Joxean Koret joxeankoret at
Wed Nov 10 14:38:57 CST 2010

El mié, 10-11-2010 a las 19:59 +0000, Dan Kegel escribió:
> Presumably, though, under Wine you could detect the
> attempt to hook those things, and thereby detect the
> malware? 

Is not that easy. For example, what if a rootkit tries to exploit a
privilege scalation vulnerability in the kernel or any of the subsystems
(i.e., win32k)? You may think it's something very uncommon, but is not.

Or, what if the malware tries to install a driver? I can see that a
driver was installed or that a call to LoadDriver/ZwLoadDriver was
issued but I can't get any other information.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Esto es una parte de mensaje firmado digitalmente
URL: <>

More information about the wineconf mailing list