Blog | enSilo | documentation

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 2)

Windows, documentation, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime. And the fix for it isn’t as foolproof as you would’ve hoped.

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)

Windows, documentation, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR: Security vendors and kernel developers beware – a programming error in the Windows kernel could prevent you from identifying which modules have been loaded at runtime.

Documenting the Undocumented: Adding CFG Exceptions

Windows, documentation, CFG, Control Flow Guard, NtSetInformationVirtualMemory, enSilo Breaking Malware, enSilo Corporate and Product

TL;DR Microsoft’s Control Flow Guard (CFG) is a security feature that prevents the abuse of indirect calls from calling addresses that are not marked as safe. CFG can cause problems for anyone trying to execute malicious memory manipulations on Windows. In such cases, this can be bypassed by adding an exception to the CFG bitmap (a mapping of

ENSILO Documentation

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 2)

Windows’ PsSetLoadImageNotifyRoutine Callbacks: the Good, the Bad and the Unclear (Part 1)

Documenting the Undocumented: Adding CFG Exceptions

Tags

WHY ENSILO

PRODUCT

RESOURCES

SERVICES

PARTNERS

ABOUT

CONTACT US

WHY ENSILO

PRODUCT

SERVICES

RESOURCES

PARTNERS

ABOUT

CONTACT US

SCHEDULE A DEMO TODAY!

Ensilo Blog Update

ENSILO Documentation

Tags

Subscribe

CONNECT WITH US

CONTACT US

CONNECT WITH US

CONTACT US