Re: Device driver Vs NT Service

Tech-Archive recommends: Fix windows errors by optimizing your registry

what if i implement the hooks in a kernel mode program and rest of the
functions in service. would it be fine? what i want is minimal or no device
driver coz i dont have the required resource. i need only a competitive
device-blocker not the one that is hardest to crack. i am planning to work
on crack-proofing in later releases
thanks


"Anton Bassov" <AntonBassov@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F814D356-17A8-44B6-B647-17E31F8AF343@xxxxxxxxxxxxxxxx
The service will perform the following operations:

Disable/enable the devices depending upon the user

No problem here whatsoever....

ii) Implement hooks for preventing users from
enabling/disabling devices through device manager or through registry
and
uninstalling service.

User-mode program X just cannot deny user-mode program Y access to the
registry or to some certain API, either by "supported" means or otherwise
-although it can try, these efforts still may be fruitless, because there
is
always a way to bypass your code. In order to be 100% sure, you need a
driver.

However, "good" drivers never block registry access, because the system
would not permit restricted accounts to either modify device access
permitions or uninstall services anyway, and the ones with admin
privileges
should be able to do whatever they want on the target machine. The only
type
of "software" that stands in admin's way is generally known as MALWARE

Anton Bassov





"shoeb" wrote:

I am developing a devicelock project and i want to do it without device
driver. I am planning to develop a NT service that the server will
install
on the client machines . The service will make use of Setup APIs to
enable/disable the devices. The service will perform the following
operations:



i) Disable/enable the devices depending upon the user

ii) Implement hooks for preventing users from
enabling/disabling devices through device manager or through registry
and
uninstalling service.



could anybody please tell me what are the benefits of doing this
project
using device drivers over the NT service that i am planning to
implement.



Client machines will be windows 2000 and above



thanks











.

Relevant Pages

  • IRC Packets being generated. Dont know where from...
    ... *Registry value not found* ... Autorun entries from Registry: ... Enumerating ICQ Agent Autostart apps: ... RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual ...
    (microsoft.public.security.virus)
  • hijack this startup - can someone tell me the hack i am experienci
    ... *Registry value not found* ... Enumerating ICQ Agent Autostart apps: ... Intel82801 Audio Driver Install Service: ... Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual ...
    (microsoft.public.windowsxp.security_admin)
  • Re: BSOD Error 0x000000B8
    ... *Registry value not found* ... Enumerating ICQ Agent Autostart apps: ... ADI UAA Function Driver for High Definition Audio Service: ... Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: hijack this startup - can someone tell me the hack i am experienci
    ... | *Registry key not found* ... | *Registry value not found* ... | Autorun entries from Registry: ... | Intel82801 Audio Driver Install Service: ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Ho to run CF driver before reading hive-based registry
    ... BOOT SECTION": ... so I had to rewrite the driver for it. ... The problem is now the hive-based registry. ... FileSystem Starting - starting with clean file system ...
    (microsoft.public.windowsce.platbuilder)