flat assembler
Message board for the users of flat assembler.
Index
> Windows > Help combining two codes Goto page Previous 1, 2, 3, 4, 5, 6 Next |
Author |
|
revolution 20 Dec 2011, 02:56
peet wrote: would it be possible to let the one app test itself against the signature in a workin/save way? guess not. does trusted platform modules do help in this? Driver signing enforcement in Vista (XP-64 also?) and above the is the closest there is to having the OS check code before running it. And this is where the TPM can help if the OS is also verified by the TPM. Then all driver and OS code can be known to be "pure". |
|||
20 Dec 2011, 02:56 |
|
peet 20 Dec 2011, 02:58
so the problem would be to get the testing routine abstracted outside the code which is easily manipulated, so i'd like to try going in TPM direction further maybe
|
|||
20 Dec 2011, 02:58 |
|
revolution 20 Dec 2011, 03:03
peet wrote: so the problem would be to get the testing routine abstracted outside the code which is easily manipulated, |
|||
20 Dec 2011, 03:03 |
|
peet 20 Dec 2011, 03:06
i am too tired now to get that all right, but what you said and i red just at wikipedia, it seems to be possible to register a cert in TPM and to bind an application to the check...will have to read that once more later
guess we'll end up with a tpm which would need to controll cpu useage but who controlls the TPM? hmmmm...makin headake....so open source is the one and only effective protection left i guess |
|||
20 Dec 2011, 03:06 |
|
peet 20 Dec 2011, 03:14
revolution wrote: Yes. And you need the help of the OS here. only if the app can't call the tpm itself, or user can't ask tpm for verification anybody ever checked tpm for security itself? Last edited by peet on 20 Dec 2011, 03:16; edited 1 time in total |
|||
20 Dec 2011, 03:14 |
|
revolution 20 Dec 2011, 03:16
peet wrote:
|
|||
20 Dec 2011, 03:16 |
|
peet 20 Dec 2011, 03:19
if the tpm is build right it might get difficult to manipulate it without physical hands on it. in that case the tpm could get called with a need of verification, the answer to that would have to only be sent by tpm to user, not from app of course. this way you could trust the checked application?
edit the tpm would need a own posibility to display data (popup) without the need of os or anything else. but this would be possible. |
|||
20 Dec 2011, 03:19 |
|
revolution 20 Dec 2011, 03:28
The TPM doesn't work that way. It can't reach in and control the actions of the CPU. Read about "Trusted Computing" (some call it "treacherous computing") to see how the TPM is integrated into the system. Everything from initial OS start-up right through to driver loading must be verified before you can trust the system to always check in with the TPM. If there is any break in the verification chain the the whole paradigm of TPM fails.
|
|||
20 Dec 2011, 03:28 |
|
peet 21 Dec 2011, 06:24
@revolution:
wow, quite a discussion, there are possibilities to see, but problems as well. maybe we have to built our own cpu first to archieve goal really. hm maybe i sell pc and better buy a pizza instead? but can i trust the pizzaman? ;) i did not find some clear information or links about linux engeneering in that direction. tpm technologie is implemented in kernel already, but i did not find a system project which does use it for itself. Is ubuntu not going that direction? For the moment i will hash on lol. @AG62: is your control making progress? |
|||
21 Dec 2011, 06:24 |
|
AsmGuru62 21 Dec 2011, 14:55
@peet: no -- too much stuff on my plate.
|
|||
21 Dec 2011, 14:55 |
|
typedef 21 Dec 2011, 21:15
even hardware is not safe these days. Example, iPod touch, PSP, Android Smart Phones, GPS Devices. All of these were / can be rooted/hacked/jailbroken.
And mind you that some have their code encrypted. |
|||
21 Dec 2011, 21:15 |
|
peet 22 Dec 2011, 03:53
as long as there is the possibility to run either or other code, that long you will be able to manipulate, at least if you programm at their low level.
the only possibility to get rid of this, at least as long as no phsysical hands on are possible, is to use 'primitive' technics. Imagine a small root 'hardcoded' algorithym built alike with hardwire cabeled LED's (nand and nor alike, but no dynamic, more C then C++) or other one-way-carrier hardware electronic. Now you may use this to load a second already certified abstraction layer and so on.... It's that simple that no one thinks about ;) |
|||
22 Dec 2011, 03:53 |
|
typedef 22 Dec 2011, 07:31
peet wrote: as long as there is the possibility to run either or other code, that long you will be able to manipulate, at least if you programm at their low level. Not when your own employees start revealing your company hardware/software development secrets. Shit, this world isn't fair. |
|||
22 Dec 2011, 07:31 |
|
peet 22 Dec 2011, 12:10
if your logic is produced by wirecabels instaed of calculation, you may publish its source (plan) that wont help somebody if your logic is good and errorfree?
|
|||
22 Dec 2011, 12:10 |
|
peet 22 Dec 2011, 14:33
@AG62 + ALL
so i will try to use standard edit control meanwhile, but do you think it would be possible to use the search and replace method to highlight all same strings in pad maybe? and for my clipboard function this should be possible primitiv way by misusing string variables maybe? and to make screenshot should be possibly not to hard, but set it as background and fade it? the send to cmd should again work with OScalls maybe not to hard itself, in my childish fantasy at least :) if you or someone could gimme pieces of code where i can see example (or links to the right places, as they are not that easy to find better seperate from the false ones if you not already know what you are searching for) and me do the tedious work of duplicating and to work it out to the end - i'd love to try |
|||
22 Dec 2011, 14:33 |
|
AsmGuru62 22 Dec 2011, 14:49
@peet: what is "send to cmd"?
I am asking because "cmd" as I know it - it is a relative thing. Example: "copy *cfg .\MyConfig\" may mean different things when running in different contexts - or different current directories. You get what I mean to ask, right? In other words, say, you have a command to execute inside "cmd". In which current directory you mean to do it? |
|||
22 Dec 2011, 14:49 |
|
peet 22 Dec 2011, 14:56
you are totally right - because of that problems it would not be senceful to go to deep inside the cmd communication, i'd use it without any depthing, just piping the string to a cmd after opening one. i'd leave all other depthing behind, as this is as you mentioned too complicated to be able to depth in deeper and behaving save. as well as we know cmd got enough bugs and tricky workarounds of workarounds of ...
and i'd never execute it automatically - the one before the screen must have to press enter himself, but i'd like to save the copy and paste part - and to make this functionality round i'd optionally offer grab the outstream and paste it back to pad (maybe at choosable point of padcontent). |
|||
22 Dec 2011, 14:56 |
|
peet 22 Dec 2011, 15:05
if someone wants to be able to choose or change the cmd location in that context i'd suggest to do this by providing possibility to change or set environment variables to OS before calling the cmd. this way the functionality would not interference with the cmd implemetation itself.
|
|||
22 Dec 2011, 15:05 |
|
revolution 22 Dec 2011, 15:08
The CreateProcess API has the lpCurrentDirectory parameter to set the current directory at start-up of cmd.
|
|||
22 Dec 2011, 15:08 |
|
Goto page Previous 1, 2, 3, 4, 5, 6 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.