Is GlobalLock() hacker/cracker-proof?
Posted on 2003-10-21
I have a very simple yes/no-question for which I'd like a detailed answer :))
The simple question: Can GlobalLock() under Windows be trusted?
The more elaborate sub-questions:
I have sensitive data to process in one of my Windows programs.
If I use GlobalAlloc(), and then use GlobalLock() on these heap-pages, how secure are they from spying eyes?
Who can read those pages (I assume just the locking thread or is it the locking process?)?
What actually does GlobalLock on the deep levels of Windows?
How can "locked" pages be broken into by a cracker/hacker and how can that be prevented or at least detected?
What do I have to do to detect read-access to a certain memory-page. (Read, if I don't want to trust the locking mechanism of Windows, can I somehow monitor what processes or threads are reading from that memory-area, and if I detect an intruder, I would clear the memory area again and terminate my program. How would I implement such a page-watch mechanism reliably) ?
Can I prevent Windows from swapping my locked pages to the swapfile on disk?
Do device drivers or other Ring0 code have free access to locked pages?
Basically I want to make sure that ONLY my thread (not even my whole process, just the locking thread) can read from a certain memory-page. Is that possible under Windows?
Could you point me to websites that deal with that problem?
Simple question, probably no simple answers :))
But thank you all for your input!