Download - Windows Handle
Windows Handle
somma_at_vmcraft_dot_comVMCraft inc., Ltd.
2008. 11. 15
Contents
Windows kernel architectureObject ?Handle tableReversing the PspCidTableExploit #1 Exploit #2
Windows kernel architecture
User-mode
Kernel-mode Trap interface / LPC
ntdll / run-time library
Win32 GUIProcs & threads
Kernel run-time / Hardware Adaptation Layer
Virtual memoryIO ManagerSecurity refmon
Cache mgr
File filters
File systems
Volume mgrs
Device stacks
Scheduler
Kernel32 User32 / GDI
DLLs
Applications
System Services
Object Manager / Configuration Management
FS run-time
exec synchr
Subsystemservers
Login/GINA
Critical services
Object ?
Object structure
DEMO - Digging windows object
HANDLE ?
Handle table
Handle table structure
Handle table structure
Reversing the PspCidTableHandle table contains every Process and Thread object.
DEMO - Reversing windows kernel
Exploit #1 OpenProcess() trick
Exploit #2 process hiding
Q & A