Bugtraq mailing list archives
Protty v.01A (beta) - shellcode execution protection library for Windows NT based systems
From: Piotr Bania <bania.piotr () gmail com>
Date: Thu, 22 Sep 2005 17:49:41 +0200
Hi, For those who are interrested i have released Protty lib: Protty is a ring 3 library developed to protect against shellcode execution on Windows NT based systems. The full description of the mechanism was published within the Phrack magazine volume #63, available here:http://www.phrack.org/phrack/63/p63-0x0f_NT_Shellcode_Prevention_Demystified.txt
(sources of the initial release are also available) . Currently Protty stops most known Windows shellcodes. Moreover it can block some types of viruses which use similiar methods as shellcodes do. Main Protty v.01a (test phase) features are: - Process Environment Block protection (currently 2 modules protection used) - Structured Exception Handling protection - Import section killing (currently main application only) - Export section protection (currently 2 modules protection used) - RtlEnterCrticialSection protecting (currently disabled) available at: http://pb.specialised.info/all/protty/prott_packV01A.zip best regards, Piotr Bania -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr () gmail com> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://pb.specialised.info - Key ID: 0xBE43AC33 -------------------------------------------------------------------- " Dinanzi a me non fuor cose create se non etterne, e io etterno duro. Lasciate ogne speranza, voi ch'intrate " - Dante, Inferno Canto III
Current thread:
- Protty v.01A (beta) - shellcode execution protection library for Windows NT based systems Piotr Bania (Sep 22)