blackd0t

Forum Replies Created

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • March 2, 2005 at 7:32 pm in reply to: Personal Firewalls #5700
    blackd0t
    Participant

      SerpentFly, can you think of any idea how do personal firewalls know which process sent a packet when it detects network transfer?

      March 1, 2005 at 11:31 pm in reply to: Personal Firewalls #5698
      blackd0t
      Participant

        Hmm…

        I have always used system wide dll inject, but is there really any reason to do it when you have such privilleges on the machine? I see that things can be done easier by hijacking APIs in Kernel-Mode. (i’m still a n00b in that matter)

        March 1, 2005 at 9:13 am in reply to: Personal Firewalls #5696
        blackd0t
        Participant

          Thanks for the reply!

          You mean that it’s possible to hook GetCommandLine() API in malware program to make firewall think it’s looking at something else? How does the firewall know which packet belongs to which process?

          If such thing can be done, why the only published method to bypass personal firewalls was to inject malware code into the other “privilleged” process?

        • Author
          Posts
        Viewing 3 posts - 1 through 3 (of 3 total)