Attack Surface Analyzer enumerates something called windows. While it may sound obvious that what it is, you might be thinking wrong about it. Before we tell you what Attack Surface Analyzer scans, we would like to clarify what a window is actually.
Almost all of us who use computers know what windows are. In the Windows Operating System they are so important that the complete Operating System is named after them. Normally when we say ‘window’, a person actually thinks about something with a title bar with maximize, minimize and close buttons on it. Such a Window normally visible to the user is called as the application window. While it is correct to call an application window as a ‘window’, it is not the complete picture. In Windows Operating System, a window is not simply the application window. Attack Surface Analyzer does not enumerate ‘only’ this type of window. Actually Windows Operating System calls any ‘control’ as a window and that is what Attack Surface Analyzer would scan.
A control is some part of the main window which may or may not be visible but is able to do some work. This work may be to receive signals from the user and pass on to the Operating System (or application) or vice versa. So a button can be called as a window because it can receive user input (a click) and tell the main window that the button has been clicked and then the application will take the appropriate action.
Attack Surface Analyzer enumerates and counts such windows. It enumerates the important windows available on the Windows Operating System; those which can decide the vulnerability of the Operating System. The data about the windows is stored in the file windows.xml in the Attack Surface Analyzer data directory. If you open the file, you will see that the core information about the windows are stored in the file as xml units. The data stored relative to a window are its Window Handle Number (HWND), Process it is related to (PID), its Table ID (TID), Class and Name. This is enough to make sure that you do not miss a change in the Operating System runtime when you run Attack Surface Analyzer for a scan.