Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Is GlobalLock() hacker/cracker-proof?

Posted on 2003-10-21
11
Medium Priority
?
343 Views
Last Modified: 2010-05-18
Hello,

I have a very simple yes/no-question for which I'd like a detailed answer :))

The simple question:   Can GlobalLock() under Windows be trusted?


The more elaborate sub-questions:

I have sensitive data to process in one of my Windows programs.

If I use GlobalAlloc(),  and then use GlobalLock() on these heap-pages, how secure are they from spying eyes?

Who can read those pages (I assume just the locking thread or is it the locking process?)?
What actually does GlobalLock on the deep levels of Windows?
How can "locked" pages be broken into by a cracker/hacker and how can that be prevented or at least detected?

What do I have to do to detect read-access to a certain memory-page.  (Read, if I don't want to trust the locking mechanism of Windows, can I somehow monitor what processes or threads are reading from that memory-area, and if I detect an intruder, I would clear the memory area again and terminate my program.   How would I implement such a page-watch mechanism reliably) ?

Can I prevent Windows from swapping my locked pages to the swapfile on disk?
Do device drivers or other Ring0 code have free access to locked pages?

Basically I want to make sure that ONLY my thread (not even my whole process, just the locking thread) can read from a certain memory-page.  Is that possible under Windows?
Could you point me to websites that deal with that problem?

Simple question, probably no simple answers :))

But thank you all for your input!

Kind regards
Reinhard

0
Comment
Question by:rhopperger
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 22

Accepted Solution

by:
grg99 earned 252 total points
ID: 9592100
I think you're misinterpreting what GlobalLock() does.

IIRC all it does is force that range of addresses to stay in real silicon.
Nothing to do with access rights.

Also the whole concept of "peeking" into other address spaces varies from version to version of windows.

On Windows 95/98/Se/Me there is no real security..  Programs can peek anywhere using standard API's.

On Windows NT/2000/XP security is much better... In theory you can't go poking and peeking into any old address,
at least not with the typical access rights.   You have to have "admin" privs. to do any major peeking and poking.



0
 
LVL 86

Assisted Solution

by:jkr
jkr earned 248 total points
ID: 9592119
>>If I use GlobalAlloc(),  and then use GlobalLock() on these heap-pages, how secure are they from spying eyes?

Not at all. Any debugger will be able to read that memory.

>>What do I have to do to detect read-access to a certain memory-page

There's no way to do so. At best, you will be able to tell whether your program is running under a debugger ('IsDebuggerPresent()')

>> I want to make sure that ONLY my thread can read from a certain memory-page.  Is that possible under
>> Windows?

No. Not even in kernel mode (remember SoftICE :o)
0
 

Author Comment

by:rhopperger
ID: 9592372
grg99, jkr,  thank you for your comments.
So if I read that right then GlobalLock means nothing other than "Fix the block in memory and give me a pointer".  It makes the block immovable.   Ok.  Accepted.

So obviously there's no such thing as "locked" memory under Windows.

How can I then detect if anybody other than my thread is reading from that memory?
Can I create some code that receives a memory page exception or something the like when a read is done ?

Thanks for your help!
Reinhard
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 86

Expert Comment

by:jkr
ID: 9592416
>>Can I create some code that receives a memory page exception or something the like when a read is done ?

You could use 'VirtualProtect()' with 'PAGE_NOACCESS' to generate access violations when that memory area is accessed - but, as with everything, a hacker could reset the page status also. And, the access violation does not apply to a debugger reading the memory...
0
 

Author Comment

by:rhopperger
ID: 9592784
thanks again jkr.   So no chance for any kind of "private" memory?

I could try to detect a debugger and rule out that case.   If a debugger is detected, I would just not run my program.

So I would only have to get an exception or notification if any other program (ring0 or 3) accesses my memory-page.

Would VirtualProtect() accomplish this reliably?    Are there work-arounds around VirtualProtect that others can use to still get access to my page?

Thanks a lot for your help!
Reinhard
0
 
LVL 17

Expert Comment

by:rstaveley
ID: 9594265
Can't you put the process with sensitive data onto a separate secure PC - i.e. a PC which doesn't have unknown processes running on it?
0
 
LVL 86

Expert Comment

by:jkr
ID: 9595444
>>If a debugger is detected, I would just not run my program.

Remember that a hacker could zero out such functionality - it just adds another hurdle, but does not make anything "proof"

>>So I would only have to get an exception or notification if any other program (ring0 or 3)
>>accesses my memory-page.

Yup, an access violation to be precise.

>>Would VirtualProtect() accomplish this reliably?

Definitely.

>>Are there work-arounds around VirtualProtect that others can use to still get access to my
>>page?

Yes :o)

Using a debugger or just changing the page's protection attributes etc. *veg*
0
 
LVL 22

Expert Comment

by:grg99
ID: 9595679
I don' tthink this page-protect business is going to help you much.

Maybe you culd give us a hint as to what you're trying to do?

If you're trying to protect data in memory, you could always encrypt it.
To protect code, you could encrypt it and then just decrypt small bits at a time.
or write the code in some pseudo-language like java byte-codes.

That will stop 95% or so of the crackers.  For the rest, you leave some text in ther like
"If yo can decode this, we may want to hire you"




0
 

Author Comment

by:rhopperger
ID: 9599252
Hello again.

I think my questions have been sufficiently answered (although I am not happy about the result).  I would like to split the points between the two of you but I do not know how to do that.

Can you please let me know?

Thank you both for your help.

Kind regards
Reinhard
p.s.  If either of you wants to take a last shot at the question "How to maximally ensure that a block of memory is only read by my program and all other accesses are detected reliably" then please go ahead.  If a better answer deserves the whole points then I will give them undivided, otherwise I will (try to) divide them.   Thanks again!
0
 
LVL 11

Expert Comment

by:bcladd
ID: 10481849
sNo comment has been added lately, so it's time to clean up this TA. I will
leave a recommendation in the Cleanup topic area that this question is:

Answered: Points split between grg99 and jkr

Please leave any comments here within the next four days.

Experts: Silence means you don't care. Grading recommendations are made in light
of the posted grading guidlines (http://www.experts-exchange.com/help.jsp#hi73).

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

-bcl (bcladd)
EE Cleanup Volunteer
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is a continuation of the C/C++ Visual Studio Express debugger series. Part 1 provided a quick start guide in using the debugger. Part 2 focused on additional topics in breakpoints. As your assignments become a little more …
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question