Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

OSR Seminars

Go Back   OSR Online Lists > ntfsd
Welcome, Guest
You must login to post to this list
  Message 1 of 1  
30 Jan 18 06:04
Gabriel Bercea
Join Date: 03 Mar 2008
Posts To This List: 320
Where is SEC_IMAGE AllocationAttribute ?

I may be asking a stupid question but I believe that AllocationAttributes such as SEC_IMAGE are not present in the minifilter callbacks such as AcquireForSectionSynchronization. If I am correct than this is pretty sad for security developers, since you can run a process that has been opened with PAGE_READONLY but with SEC_IMAGE set. Not going into too many details but such techniques are already used in process doppelganging attacks and similar class of attacks. I am wondering, if I am right, is anywone from MSFT going to add these flags in some patch to Filter Manager ? Thanks, Gabriel
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntfsd list to be able to post.

All times are GMT -5. The time now is 03:45.

Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license