Oplocks and ECPs …
If you’re implementing a layered file system and having trouble passing some of the Enhanced Oplock Tests in the Windows HCK or HLK then the information presented in this blog entry might prove helpful. Starting in Windows 7, Microsoft introduced a new Extra Create Parameter (ECP) for OpLock processing. Then again in Windows 8, they added… Continue Reading …
Dual-signed binaries for Windows 7 and beyond
In the last 2 years the process of signing drivers has changed significantly. At this point, almost everybody has had their original SHA1 certifcate expire and has migrated to a SHA256 Extended Validation (EV) certificate. The goal of this article is to summarize the steps necessary to produce a single installation package which will work… Continue Reading …
Hardware Supported Process Isolation – An introduction
Over the past several months, the goal of running a process, or process group, in a hardware supported virtual framework has been reached. The possibilities of what this framework can be used for are quite interesting. Besides a security-focused isolation framework, what else could be done with this technology? One of the most interesting, in… Continue Reading …
The End Is Near…
Well, maybe not the end of anything outside of legacy file system filter drivers on Windows, but their life expectancy is coming to an end. Microsoft recently announced publicly they will be preventing the loading of legacy style file system filter drivers. Then again at the recent IFS Plugfest held on the Microsoft campus it… Continue Reading …
Virtualization and Process Isolation
As described in the previous post, Process Virtualization … Can it Help? I discussed a design carried out here at Kernel Drivers. In this post, I will describe a little more detail of that design as well as an alternative design of having both the user and kernel mode code running within a scaled down hypervisor.… Continue Reading …
Process Virtualization … Can it Help?
Virtualization has been growing at an ever increasing rate over the past several years, now that nearly every processor in the market supports virtualization at the processor level. Of course there are the full blown hypervisor implementations such as Windows Hyper-V and VMWare which support running a complete OS within a virtual environment. But more… Continue Reading …
Security Through Process Isolation – Part 8
It’s been a while since my last post but I’ve been finalizing a product which puts all of the content in the Security Through Process Isolation posts into action. The product, now in beta, focuses on web browsers, the most common set of browsers in particular. While the infrastructure of the product can be applied… Continue Reading …
Security Through Process Isolation – Part 7
In this post I’ll finish up the discussion series by explaining some of the more subtle aspects of implementing process isolation. I started by covering file isolation system topics and finished last time by covering the registry isolation. These are the two largest subsystems, but there are other pathways through which a process, or process group,… Continue Reading …
Security Through Process Isolation – Part 6
After a bit of a hiatus, I am back to finish up this series on Security Through Process Isolation. In my last entry I covered some of the details on how the registry filtering subsystem, or CM, manages contexts and how, as a registry filter driver, one can register a callback for registry accesses. In this… Continue Reading …
Security Through Process Isolation – Part 5
In the previous entries to Security Through Process Isolation (Part1 Part2 Part3 Part4), I focused on the file system aspects of process isolation. In the next few entries I will work through the details associated with virtualizing the registry access from an isolated process. While registry virtualization is, overall, a less complicated design than file… Continue Reading …