10 Sep
2005
10 Sep
'05
9:44 p.m.
lots of people appear to have done quite thorough amounts of digging into MSV1_0.DLL due to it being the key to security attacks and stuff
e.g. http://www.security-protocols.com/whitepapers/NT/NTcred.txt
the two that i have read so far describe how WINLOGON.EXE is a "user" of the LSASS system by doing a LsaLookupAuthenticationPackage call, in order to obtain, presumably, the vector-table which MSV1_0.DLL registers with the LSASS, and then once that vector-table is obtained, they then go on to describe how MSV1_0.DLL may be attacked, by describing in detail the data structures in it.
how very convenient for actually implementing one :)
l.
--
--
<a href="http://lkcl.net">http://lkcl.net</a>
--