2.dll so I assume force V1 would force the legacy mode of conhost (as in Pre Win 7 mode when it asked for stuff directly from Kernel space). What I am curious about is:
1.) what is the 0xffffffff about. I know that this can be interpreted by some things as -1 (two's complement). Perhaps a pointer? Does anybody know the effect of this flag (normally I see 0x4 as the only argument to conhost.exe)?
2.) Are there possible security implications of finding conhost running with this flag in your enterprise windows environment?
