|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re[5]: Protecting code and data in Windows
From: Muzaffar Mahkamov (admin
flshlnk.com)
Date: Sat Oct 04 2003 - 03:18:08 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
EL> This approach could be interesting to "protect" from malicious code
EL> injected in the process itself: Windows itself uses such a mechanism
EL> to implement automatic stack checking (see [1]).
EL> However, another process (with Debug Programs privilege) which will use
EL> ReadProcessMemory() [2] to access the memory of our protected process
EL> will not generate such STATUS_GUARD_PAGE exception in the context of
EL> this protected process...
EL> More generally, another process with Debug Programs privilege has
EL> an almost unlimited set of possibilities to access data, manipulate
EL> the execution flow, ... of another process (think
EL> WriteProcessMemory(), CreateRemoteThread(), SetThreadContext(), ...).
EL> So the first problem to soluce will be to avoid such a debugger
EL> to attach to our critical process. Once a debugger can attach, the
EL> game is over.
EL> Best regards,
EL> ---
EL> [1]
EL> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/memory/base/creating_guard_pages.asp
EL> [2]
EL> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/readprocessmemory.asp
EL> --
EL> Eric Landuyt, Developer - mailto:ericdatarescue.com
EL> DataRescue sa/nv, Home of the IDA Pro Disassembler - http://www.datarescue.com
You're right. The biggest issue here is the debugger. So i wonder
whether Microsoft could re-implement their debugging privilege or
susbsystem, you name it. e.g. Windows could give the debug privilege
to the developer only for debugging his own software. Thus Microsoft
could win the support of many software companies because most of the
software is cracked using debuggers. I have no any practical
considerations yet but i think theoretically this is possible, because
Windows is not just a GUI but a [commercial] operating system that has
control over this.
Many developers out there will not support this idea, neither do i,
but when it comes to developing really secure software there must be
some trade-off.
Thanks.
--
Muzaffar mailto:adminflshlnk.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]