Armenian Knowledge Base  

Go Back   Armenian Knowledge Base > Technical sections > Software > Software Security

LinkBack Thread Tools
Old 31.01.2005, 20:04   #1
acid's Avatar
Join Date: 09 2001
Location: South Korea, Gumi
Posts: 7,699
Blog Entries: 16
Downloads: 102
Uploads: 34
Reputation: 561 | 6
Default Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass

Published 28th January 2005.
In October 2004 it was discovered by MaxPatrol team that it is possible to defeat Microsoft® Windows® XP SP2 Heap protection and Data Execution Prevention mechanism. As a result it is possible to implement:
  1. Arbitrary memory region write access (smaller or equal to 1016 bytes)
  2. Arbitrary code execution
  3. DEP bypass.
Details are described in the article by our expert: PDF format, HTML format.
As a temporary security measure we've developed simple utility PTmsHORP, which allows restriction of lookaside list creation, governed by a special global flag.
Download PTmsHORP (21 Kb)
During the first execution this program shows the list of applications which already have this flag set. In order to activate this safety flag for other applications you just need to add the name of the executable file to the list. Any time you can review or modify the list of protected applications by running PTmsHORP again.
Warning. The flag, while enabled, may decrease the application performance.
Reply With Quote

Thread Tools

На правах рекламы:

All times are GMT. The time now is 18:57.

Powered by vBulletin® Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.