[40427] in bugtraq
Protty v.01A (beta) - shellcode execution protection library for
daemon@ATHENA.MIT.EDU (Piotr Bania)
Thu Sep 22 13:12:16 2005
Message-ID: <4332D295.1090904@gmail.com>
Date: Thu, 22 Sep 2005 17:49:41 +0200
From: Piotr Bania <bania.piotr@gmail.com>
MIME-Version: 1.0
To: FULLDISC <full-disclosure@lists.grok.org.uk>,
SBUGTRAQ <bugtraq@securityfocus.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
For those who are interrested i have released Protty lib:
Protty is a ring 3 library developed to protect against
shellcode execution on Windows NT based systems. The full
description of the mechanism was published within the
Phrack magazine volume #63, available here:
http://www.phrack.org/phrack/63/p63-0x0f_NT_Shellcode_Prevention_Demystified.txt
(sources of the initial release are also available) .
Currently Protty stops most known Windows shellcodes.
Moreover it can block some types of viruses which use
similiar methods as shellcodes do.
Main Protty v.01a (test phase) features are:
- Process Environment Block protection (currently 2 modules protection used)
- Structured Exception Handling protection
- Import section killing (currently main application only)
- Export section protection (currently 2 modules protection used)
- RtlEnterCrticialSection protecting (currently disabled)
available at: http://pb.specialised.info/all/protty/prott_packV01A.zip
best regards,
Piotr Bania
--
--------------------------------------------------------------------
Piotr Bania - <bania.piotr@gmail.com> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33
http://pb.specialised.info - Key ID: 0xBE43AC33
--------------------------------------------------------------------
" Dinanzi a me non fuor cose create
se non etterne, e io etterno duro.
Lasciate ogne speranza, voi ch'intrate "
- Dante, Inferno Canto III
