1 / 15

Windows Handle

Windows Handle. somma _at_ vmcraft _dot_ com VMCraft inc., Ltd. 2008. 11. 15. Contents. Windows kernel architecture Object ? Handle table Reversing the PspCidTable Exploit #1 Exploit #2. Applications. Subsystem servers. DLLs. System Services. Login/GINA. Kernel32.

lucian
Download Presentation

Windows Handle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Handle somma_at_vmcraft_dot_com VMCraft inc., Ltd. 2008. 11. 15

  2. Contents Windows kernel architecture Object ? Handle table Reversing the PspCidTable Exploit #1 Exploit #2

  3. Applications Subsystem servers DLLs System Services Login/GINA Kernel32 Critical services User32 / GDI ntdll / run-time library User-mode Kernel-mode Trap interface / LPC Security refmon IO Manager Virtual memory Procs & threads Win32 GUI File filters Scheduler FS run-time File systems Volume mgrs Cache mgr exec synchr Device stacks Object Manager / Configuration Management Kernel run-time / Hardware Adaptation Layer Windows kernel architecture

  4. Object ?

  5. Object structure

  6. DEMO - Digging windows object

  7. HANDLE ?

  8. Handle table

  9. Handle table structure

  10. Handle table structure

  11. Reversing the PspCidTable Handle table contains every Process and Thread object.

  12. DEMO - Reversing windows kernel

  13. Exploit #1 OpenProcess() trick

  14. Exploit #2 process hiding

  15. Q & A

More Related