Friday, August 25, 2006

Direct physical memory access & driver loading

number 4 and 5 from the previous post is done.

just want to note that the protection against direct memory writing also helps defend against restoring SDT. the method described in This method uses the physical memory access too (\device\physicalmemory). So, by applying this filter we effectively stop SDTrestore from gaining write access to physical memory.

Now, I will work for number 7, modifying driver files on disk.
thats going to be a little bit hard.

No comments: