Hi guys!
I’m looking for a way to communicate HTTP over SSL from a driver.
I’ve already implemented HTTP communication with winsock kernel by manually writing the HTTP headers and dynamically concatenating the content-length field and so.
Have anyone ever done HTTPS in the kernel level?
Are there any libs I can use?
Tips and directions are much appreciated!
Thanks,
Daniel
I guess you could communicate with a UM service to do the dirty work for you and just send the data back in kernel, but that would beat the purpose of doing it in the kernel I guess.
I’m not aware of a Msft lib or API supported by KM to do this, and also exposed and documented so I think you will have to manually do it yourself or look for some open source project that does this ( which I will not recommend). Why I would not recommend it ? Well I’ve seen enough SSL vulnerabilities in the wild to have enough of a warning not to put those vulnerabilities in a driver as well.
There might be another way you could implement your client using CNG. This lib supports encrypting of data in kernel using different algorithms.
I think the best bet is to do this in UM but otherwise you have to do everything yourself but look at the pain today with SSL.
Good luck.
Gabriel Bercea
Windows Kernel Driver Consulting
On Sun, Jul 10, 2016 at 1:52 PM +0200, wrote:
Hi guys!
I’m looking for a way to communicate HTTP over SSL from a driver.
I’ve already implemented HTTP communication with winsock kernel by manually writing the HTTP headers and dynamically concatenating the content-length field and so.
Have anyone ever done HTTPS in the kernel level?
Are there any libs I can use?
Tips and directions are much appreciated!
Thanks,
Daniel
—
NTDEV is sponsored by OSR
Visit the list online at:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at
To unsubscribe, visit the List Server section of OSR Online at
Thank you, Gabriel.
I didn’t state it but I already use CNG to encrypt the HTTP data at the kernel level and even using ECDH to exchange keys with the server every time the driver starts, and then using RSA to encrypt the data communicated over HTTP.
My client wishes a full HTTPS connection though, encrypting the data is insufficient.
I can use a paid lib if you know any? Otherwise I still think an open-source lib (after an in-depth code-review) is probably better than writing your (well, at least my) own.
I really hope there is some other solution than implementing my own, just because of the vulnerabilities you are talking about 
Thanks,
Daniel
Have you considered reflecting the work into a user-mode process?
* Bob
? Bob Ammerman
? xxxxx@ramsystems.biz
716.864.8337
138 Liston St
Buffalo, NY 14223
www.ramsystems.biz
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-612187-
xxxxx@lists.osr.com] On Behalf Of xxxxx@comsecglobal.com
Sent: Sunday, July 10, 2016 7:52 AM
To: Windows System Software Devs Interest List
> Subject: [ntdev] Winsock kernel HTTPS
>
> Hi guys!
>
> I’m looking for a way to communicate HTTP over SSL from a driver.
> I’ve already implemented HTTP communication with winsock kernel by
> manually writing the HTTP headers and dynamically concatenating the
> content-length field and so.
>
> Have anyone ever done HTTPS in the kernel level?
> Are there any libs I can use?
> Tips and directions are much appreciated!
>
> Thanks,
> Daniel
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at:
> http:
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at
> http:</http:></http:></http:>
> I can use a paid lib if you know any? Otherwise I still think an open-source lib (after an in-depth
Just reflect the work to user-mode process and use MS’s wininet.dll/schannel.dll
Or pull the open-source libcurl library to your product, provided the legal stuff will permit this.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
There is also the LSASS SSPI SSL API in CNG/KSECDD, which is what HTTP.SYS uses (and a host of other MS-internal drivers). It talks to LSASS/Schannel in UM.
Note that doing network stuff in the kernel is going to cause you a number of long-term servicing issues with customers:
I’d recommend doing all network I/O in UM.
Thanks guys for the inputs.
I know it usually is the best solution to do stuff in UM but as I mentioned it is not an option in this case.
@daniel_sela said:
Thanks guys for the inputs.
I know it usually is the best solution to do stuff in UM but as I mentioned it is not an option in this case.
I have the same idea as you.
I want to put the “validation register user of my product” feature into driver, then VMProtect my driver, for increase the difficulty of cracking.
On Mar 20, 2019, at 7:08 PM, iFengHuang wrote:
>
> I want to put the “validation register user of my product” feature into driver, then VMProtect my driver, for increase the difficulty of cracking.
Why? Your driver is a useless pile of bytes unless they have your hardware, which someone, somewhere, must have purchased.
—
Tim Roberts, timr@probo.com
Providenza & Boekelheide, Inc.
Why? Your driver is a useless pile of bytes unless they have your hardware, which someone, somewhere, must have purchased.
Have you checked the thread’s date before posting to it, by any chance??? When it is done by some “iFengHuang” and the likes we can always
refer to your mantra about “everyone having had been inexperienced once”, but when it comes to NTDEV regulars I would normally expect something better than that…
Anton Bassov
WTF is WRONG with people. Post has date. See date. Read date. If date > 90 days old, goto create_new_post.
Peter
Peter_Viscarola_(OSR) wrote:
WTF is WRONG with people. Post has date. See date. Read date. If date > 90 days old, goto create_new_post.
If I may be so bold, that “rule” is not obvious until someone has
pointed it out.
Do you have the ability to run a query on the message database that
locks all threads older than 90 days?
If I may be so bold, that “rule” is not obvious until someone has pointed it out.
Poop, I say. There is a link at the top of every single page of this forum that contains a link to the Community Guidelines which are labeled “Please Read Before Posting”… that link looks like this:
I understand the guidelines are more than one sentence long, and thus might try the attention span of some of our new members. But, I think it’s kinda clear that necro-posting isn’t allowed. Here’s what it says:
There are a number of other behaviors that are considered rules of “good conduct” for posting here on the forums. These include:
- Please do not revive “old” threads. Until we have the ability to block posts to “dead” (old, outdated) threads, we ask you to not reply to threads where the last post is more than a month old. If you have a comment/question/issue that’s raised in a “dead” thread, start a new thread (you can post a link to the old thread if you want) and ask your question there.
Aside from visiting people at their houses, I’m not sure how we can make it more clear.
Do you have the ability to run a query on the message database that locks all threads older than 90 days?
No, sadly. We gained some things by moving here. We lost others. We have been told this is “under consideration” and we are not happy that it hasn’t been implemented yet. We are actively pursuing a solution.
Peter
Do you have the ability to run a query on the message database that locks all threads older than 90 days?
Despite all its “scary” functionality this hosting platform, unlike its “predecessor”, does not seem to have the concept of thread expiry.
This is why “exceptionally bright” posters tend to bring back to life threads that had been dead for 15 years or so, on more or less regular basis…
Anton Bassov