WineConf
Joxean Koret
joxeankoret at yahoo.es
Wed Nov 10 14:38:57 CST 2010
El mié, 10-11-2010 a las 19:59 +0000, Dan Kegel escribió:
> Presumably, though, under Wine you could detect the
> attempt to hook those things, and thereby detect the
> malware?
Is not that easy. For example, what if a rootkit tries to exploit a
privilege scalation vulnerability in the kernel or any of the subsystems
(i.e., win32k)? You may think it's something very uncommon, but is not.
Or, what if the malware tries to install a driver? I can see that a
driver was installed or that a call to LoadDriver/ZwLoadDriver was
issued but I can't get any other information.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Esto es una parte de mensaje firmado digitalmente
URL: <http://www.winehq.org/pipermail/wineconf/attachments/20101110/ee0dc75a/attachment.pgp>
More information about the wineconf
mailing list