Jump to content

Questions about bug and deprecated code used...


Recommended Posts

I have some questions about code used with exploit shield. KeStackAccesProcess has a strange kernel-mode bug, that should be addressed.

Some PoSIX functions are deprecated and the use of other functions are being advised, for instance the use of wscat etc.. This should be addressed by the developing team as well. Strong security code however is the use of ZwQueryInformationProcess API, available in NTDLL.dll depending on the undocumented function. There is also a debug proposition with link to test given. In the hope this advances the further deveopment of the code used. For all this see attached file. 

 

Hope you soon will reach the general beta phase,

 

analyzer 

 

 

oversight.txt

Link to post
Share on other sites
  • Staff

One of the reasons for joining with Malwarebytes was to use their awesome R&D to improve the old ExploitShield. One area of improvement is the hooking framework which is currently still from a third party and which suffers from many shortcomings such as some of the ones you mention. Over time we will make this a great product thanks to Malwarebytes. But please be patient, it's only been a week and a half since we joined forces.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.