There is (almost) no security product of any kind you cannot write now with
the provided MSFT infrastructure for filtering and the respective
documentation.
There is a reason what you are trying to do is dangerous and instead of
resisting you would be better off understanding why. Going through this
process of learning why, will not only
suppress some of the ignorance, but will give you actual good ideas of how
to implement the next best security product in Windows.
Good luck,
Gabriel
www.kasardia.com
On Thu, Dec 28, 2017 at 7:19 PM, xxxxx@probo.com wrote:
> xxxxx@gmail.com wrote:
> > On Wed, Dec 27, 2017 at 7:26 PM, xxxxx@probo.com
> wrote:
> >> Of course it’s not pointless. What you say may be true, but the members
> >> of this mailing list do not intend to be accessories to the crime.
> > If they would be accessories without knowing about the crime, then
> > certainly you are an accessory to many crimes simply by virtue of
> > using your computer?
>
> No, that’s stupid, as you well know.
>
> The major contributors to this list are all professional driver
> developers and trainers with decades of computing experience. This is
> our living, our passion, our reputation. We have all wasted countless
> hours dealing with infections and rootkits, and it pisses us off. Most
> of us have a pretty good understanding of how these things are
> implemented. Because of that, we have learned to recognize lines of
> questioning that arise from nefarious intent.
>
> Are there places on the internet where you can learn the criminal
> skills? Sure there are, but most of them are deeply technical and
> difficult to understand. If you come here asking for help in honing
> those skills, we’re going to refuse. If you went to a locksmith and
> said “I need help breaking into the vault at US Bank”, that locksmith is
> going to refuse to help you. If you went to Home Depot and said “I need
> help disabling the electrical grid near me”, the crew is going to refuse
> to help you. This is exactly the same.
>
>
> > But I felt I should comment as this is part of the
> > mindset that keeps Windows development closed to “outsiders.”
>
> Nonsense, and I have two opposing responses to that.
>
> Windows development is not closed to outsiders. There are billions of
> Windows computers in the world, all of them running applications of all
> kinds and all levels of sophistication. The Windows development
> landscape is wide, varied, and well-documented.
>
> Now, the situation is a bit different when you talk about Windows
> internal development, and that’s true for a damned good reason. Windows
> is not a playground. It used to be, decades ago. I disassembled and
> single stepped through Windows 3.1 extensively enough that I actually
> understood what it was doing, and that meant I could tweak it to make it
> stand up and bark. But today, Windows is an industrial-strength
> operating system. It is mission-critical in the business world. We
> don’t want experimenters and hobbyists poking around in the ugly
> underside, destabilizing the infrastructure. That time has passed. If
> you want to do that, go load Linux.
>
> So, yes, the barriers to entry have been raised, at least at the kernel
> level. And that’s a Good Thing.
>
>
> > I experienced much the same thing when I took up an interest in
> > locksmithing. My ability to be a thief does not hinge on my ability to
> > pick a lock; I could simply kick the door in.
>
> True, but that’s a lot easier to detect, and a lot more dangerous for
> you. The locksmith didn’t want to make it easy for you. Same here.
>
>
> > Likewise, anyone’s answer here is not going to change whether or not
> > the OP actually does anything illegal.
>
> Maybe not, but it can keep the honest man honest. If we don’t help
> them, the hobbyist script kiddie is going to get frustrated and go find
> something else to do.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
>
–
Bercea. G.</http:></http:>