flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
baldr 11 Sep 2010, 17:03
b1528932,
If debugger have some technique to interrupt debuggee's execution, how Microsoft will stop hookers (pun intended ![]() Any software solution will be defeated with in-circuit emulation/JTAG/XDP easily (though costly). |
|||
![]() |
|
b1528932 11 Sep 2010, 21:01
its not about defeting software solutions, but rather forcing people to use better methods implementing hooks.
|
|||
![]() |
|
baldr 12 Sep 2010, 04:58
b1528932,
I believe I understood your point. Microsoft should modify Windows to render current hooking methods useless to force people to find and use better methods? Now it sounds awkward. |
|||
![]() |
|
bitRAKE 12 Sep 2010, 05:45
Windows needs a red light district.
![]() |
|||
![]() |
|
revolution 12 Sep 2010, 05:50
64bit windows disallows hooks. Drivers must use the provided OS interface to catch events.
|
|||
![]() |
|
f0dder 12 Sep 2010, 10:51
revolution: I thought the point was whether *user*mode hooking should be disallowed
![]() Anyway, I can't see how you would (entirely) disable hooking - at least not for users running with admin privileges, so you might as well not try. You already can't place hooks in an admin-priv process from LUA process, that's good enough imho. |
|||
![]() |
|
revolution 12 Sep 2010, 11:20
Disallowing hooks is basically to stop malware and promote DRM.
There are lots of good reasons to use hooks, but unfortunately malware can use it for bad purposes. So we have to have a trade-off: If you completely disallow hooks (like W64 kernel) then you have to provide alternative methods that allow the good things but disallow the bad things (driver signing and defined event interfaces). Whereas if you allow hooks (W32) then you have to deal with misbehaving hookers (malware) with things like AVs. |
|||
![]() |
|
baldr 12 Sep 2010, 13:22
revolution,
Does 64-bit Windows disallow user-mode hooks completely? Looks like there are some solutions already, EasyHook for example (though I won't test it any time soon). |
|||
![]() |
|
revolution 12 Sep 2010, 13:24
AFAIK only the kernel is protected from hooking.
|
|||
![]() |
|
Tyler 12 Sep 2010, 19:50
NT x64 prevents kernel patching. There are ways of providing alternatives for hooking other than patching. However, I don't know enough about driver programming to know whether alternatives are provided by NT x64.
P.S. Kernel patching in x86 was never supported. I guess they just chose to wait so they don't break compatibility for legit products that use patching in x86. |
|||
![]() |
|
baldr 13 Sep 2010, 05:24
I've read Patching Policy for x64-Based Systems article, and this sentence makes me smile: "Patching any part of the kernel (detected only on AMD64-based systems)". Doesn't it means that other restrictions apply to AMD64 only, too?
|
|||
![]() |
|
b1528932 13 Sep 2010, 18:20
Quote: P.S. Kernel patching in x86 was never supported. I guess they just chose to wait so they don't break compatibility for legit products that use patching in x86. Legit is by definition documented. if something use patching, it deserve to be broken. Patching is acceptable only for rootkits, when you target one specyfic machine, but not as a product for many users. |
|||
![]() |
|
Tyler 14 Sep 2010, 01:10
documented != supported
![]() Most AVs use patching, I guess they didn't want to piss off Norton... |
|||
![]() |
|
JoeCoder1 13 Jun 2011, 08:16
As far as I am concerned, they cannot stop you from modifying your own system if you paid for a license. Either you bought a copy for your own use or you didn't. Anyway they waste too much code on trying to prevent hacks but 2 minutes after each beta or new release some Chinese or Russian guys post cracks. Microsoft should just concentrate on writing good code and realize there are guys smarter than them and they can't stop them. You could probably get Windows to be 1/10th of the current size if you took out all the ineffective anti-piracy code in it and increase the stability and usability 10 times.
|
|||
![]() |
|
revolution 13 Jun 2011, 08:23
JoeCoder1 wrote: As far as I am concerned, they cannot stop you from modifying your own system if you paid for a license. |
|||
![]() |
|
JoeCoder1 13 Jun 2011, 08:53
I don't think that part of the license is enforceable. Until somebody cites a court case, I assume I can do whatever I want with whatever I buy. If you don't like it, sue me :p
|
|||
![]() |
|
typedef 14 Jun 2011, 00:38
well i'm just happy that microsoft let their customers code for their OS for free or do whatever they want with it, unlike Sony who have to work their butts off just to patch the PSP's firmware to avoid people from running "free code".
|
|||
![]() |
|
Enko 14 Jun 2011, 13:16
typedef wrote: well i'm just happy that microsoft let their customers code for their OS for free or do whatever they want with it, unlike Sony who have to work their butts off just to patch the PSP's firmware to avoid people from running "free code". For developing for sony, you have to pay the license ![]() no money, no coding for sony ![]() |
|||
![]() |
|
typedef 14 Jun 2011, 16:21
Enko wrote:
i know . u pay like USD$10K for the whole dev package and tools..but i have the free psp sdk made by some hackers who cracked their encryption key and now ppl can sign their homebrew apps and not need any loaders for the psp. the firmware can also be downgraded only by a kernel exploit..lol sony cracks me up lol |
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2023, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.