Recon2012 - PREVIEW
Recon 2012
| Speakers | |
|---|---|
|
Alex Ionescu |
| Schedule | |
|---|---|
| Day | Day 2 - 2012-06-15 |
| Room | Grand Salon |
| Start time | 13:00 |
| Duration | 01:00 |
| Info | |
| ID | 244 |
Title: Windows 8 User Mode Drivers
Reliability Panacea, or Security Nightmare?
The UMDF 1.11 (User-Mode Driver Framework) that ships with Windows 8 (and back-ported to Vista and Windows 7) now allows user-mode DLLs hosted by the WUDF Hosting Process (i.e.: "User-mode Drivers") to:
1) Handle interrupts in user-mode 2) Map device RAM (MMIO registers) to user-mode memory, read-write 3) Map/access device I/O ports to user-mode, and access them through READPORTXXX and WRITEPORTXXX commands
Because these DLLs are considered "user-mode", they are not part of the Code Integrity/Kernel Mode Code Signing Policies present on 64-bit Windows, and can be loaded without a CA-issued certificate.
If this sounds scary to you, you need to come to this talk.
TBA