number 4 and 5 from the previous post is done.
just want to note that the protection against direct memory writing also helps defend against restoring SDT. the method described in www.security.org.sg/code/sdtrestore.html. This method uses the physical memory access too (\device\physicalmemory). So, by applying this filter we effectively stop SDTrestore from gaining write access to physical memory.
Now, I will work for number 7, modifying driver files on disk.
thats going to be a little bit hard.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment