Anders, and especially Satish:
what kind of encryption is that that relies on an attacker being unable
to debug the driver? First law of cryptography: Always assume that your
attacker has access to everything except the secret (key, whatever)
itself. Attempts to fool with the IDT or the DR regs, for instance, will
be a waste of time against an ICE; even if one is only being debugged in
the regular manner, it is a bit cheeky to assume that one’s attacker is
so stupid as to permit you to overwrite the IDT. That works on the first
attempt, but from then on …
IMNSHO, you (Satish in this case) would be much better served by
concentrating your efforts where they do count – selecting a decent
encryption algorithm suited to your users’ needs, and making sure that
your implementation doesn’t leak secrets. Any time saved can be
profitably invested into making sure that your FSF or FSD doesn’t fail
when stacked with notorious offenders like anti-virus software.
Cheers,
Felix.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Anders Fogh
Sent: Thursday, May 03, 2001 7:17 AM
To: File Systems Developers
Subject: [ntfsd] Re: Trapping
Hello Satish,
You can get hardware breakpoints to by using the protection bit (I
forget it’s name (GD?) of dr7. This will allow you to control access
to the breakpoint registers. Alternatively you could hook interupt 1
as well as 3.
Regards,
Anders
Wednesday, May 02, 2001, 7:19:55 AM, you wrote:
S> Thank u i will try this.
S> Regards,
S> Satish K.S
S> ----- Original Message -----
S> From: danp
S> To: File Systems Developers
S> Sent: Wednesday, May 02, 2001 6:39 PM
S> Subject: [ntfsd] Re: Trapping
S> http://www.wdj.com/articles/2000/0002/0002a/0002a.htm
S> There are better ways to hook interrupts in a SMP compliant way
than this , but this is on the edge of “legality” and does not uses any
undocumented hacks.
S> ----- Original Message -----
S> From: Satish
S> To: File Systems Developers
S> Sent: Wednesday, May 02, 2001 3:27 PM
S> Subject: [ntfsd] Re: Trapping
S> Can u give me some sample or link for this please.
S> Regards,
S> Satish K.S
S> ----- Original Message -----
S> From: danp
S> To: File Systems Developers
S> Sent: Wednesday, May 02, 2001 5:48 PM
S> Subject: [ntfsd] Re: Trapping
S> Hook interrupt 3 directly in IDT, overwriting debugger hook.
Be careful at chaining , if need. Watch out for SMP , every CPU has it’s
own IDT in NT.
S> ----- Original Message -----
S> From: Satish
S> To: File Systems Developers
S> Sent: Wednesday, May 02, 2001 1:52 PM
S> Subject: [ntfsd] Trapping
S> Hi all,
S> I want to get control if anybody sets the BreakPoint
Dynamically in Any Debugger ? Is it possible to trap the int 3 interrupt
for checking these?
S> Regards,
S> Satish K.S
S> —
S> You are currently subscribed to ntfsd as: danp@jb.rdsor.ro
S> To unsubscribe send a blank email to
leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
S> —
S> You are currently subscribed to ntfsd as:
xxxxx@aalayance.com
S> To unsubscribe send a blank email to
leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
S> —
S> You are currently subscribed to ntfsd as: danp@jb.rdsor.ro
S> To unsubscribe send a blank email to
leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
S> —
S> You are currently subscribed to ntfsd as: xxxxx@aalayance.com
S> To unsubscribe send a blank email to
leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
S> —
S> You are currently subscribed to ntfsd as: xxxxx@flaffer.com
S> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
–
Best regards,
Anders mailto:xxxxx@flaffer.com
You are currently subscribed to ntfsd as: xxxxx@mvps.org
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com