Inprise
دوشنبه 04 مهر 1384, 02:55 صبح
سلام؛
Piotr اولین نگارش Prevention Pack اش رو منتشر کرده ؛ احتمالا" اگر از جوآنا روتکووسکا ( که او هم لهستانی است و میشه تو اینویزیبل ثینگز دات کام پیداش کرد ) بگذریم ، کسی به اندازهء Piotr در این زمینه فعال نبوده ، فلذا این پک قطعا" باید چیز جالبی باشه خصوصا" که جزئیات عملکردش تو P63 ( که آخرین انتشارش هم بود ) ارائه شده ؛
Protty is a ring 3 library developed to protect against
shellcode execution on Windows NT based systems. The full
description of the mechanism was published within the
Phrack magazine volume #63, available here:
http://www.phrack.org/phrack/63/p63-0x0f_NT_Shellcode_Prevention_Demystified.txt
(sources of the initial release are also available) .
Currently Protty stops most known Windows shellcodes.
Moreover it can block some types of viruses which use
similiar methods as shellcodes do.
Main Protty v.01a (test phase) features are:
- Process Environment Block protection (currently 2 modules protection used)
- Structured Exception Handling protection
- Import section killing (currently main application only)
- Export section protection (currently 2 modules protection used)
- RtlEnterCrticialSection protecting (currently disabled)
http://pb.specialised.info/all/protty/prott_packV01A.zip
با تشکر از پدرام برای لینک ؛
موفق باشید
Piotr اولین نگارش Prevention Pack اش رو منتشر کرده ؛ احتمالا" اگر از جوآنا روتکووسکا ( که او هم لهستانی است و میشه تو اینویزیبل ثینگز دات کام پیداش کرد ) بگذریم ، کسی به اندازهء Piotr در این زمینه فعال نبوده ، فلذا این پک قطعا" باید چیز جالبی باشه خصوصا" که جزئیات عملکردش تو P63 ( که آخرین انتشارش هم بود ) ارائه شده ؛
Protty is a ring 3 library developed to protect against
shellcode execution on Windows NT based systems. The full
description of the mechanism was published within the
Phrack magazine volume #63, available here:
http://www.phrack.org/phrack/63/p63-0x0f_NT_Shellcode_Prevention_Demystified.txt
(sources of the initial release are also available) .
Currently Protty stops most known Windows shellcodes.
Moreover it can block some types of viruses which use
similiar methods as shellcodes do.
Main Protty v.01a (test phase) features are:
- Process Environment Block protection (currently 2 modules protection used)
- Structured Exception Handling protection
- Import section killing (currently main application only)
- Export section protection (currently 2 modules protection used)
- RtlEnterCrticialSection protecting (currently disabled)
http://pb.specialised.info/all/protty/prott_packV01A.zip
با تشکر از پدرام برای لینک ؛
موفق باشید