Actually, even if he is writing a “secret” message from the kernel, it
isn’t secret. PrintScreen should capture it to the clipboard, at which
point I would paste it into Paint, analyze it, and some small number of
minutes later have a user app that spoofed the message. I could also
capture it from the desktop DC using a program.
The fact that this can be “done” in linux proves nothing; I suspect a
couple linux security experts I know could both spoof te message and
capture the message with about the same effort I would use in Windows.
Managers are very good at saying, “I once did this in name here> and therefore I see no reason you can’t do it in system name here>”. This can generally be understood to be a demostration
of their competence to deal with obsolete systems, and should not be
construed as demonstrating that it can be done in anything resembling a
real system.
For example: does the linux code run strictly on a linux console, or does
it run under X-windows? I could do things in MS-DOS (like build device
driver code and interrupt handlers into apps, reprogram the counter/timer
chip, etc.) that I have not been able to do since I started using Windows,
and, frankly, I don’t miss these. I used to be able to reprogram the
bitmaps of the VGA character generator to support international fonts, and
now I have Unicode, which is vastly superior.
So what are we comparing here? A 1960s operating system on 1980s
hardware, or a 2012 operating system hosted on 2012 hardware?
It should be well-known that the A00000 address is dead. It has been for
decades. The fact that someone could once do this using antique equipment
(such as a display card in VGA mode) only proves that this person knows
how to program dead hardware. Not interesting. Except possibly as a
metric demostrating questionable skill levels.
joe
> xxxxx@gmail.com wrote:
>> Actually my driver wants to show the secret message on the screen,
>> telling the user that the protection starts. And i also want the user
>> space application cant get this message in case that the application can
>> fake this message.
>
> That doesn’t make any sense. It’s actually EASIER for a user-mode
> application to write to the screen than it is for a kernel driver. A
> user-mode app can just do GetDC(0) and TextOut to draw anywhere on the
> desktop. You cannot prevent that.
>
>> My senior has successfully display the message with Linux, and the
>> physical address he use is 0xA0000. I have checked the physical address
>> of my graphics with device manager, and i discovered that it has 4
>> memory regions, one region is 0xA0000~0xBFFFF.
>
> Your “senior” is using a console, not a hi-resolution graphics screen.
> Take a few minutes to think about this logically, will you? Say your
> desktop is 1024x768 true color. That’s a 3MB frame buffer. How do you
> think that’s going to be squeezed into a 128kB region in low memory?
>
>> By the way, do you have any suggestions on how to do this? I only want
>> to display the secret message on the screen in the kernel space, the
>> user space can’t get this information.
>
> If you need to display messages to the screen, write a user-mode service
> that gets signals from your driver. You do need to be aware that
> anything you write to the screen can be spoofed by an application. I
> would HOPE that was obvious.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>