Re: Re:How To Suspend Thread In Kernel?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Skywing" <skywing_NO_SPAM_@xxxxxxxxxxxxxxxxxxx>
• Date: Wed, 29 Mar 2006 11:36:23 -0500

---

It's still just providing an illusion of security through layers of
obscurity.

BTW, antipiracy system != protecting the system from hostile kernel mode
code.

"Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxxxxx> wrote in message
news:u%23Ena4zUGHA.3192@xxxxxxxxxxxxxxxxxxxxxxx

Hello Skywing,

"Skywing" <skywing_NO_SPAM_@xxxxxxxxxxxxxxxxxxx> wrote in message
news:ObcWyxzUGHA.2276@xxxxxxxxxxxxxxxxxxxxxxx

Yes, it does - you can try to make it harder, but the fact of the matter
is, a determined and clever attacker will be able to bypass your
protection schemes and do what they want if they can run code in kernel
mode. It is a simple matter of kernel mode code having unrestricted
access to hardware - part of the core OS design.

correct, all depends on expirience and thus you can't be sure that your
running code in k.m. gives you absolute power, "all is relative".

The only sane course of action after detecting a kernel mode compromise
is a complete rebuild of the box. Saying you can mitigate arbitrary code
being run in kernel mode is only kidding yourself into a false sense of
security, IMO.

http://www.star-force.com/ - a well-know company that intensivly uses
kernel mode protection components, as I said few month ago (AFAIR to you?)
there are a *few* of men in the world that broke their system

--
Vladimir
http://spaces.msn.com/vladimir-scherbina/

.

---

• Follow-Ups:
  • Re: Re:How To Suspend Thread In Kernel?
    • From: Scherbina Vladimir

• References:
  • Re: Re:How To Suspend Thread In Kernel?
    • From: Skywing
  • Re: Re:How To Suspend Thread In Kernel?
    • From: anton bassov
  • Re: Re:How To Suspend Thread In Kernel?
    • From: Skywing
  • Re: Re:How To Suspend Thread In Kernel?
    • From: Scherbina Vladimir
  • Re: Re:How To Suspend Thread In Kernel?
    • From: Skywing
  • Re: Re:How To Suspend Thread In Kernel?
    • From: Scherbina Vladimir

• Prev by Date: Re: COM sample programs
• Next by Date: Re: Re:How To Suspend Thread In Kernel?
• Previous by thread: Re: Re:How To Suspend Thread In Kernel?
• Next by thread: Re: Re:How To Suspend Thread In Kernel?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Licence and software protection ... Since your software is running in user-mode, any kernel-mode (Ring0) ... runs in kernel mode, in the same level cracking tools are running. ... fight against the protection routines because they are running in the same ... operation level, it has all the privileges enabled and almost everything is ... (borland.public.delphi.thirdpartytools.general) Re: OT: Arun Kishan ... time the goal wasn't system reliability, ... protection is trivially bypassed if any arbitrary kernel mode code can ... and insert your hooks into the emulator itself. ... (comp.os.vms) Re: OT: Arun Kishan ... time the goal wasn't system reliability, ... Vista was supposed ... protection is trivially bypassed if any arbitrary kernel mode code can ... (comp.os.vms) Re: Licence and software protection ... Protection using Ring 0 are very unstable, ... Currently Themida is same than XProtector... ... > runs in kernel mode, in the same level cracking tools are running. ... but its not a regular software protector in the form ASprotect. ... (borland.public.delphi.thirdpartytools.general) Re: OT: why no file copy() libc/syscall ?? ... local UNIX-style filesystem. ... It doesn't work for Windows security data. ... > it in Kernel mode. ... > are the same, and one on a remote node, ... (Linux-Kernel)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Development  > microsoft.public.win32.programmer.kernel  > 2006-03