flat assembler
Message board for the users of flat assembler.
Index
> Windows > hooking is bad? |
Author |
|
baldr 11 Sep 2010, 17:03
b1528932,
If debugger have some technique to interrupt debuggee's execution, how Microsoft will stop hookers (pun intended ) from using the very same approach? Any software solution will be defeated with in-circuit emulation/JTAG/XDP easily (though costly). |
|||
11 Sep 2010, 17:03 |
|
b1528932 11 Sep 2010, 21:01
its not about defeting software solutions, but rather forcing people to use better methods implementing hooks.
|
|||
11 Sep 2010, 21:01 |
|
baldr 12 Sep 2010, 04:58
b1528932,
I believe I understood your point. Microsoft should modify Windows to render current hooking methods useless to force people to find and use better methods? Now it sounds awkward. |
|||
12 Sep 2010, 04:58 |
|
bitRAKE 12 Sep 2010, 05:45
Windows needs a red light district.
|
|||
12 Sep 2010, 05:45 |
|
revolution 12 Sep 2010, 05:50
64bit windows disallows hooks. Drivers must use the provided OS interface to catch events.
|
|||
12 Sep 2010, 05:50 |
|
f0dder 12 Sep 2010, 10:51
revolution: I thought the point was whether *user*mode hooking should be disallowed
Anyway, I can't see how you would (entirely) disable hooking - at least not for users running with admin privileges, so you might as well not try. You already can't place hooks in an admin-priv process from LUA process, that's good enough imho. |
|||
12 Sep 2010, 10:51 |
|
revolution 12 Sep 2010, 11:20
Disallowing hooks is basically to stop malware and promote DRM.
There are lots of good reasons to use hooks, but unfortunately malware can use it for bad purposes. So we have to have a trade-off: If you completely disallow hooks (like W64 kernel) then you have to provide alternative methods that allow the good things but disallow the bad things (driver signing and defined event interfaces). Whereas if you allow hooks (W32) then you have to deal with misbehaving hookers (malware) with things like AVs. |
|||
12 Sep 2010, 11:20 |
|
baldr 12 Sep 2010, 13:22
revolution,
Does 64-bit Windows disallow user-mode hooks completely? Looks like there are some solutions already, EasyHook for example (though I won't test it any time soon). |
|||
12 Sep 2010, 13:22 |
|
revolution 12 Sep 2010, 13:24
AFAIK only the kernel is protected from hooking.
|
|||
12 Sep 2010, 13:24 |
|
Tyler 12 Sep 2010, 19:50
NT x64 prevents kernel patching. There are ways of providing alternatives for hooking other than patching. However, I don't know enough about driver programming to know whether alternatives are provided by NT x64.
P.S. Kernel patching in x86 was never supported. I guess they just chose to wait so they don't break compatibility for legit products that use patching in x86. |
|||
12 Sep 2010, 19:50 |
|
baldr 13 Sep 2010, 05:24
I've read Patching Policy for x64-Based Systems article, and this sentence makes me smile: "Patching any part of the kernel (detected only on AMD64-based systems)". Doesn't it means that other restrictions apply to AMD64 only, too?
|
|||
13 Sep 2010, 05:24 |
|
b1528932 13 Sep 2010, 18:20
Quote: P.S. Kernel patching in x86 was never supported. I guess they just chose to wait so they don't break compatibility for legit products that use patching in x86. Legit is by definition documented. if something use patching, it deserve to be broken. Patching is acceptable only for rootkits, when you target one specyfic machine, but not as a product for many users. |
|||
13 Sep 2010, 18:20 |
|
Tyler 14 Sep 2010, 01:10
documented != supported
Most AVs use patching, I guess they didn't want to piss off Norton... |
|||
14 Sep 2010, 01:10 |
|
JoeCoder1 13 Jun 2011, 08:16
As far as I am concerned, they cannot stop you from modifying your own system if you paid for a license. Either you bought a copy for your own use or you didn't. Anyway they waste too much code on trying to prevent hacks but 2 minutes after each beta or new release some Chinese or Russian guys post cracks. Microsoft should just concentrate on writing good code and realize there are guys smarter than them and they can't stop them. You could probably get Windows to be 1/10th of the current size if you took out all the ineffective anti-piracy code in it and increase the stability and usability 10 times.
|
|||
13 Jun 2011, 08:16 |
|
revolution 13 Jun 2011, 08:23
JoeCoder1 wrote: As far as I am concerned, they cannot stop you from modifying your own system if you paid for a license. |
|||
13 Jun 2011, 08:23 |
|
JoeCoder1 13 Jun 2011, 08:53
I don't think that part of the license is enforceable. Until somebody cites a court case, I assume I can do whatever I want with whatever I buy. If you don't like it, sue me :p
|
|||
13 Jun 2011, 08:53 |
|
typedef 14 Jun 2011, 00:38
well i'm just happy that microsoft let their customers code for their OS for free or do whatever they want with it, unlike Sony who have to work their butts off just to patch the PSP's firmware to avoid people from running "free code".
|
|||
14 Jun 2011, 00:38 |
|
Enko 14 Jun 2011, 13:16
typedef wrote: well i'm just happy that microsoft let their customers code for their OS for free or do whatever they want with it, unlike Sony who have to work their butts off just to patch the PSP's firmware to avoid people from running "free code". For developing for sony, you have to pay the license no money, no coding for sony |
|||
14 Jun 2011, 13:16 |
|
typedef 14 Jun 2011, 16:21
Enko wrote:
i know . u pay like USD$10K for the whole dev package and tools..but i have the free psp sdk made by some hackers who cracked their encryption key and now ppl can sign their homebrew apps and not need any loaders for the psp. the firmware can also be downgraded only by a kernel exploit..lol sony cracks me up lol |
|||
14 Jun 2011, 16:21 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.