Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

On-Access, Transparent, Per-File Data Encryption:

OSR's File Encryption Solution Framework (FESF) provides all the infrastructure you need to build a transparent file encryption product REALLY FAST.

Super flexible policy determination and customization, all done in user-mode. Extensive starter/sample code provided.

Proven, robust, flexible. In use in multiple commercial products.

Currently available on Windows. FESF for Linux will ship in 2018.

For more info: https://www.osr.com/fesf

Go Back   OSR Online Lists > ntfsd
Welcome, Guest
You must login to post to this list
  Message 1 of 1  
30 Jan 18 06:04
Gabriel Bercea
xxxxxx@gmail.com
Join Date: 03 Mar 2008
Posts To This List: 313
Where is SEC_IMAGE AllocationAttribute ?

I may be asking a stupid question but I believe that AllocationAttributes such as SEC_IMAGE are not present in the minifilter callbacks such as AcquireForSectionSynchronization. If I am correct than this is pretty sad for security developers, since you can run a process that has been opened with PAGE_READONLY but with SEC_IMAGE set. Not going into too many details but such techniques are already used in process doppelganging attacks and similar class of attacks. I am wondering, if I am right, is anywone from MSFT going to add these flags in some patch to Filter Manager ? Thanks, Gabriel www.kasardia.com
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntfsd list to be able to post.

All times are GMT -5. The time now is 06:44.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license