Recon2012 - PREVIEW
Recon 2012
Speakers | |
---|---|
Alex Ionescu |
Schedule | |
---|---|
Day | Day 2 - 2012-06-15 |
Room | Grand Salon |
Start time | 13:00 |
Duration | 01:00 |
Info | |
ID | 244 |
Title: Windows 8 User Mode Drivers
Reliability Panacea, or Security Nightmare?
The UMDF 1.11 (User-Mode Driver Framework) that ships with Windows 8 (and back-ported to Vista and Windows 7) now allows user-mode DLLs hosted by the WUDF Hosting Process (i.e.: "User-mode Drivers") to:
1) Handle interrupts in user-mode 2) Map device RAM (MMIO registers) to user-mode memory, read-write 3) Map/access device I/O ports to user-mode, and access them through READPORTXXX and WRITEPORTXXX commands
Because these DLLs are considered "user-mode", they are not part of the Code Integrity/Kernel Mode Code Signing Policies present on 64-bit Windows, and can be loaded without a CA-issued certificate.
If this sounds scary to you, you need to come to this talk.
TBA