Alberto:
You are not totally offbit. But, just to get you on the page, there are
engineers trying to get help ( I suppose) on hooking GDI and/or Native
service calls. As some of us know, how the dispatch table changes, how some
of them are not exported from kernel modules (libs etc), and how the
syscalls dispatching got changes between versions ( int 2e vs syscalls).
With all the changes, and sometime may be lack of full research on other
ways to do it, we often land on to the (love and hate)full of undocumented
staff.
And always question(s) and opinion comes about how to solve it…
So this thread started, I am glad some of you
‘big guns’ are shading lights. I just happened to be on that area for a
while, so trying to help those guys to shoot the problem(s) or shoot their
feet ( by themselves).
-prokash
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Moreira, Alberto
Sent: Friday, May 23, 2003 10:14 AM
To: NT Developers Interest List
Subject: [ntdev] Re: Why i want to Hook GDI Sys call
I’m catching this thread on the fly, so, I may be spewing nonsense - but how
about writing a good old display driver that voids the required interfaces ?
No need to hook the GDI. When I did display stuff for a living we used to
have such drivers to generate what we called a ‘null driver’, which blanks
out all 2D displaying functions. We then ran Winbench and other benchmarks
on the null driver, and that told us the absolute maximum throughput that
our video subsystem would handle, and that was a nice upper limit for our
optimization. The hard part of a display driver is to actually do the calls,
so, just return an OK status shouldn’t be that unfeasible.
Alberto.
-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@vormetric.com]
Sent: Friday, May 23, 2003 12:59 PM
To: NT Developers Interest List
Subject: [ntdev] Re: Why i want to Hook GDI Sys call
Max,
I totally agree with you, Hygiene…
But the fact is that those who are dealing with this is in an undefined
state.
For SAR, if some authority comes, persuade, and eventually sales distilled
water (intervenous), scared and paranoid people would take that rightaway.
They would think, they have the prevention… Here for virus,
people try to protect their systems by any means…
-prokash
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
Sent: Friday, May 23, 2003 12:20 AM
To: NT Developers Interest List
Subject: [ntdev] Re: Why i want to Hook GDI Sys call
For whatever reason(s), if someone want to
protect an window app from, dll being attached, msg(s) being sent to
kill,
Hygiene is a best way of AIDS prevention in both personal life and
computing 
For me personally, having a “Master Protector” which hooks the GDI
syscalls running on my machine is nearly as bad as having a virus :-),
provided the virus is not very destructive.
In fact, I consider any online AV products evil. Why not do the good
old virus scan procedure using the offline tool, maybe even command
line?
Max
You are currently subscribed to ntdev as: xxxxx@vormetric.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.
You are currently subscribed to ntdev as: xxxxx@vormetric.com
To unsubscribe send a blank email to xxxxx@lists.osr.com