EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-05-2006, 02:54
chaboyd
 
Posts: n/a
Defeating patchguard and 64bit kernel-mode protections

I read a really good paper on defeating the patchguard on the new 64bit kernel of Windows. I hadn't seen it posted here yet so this is the link:
hxxp://www.uninformed.org/?v=3&a=3&t=txt

Another tool whose writer seems to have circumvented patchguard as well is appdefend:
hxxp://www.wilderssecurity.com/showthread.php?t=107864

I think the first paper brings up a point that even though it can be circumvented Microsoft can just keep changing things to break your software (unless some global solution id figured out). So it seems that there is no future for kernel level protections (Themida and StarForce...) unless they are in cahoots with Microsoft and get their drivers signed/approved. The other option is for the protections to crack patchguard and I don't see to many companies being comfortable with that.

Even if an agreement is worked out with microsoft. would Microsoft really let them get away with hooking the IDT, etc like they do now? I heard a rumor that the last version of Themida doesn't do such hooking..but haven't had time to test it out with SoftICE.
Reply With Quote
  #2  
Old 02-05-2006, 07:36
Human
 
Posts: n/a
well what we can expect is now safedisc will be only option due they have msshit certificate and signed agreement week ago about sharing knowledge. other protector probably will use holes till they will be not patched, there is always workaround, for ring0 nothing is impossible, maybe drivers will load like softice before windows and then they rule
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code sh3dow Source Code 0 05-12-2016 03:15
Use IDA in kernel mode ?? Veyskarami General Discussion 14 02-23-2013 12:38
How to pass the large data in kernel mode to user mode? benina General Discussion 3 03-06-2010 04:50
Kernel-Mode GUI!? (like SoftIce) Cobi General Discussion 1 01-21-2005 02:24
Kernel Mode Driver for NT SPeY General Discussion 12 04-22-2004 15:34


All times are GMT +8. The time now is 20:52.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX