#1
|
|||
|
|||
Defeating patchguard and 64bit kernel-mode protections
I read a really good paper on defeating the patchguard on the new 64bit kernel of Windows. I hadn't seen it posted here yet so this is the link:
hxxp://www.uninformed.org/?v=3&a=3&t=txt Another tool whose writer seems to have circumvented patchguard as well is appdefend: hxxp://www.wilderssecurity.com/showthread.php?t=107864 I think the first paper brings up a point that even though it can be circumvented Microsoft can just keep changing things to break your software (unless some global solution id figured out). So it seems that there is no future for kernel level protections (Themida and StarForce...) unless they are in cahoots with Microsoft and get their drivers signed/approved. The other option is for the protections to crack patchguard and I don't see to many companies being comfortable with that. Even if an agreement is worked out with microsoft. would Microsoft really let them get away with hooking the IDT, etc like they do now? I heard a rumor that the last version of Themida doesn't do such hooking..but haven't had time to test it out with SoftICE. |
#2
|
|||
|
|||
well what we can expect is now safedisc will be only option due they have msshit certificate and signed agreement week ago about sharing knowledge. other protector probably will use holes till they will be not patched, there is always workaround, for ring0 nothing is impossible, maybe drivers will load like softice before windows and then they rule
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code | sh3dow | Source Code | 0 | 05-12-2016 03:15 |
Use IDA in kernel mode ?? | Veyskarami | General Discussion | 14 | 02-23-2013 12:38 |
How to pass the large data in kernel mode to user mode? | benina | General Discussion | 3 | 03-06-2010 04:50 |
Kernel-Mode GUI!? (like SoftIce) | Cobi | General Discussion | 1 | 01-21-2005 02:24 |
Kernel Mode Driver for NT | SPeY | General Discussion | 12 | 04-22-2004 15:34 |