Re: API Calls Hooking
- From: Jakob Bohm <jb@xxxxxxxxxx>
- Date: Mon, 25 May 2009 13:49:52 +0200
Alexander Grigoriev wrote:
No, not another kludge. There is already security in Windows. As soon as you
understand that you should not give the user administrative privileges,
everything becomes OK.
No, No, No. The official security system of Windows is yet another
rehash of the ancient user level security from the early 1970s or
before. Without additional security filtering, none of the following
can be implemented (and no, file system filters and registry filters
will NOT do the trick, as they are too far removed from the security
border and do not cover all user mode to kernel mode calls):
1. Protecting potentially buggy 4th party kernel mode code (e.g.
drivers) from receiving semantically invalid requests from user mode.
2. Enforcing policies that classify the operations (and the permissions
needed to perform them) differently than the historic division
represented by the access bitmasks defined and documented in the current
Win32 API. For instance restricting certain I/O controls which were
historically defined to be available to anyone with read access to the
device.
3. Isolating processes from each other establishing restrictions on
interprocess operations amongst unrelated processes while still allowing
the exact interprocess operations associated with normal system activity.
4. Implementing higher security levels similar to what used to be known
as "B level" security etc.
5. Restricting processes based on the code being loaded into those
processes.
6. Sandboxing untrusted processes, such as web browsers (similar to what
Vista did for IE, but differently).
"Nicolas Genen" <NicolÂs Genen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B8BC6258-2A22-40DA-9130-CBF7A9910C0D@xxxxxxxxxxxxxxxx
I have been working on software protection making API Calls Hooking
patching
SDT table, but times changes and patching SDT isn't available anymore on
x64
systems.
There is any legitimate way to make API function Callbacks (w/ filtering)
to
make it work on x86 and x64 systems ?
Some functions that I need hook..
ZwReadVirtualMemory
ZwWriteVirtualMemory
ZwOpenProcess
ZwCreateSection
etc.
--
Jakob Bøhm, M.Sc.Eng. * jb@xxxxxxxxxx * direct tel:+45-45-90-25-33
Netop Solutions A/S * Bregnerodvej 127 * DK-3460 Birkerod * DENMARK
http://www.netop.com * tel:+45-45-90-25-25 * fax:+45-45-90-25-26
Information in this mail is hasty, not binding and may not be right.
Information in this posting may not be the official position of Netop
Solutions A/S, only the personal opinions of the author.
.
- References:
- API Calls Hooking
- From: Nicolás Genen
- Re: API Calls Hooking
- From: Alexander Grigoriev
- API Calls Hooking
- Prev by Date: How to send data over Network
- Next by Date: Re: How to send data over Network
- Previous by thread: Re: API Calls Hooking
- Next by thread: Re: API Calls Hooking
- Index(es):
Relevant Pages
|
