109: (Default)
109 ([personal profile] 109) wrote2009-09-03 04:01 pm
  • Add Memory
  • Share This Entry
Entry tags:

subverting windows kernel for fun and profit

by Joanna Rutkowska / Advanced Malware Labs

In a nutshell:

- Allocate lots of memory to cause unused drivers code to be paged
- Replace the paged out code (inside pagefile) with some shellcode
- Ask kernel to call the driver code which was just replaced

алсо, powerpoint presentation from microsoft на аналогичную тему.
Flat | Top-Level Comments Only

[identity profile] anton-solovyev.livejournal.com 2009-09-04 02:21 am (UTC)(link)
Нет, a pdf для меня -- слишком :)

[identity profile] 109.livejournal.com 2009-09-04 06:29 pm (UTC)(link)
там pdf в стиле презентации, по три слова на страницу.
Flat | Top-Level Comments Only