MessageLyndon,
I’m not suggesting to use detours or any other intercepting mechanism as
such. Just letting unwarrenteds that there are lot of stuff out there, and
use whatever is needed but with caution. This particular paper says it all
about instrumentation, but for serious security and other stuff it might not
be enough. As I mentioned in an earlier note that “Hacking the Xbox” is a
must read for anyone deals with security, since it would set the mind at
what level one has to attack to have a solution.
For example, Once I had to hook debug interrupt to disable it, then I found
that there is a way to program, so that only your program can detect if it
is being debugged, it is bit more work, but can be done. So I dont see if
there is any hard and fast rule in this area, it is based on reliablity, and
secuirty. And both are definable as per basis…
-prokash
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Lyndon J Clarke
Sent: Saturday, February 28, 2004 1:18 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] System service table hooking (yes, that old chestnut)
Prokash
I am curious as to why you suggest Detours as opposed to IAT Hooks?
Cheers
Lyndon
“Sinha, Prokash” wrote in message
news:xxxxx@ntdev…
There are two camps on this subject, as we all very know, and some
others are bystandard(s) :
I’m from the camp Hookers w/o AID(s). Since it was long ardous journey.
And there are hookers w/ AID(s).
As someone mentioned there might be a race conditions in certain
situation(s) even if we do direct hooking, and that leads to link to a paper
from the camp (Hookers w/ AID(s) ). And it is always a good idea to listen
to them :-).
http://research.microsoft.com/~galenh/Publications/HuntUsenixNt99.pdf
Now we have the showrd, swing it the way you like, but we have to make
sure not to swing in a plane that has intersecting point with our throat 
-prokash
-----Original Message-----
From: Douglas G. Hanley [mailto:xxxxx@neverfailgroup.com]
Sent: Friday, February 27, 2004 4:22 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] System service table hooking (yes, that old chestnut)
Very recently there was some robust debate on the subject of hooking
the system service table. I benefited from this debate with the uncovering
on an official Configuration Manager callback API for “hooking” registry
modifications. After a little deeper examination I note that this API does
not cover the case of a key’s security attributes being modified post
creation. More cavalier types might typically acquire this info through
genuine hooking of RegSetKeySecurity. Is there an alternative to this in
the face of this omission from the official API? Cheers,
Douglas.
Douglas G. Hanley
Senior Developer
The Neverfail Group
t: +44 (0)870 770 0234
f: +44 (0)870 770 0235
m: +44 (0)790 666 0965
e: xxxxx@neverfailgroup.com
w: http://www.neverfailgroup.com
_________________________________________________________________
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id%6
You are currently subscribed to ntdev as: xxxxx@maxtor.com
To unsubscribe send a blank email to
xxxxx@lists.osr.com —
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id%6
You are currently subscribed to ntdev as: xxxxx@maxtor.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id%6
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com —
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id%6
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com