More information thx to @_Anyfun : comm ports MUST be secured, as they are "FilterCommunicationPorts" objects, which is defined by FltMgr using ObCreateObjectType() with the "ObjectTypeInitializer.ObjectTypeFlags.SecurityRequired" flag set. 1/2
-
-
-
Th port security descriptor may be created using FltBuildDefaultSecurityDescriptor(), which actually creates an empty SD and only sets two ACLs granting "DesiredAccess" to S-1-5-18 (local system) and S-1-5-32-544 (builtin admins) 2/2
- Još 1 odgovor
Novi razgovor -
-
-
Great read! I was in the process of writing pretty much the same post, but you beat me to it... It was still fun to reverse, though :)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
Publication of a new blog post about brief technical analysis of the Microsoft Windows "filter communication port" kernel communication mechanism with filtering drivers. Enjoy