[ros-dev] LSASS and MSV1_0.DLL - more research

lots of people appear to have done quite thorough amounts of digging into MSV1_0.DLL due to it being the key to security attacks and stuff e.g. http://www.security-protocols.com/whitepapers/NT/NTcred.txt the two that i have read so far describe how WINLOGON.EXE is a "user" of the LSASS system by doing a LsaLookupAuthenticationPackage call, in order to obtain, presumably, the vector-table which MSV1_0.DLL registers with the LSASS, and then once that vector-table is obtained, they then go on to describe how MSV1_0.DLL may be attacked, by describing in detail the data structures in it. how very convenient for actually implementing one :) l. -- -- <a href="http://lkcl.net">http://lkcl.net</a> --