Block Process Access
I'm going to test one more thing when I get home tonight. I made a change to how the parent process ID is found, to close a small security hole. In the test version I had to temporarily remove one of the blocks so my own function could work, for the duration of the function call (then the block was replaced). Under most circumstances this is OK, but if the process is multithreaded there's a minute chance that another thread could call the function whose block I removed in that instant.
So instead I'm using the low level kernel functions to perform the same task, which doesn't require me to remove any blocks, and with better performance as well. I want to test this method on my XP box, then I'll release it as a quick test for you, then I'll inform tzuk of the update and update my first post as well.
So instead I'm using the low level kernel functions to perform the same task, which doesn't require me to remove any blocks, and with better performance as well. I want to test this method on my XP box, then I'll release it as a quick test for you, then I'll inform tzuk of the update and update my first post as well.
Hey there wraithdu! I ~*LOVE*~ what you've done with this DLL, its perfect! I, too, am concerned as to where Blizzard's little Warden tool 'sticks its nose' in my system. I'm a privacy advocate, thus I don't believe it's any of Blizzard's @)#$&(@# business as to what's going on in my system (assuming I'm not affecting/modifying/cheating on their game).wraithdu wrote:Why did I create it? I was curious from the post about WoW and the Warden client. I still hope that guy tests it, cause I wanna know if Warden freaks out. My other reasons... it was a challenge.
The purpose is pretty clearly stated. It blocks sandboxed processes from using the ReadProcessMemory function (search MSDN) to read the memory of unsandboxed processes. Incidentally it also blocks the EnumProcessModules function (and perhaps others) of PSAPI.dll, since that function internally seems to use ReadProcessMemory.
Also, I tried this on Windows 7 RC (build 7100) and it works great ~PLUS~ I believe the runtimes are already installed as I didn't have to install them and your AutoIt test program functioned properly inside and outside of the sandbox.
Any-who, just wanted to say thanks!
Enable AntiDel and disable BlockProcessAccess and viceversa to find out what of both DLLs is producing that effect.bugmenot wrote:IDK what happen, but after i tried to put AntiDel and BlockProcessAccess, my Firefox seem bits laggy and the word that i type require some time before it appear,
any solution?
Who is online
Users browsing this forum: No registered users and 1 guest