Dan Kegel dank at
Wed Nov 10 15:44:54 CST 2010

On Wed, Nov 10, 2010 at 8:38 PM, Joxean Koret <joxeankoret at> wrote:
> Is not that easy. For example, what if a rootkit tries to exploit a
> privilege scalation vulnerability in the kernel or any of the subsystems
> (i.e., win32k)? You may think it's something very uncommon, but is not.

I guess you may extend wine to detect those?

> Or, what if the malware tries to install a driver? I can see that a
> driver was installed or that a call to LoadDriver/ZwLoadDriver was
> issued but I can't get any other information.

For the purposes of scanning websites to see if they are evil,
that should suffice, shouldn't it?
- Dan

More information about the wineconf mailing list