Re: MemoryLoadLibrary

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Thank you for the reply and agreeing.

Yes script is a HUGE security hole. Typically, when script is ran, and is
ran "as is", from beginning to end like a "main" and worse script can be
made/reviewed/edited by anyone with a simple text editor. Granted, callers
can limit what they call, but there is far more flexibility on hackers to
"guess" how to rig script to fool the caller. And script can do everything a
compiled program can do these days, including deleting files, registry
writing, and then some. Script also does not have to be 100% perfect in terms
of every line of code "compiling/JIT" to a perfect set of intrsutction at
load time and while running. Thus hackers can make more powerful "guesses"
about how to hack with script. Put another way, script is highly flexible for
hacking.

In contrast, a DLL is a compiled program, which only gets the "function" run
that the caller wants to run. And the caller has to 100% know how to make the
call, in advance. Further, a caller can require "secret" means of passing
arguments to the DLL, that only the caller the DLL maker "know" (ie,
encryption, shared memory, etc). DLLs have to be perfect in regards to every
line of code being properly addressed for loading and running. But even
better, DLL's can be detected for what other DLLs they use, including
detecting/overriding the use of LoadLibrary from them. From their PE, a
caller can determine and there after limit, what they do. Granted this is
very difficult to do, but it has been done by simply creating "dummy"
processes with much less security access, to then run the program. IIS does
the latter all day long (DllHost). So put another way, DLLs are much less
flexible for hacking, which is not to say, that Hackers/Viruses DON'T target
DLLs all day long, because they do, and they do, because they are files,
readily availble in the open to try hacking with. If they were in memory
instead, the hacker would have to DEBUG the whole machine to peek into memory
to even slightly detect what was going on, and then it would not be a simple
matter of chaning a string (like it would be for script).

Now please, help me get this resolved. If it would make people feel better,
make the MemoryLoadLibrary require an encryption key, or an access control
list, or what ever one can imagine, but no file. Please make it so that a DLL
in memory can be loaded at runtime with the option to pass in debug file
information.

.

Relevant Pages

  • Re: BT says Indian staff are better value !
    ... Exec Ben Verwaayen claims he goes to India several times a year, ... can get really high quality staff at a fraction of the price of the UK. ... By the time I picked up the phone the caller was half way through their script because they obviously hadn't listened to what they were told. ...
    (uk.telecom)
  • Re: OT - How to deal with unwanted sales calls
    ... This went on for about five minutes with the caller getting very ... confused and trying to return back to his script and amused me ... Yeah it would. ... to you for more two minutes, probably have to be paid to do so ...
    (uk.media.tv.misc)
  • Executing python script stored as a string
    ... how to execute a python script stored as a string? ... the script in string should behave just like any other ordinary ... about a function caller "up". ... Think of it as a text editor with a special ability to execute its ...
    (comp.lang.python)
  • Re: __call__ in module?
    ... > I have a feeling that this is highly unlikely, ... py> import caller ... That would let you write a script, put the normal Python ...
    (comp.lang.python)
  • Re: Delphi Object in DLL - does this work?
    ... > caller application that invokes the DLL. ... Do you mean the memory adress? ... if you develop with different Delphi versions. ...
    (borland.public.delphi.nativeapi)