"Shattering Windows"
-
http://slashdot.org/article.pl?sid=02/08/06/1828256&mode=thread&tid=172[^] Yeesh, leave it to slashdot's posters to make something out of nothing if it gives them the ability to say "Linux is better." Espescially problems like this, when it is NOT Microsoft's fault, it's the fault of some idiot vendor.. And this[^] idiot that wrote his 'paper'... Read the 'about' link at the bottom of that page. If he has to dig _that_ far to find a bug in windows, he must not be as good as he thinks. :-) evilpen dot net :: gpg public key (ascii-armored)
Ok, even being fair to MS and all, this seriously does suck ass. And, yeah, it's been around forever; see where not talking about it has brought us? Someone working on the original Win32 design *could* have said things like "er, maybe having WM_TIMER pass in a callback pointer & then blindly jumping to it isn't such a hot idea after all" (seriously; does anyone actually use this? why?). For that matter, even back in the dark ages that were 1990, we had ways of communicating with controls besides sending them messages; MS *could* have gone another way with it. But, in all honesty, this is something that never would and probably never will happen, at least large scale, to classic native Win32 GUI apps. MS has come to be where it is today by choosing compatibility over "the right way" when the choice is presented; there's no doubt we love them for it - i'm still dealing with code that was written originally for 16-bit MFC! Oh, and about that "idiot vendor"; yeah, it's their fault, not Microsoft's. But MS essentially played the role of the person placing a small sign next to a large hole he's just dug in a major highway; they are not entirely without blame...
---
Shog9 If I could sleep forever, I could forget about everything...
-
Joao Vaz wrote: Nimda for instante created a guest account on windows registry, elevated the privileges to administatives ones and called CreateRemoteThread ... a piece of cake don't you think ? It is a piece of cake. But - if you're alread an administrator, you don't have to use subtle methods like CreateRemoteThread. You can just format disk or destroy the registry :) BTW: how Nimda elevated its privs? Tomasz Sowinski -- http://www.shooltz.com
What is "scratch" and why can everything be made from it?
Tomasz Sowinski wrote: It is a piece of cake. I used this expression in a sarcastic way, but there isn't any scarmasm icon on CP (hint,hint,hint) Nimda used a lot of windows *features* in a smart way ;) check the technical details beginning at slide 21 Nimda details[^] CreateRemoteThread is a useful api, but too damn powerfull and dangerous. But since it could break some nice software systems that use this technique to attach a debugging or hook systems, it all resumes to money ... For instance in Programming Windows,4th by Jeffrey Ritcher and Debugging Applications by John Robbins, they use this api to do interesting things in a good way, but this api, used in wrong ways is evil, like some Win32 experts, security and even threading experts like to say. Cheers, Joao Vaz And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. - Shog9
-
Tomasz Sowinski wrote: It is a piece of cake. I used this expression in a sarcastic way, but there isn't any scarmasm icon on CP (hint,hint,hint) Nimda used a lot of windows *features* in a smart way ;) check the technical details beginning at slide 21 Nimda details[^] CreateRemoteThread is a useful api, but too damn powerfull and dangerous. But since it could break some nice software systems that use this technique to attach a debugging or hook systems, it all resumes to money ... For instance in Programming Windows,4th by Jeffrey Ritcher and Debugging Applications by John Robbins, they use this api to do interesting things in a good way, but this api, used in wrong ways is evil, like some Win32 experts, security and even threading experts like to say. Cheers, Joao Vaz And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. - Shog9
Joao Vaz wrote: check the technical details beginning at slide 21 Thanks for the link. Now I'm going to make a headlines with my own worm ;) Joao Vaz wrote: but this api, used in wrong ways is evil, like some Win32 experts, security and even threading experts like to say Any references? Tomasz Sowinski -- http://www.shooltz.com
What is "scratch" and why can everything be made from it?
-
Joao Vaz wrote: check the technical details beginning at slide 21 Thanks for the link. Now I'm going to make a headlines with my own worm ;) Joao Vaz wrote: but this api, used in wrong ways is evil, like some Win32 experts, security and even threading experts like to say Any references? Tomasz Sowinski -- http://www.shooltz.com
What is "scratch" and why can everything be made from it?
Tomasz Sowinski wrote: Now I'm going to make a headlines with my own worm LOL :-) Tomasz Sowinski wrote: Any references? http://world.std.com/~jmhart/critcom.htm[^] http://www.lambdacs.com/cpt/FAQ.html[^] this a kind of security forum , place a search on the page for CreateRemoteThread, and delight yourself with dll injection and running the evil code in the firewall process due to the wonderfull CreateRemotethread http://www.dslreports.com/forum/remark,3191090~root=security,1~mode=flat~start=60[^] and check the ultimate technique of dll injection on firewall process :-) http://www.unixwiz.net/backstealth/[^] This make you think, doesn't it ? :~ Cheers, Joao Vaz And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. - Shog9
-
Joao Vaz wrote: check the technical details beginning at slide 21 Thanks for the link. Now I'm going to make a headlines with my own worm ;) Joao Vaz wrote: but this api, used in wrong ways is evil, like some Win32 experts, security and even threading experts like to say Any references? Tomasz Sowinski -- http://www.shooltz.com
What is "scratch" and why can everything be made from it?
http://www.dslreports.com/forum/remark,3191090~root=security,1~mode=flat[^] The post that describes the order of the win32 apis involved in the process of Backstealth Cheers, Joao Vaz And if your dream is to care for your family, to put food on the table, to provide them with an education and a good home, then maybe suffering through an endless, pointless, boring job will seem to have purpose. And you will realize how even a rock can change the world, simply by remaining obstinately stationary. - Shog9
-
It is somewhat of a serious problem. But MS can't fix it without a total re-write. It is a legacy issue. Tim Smith "Programmers are always surrounded by complexity; we can not avoid it... If our basic tool, the language in which we design and code our programs, is also complicated, the language itself becomes part of the problem rather that part of the solution." Hoare - 1980 ACM Turing Award Lecture
Tim Smith wrote: It is somewhat of a serious problem. But MS can't fix it without a total re-write. No, I don't think it is unfixable. The Problem is the behavior of the standard window proc on WM_TIMER messages. MS could change this behavior to not call a supplied function pointer. Sure this might break some old applications but this is a small price and easy to fix by software vendors. There is even a compatibility mode possible which has to be set by a privileged user for selected applications. But there might be many more places where such flaws are present... Oliver Anhuth