Solved

Is GlobalLock() hacker/cracker-proof?

Posted on 2003-10-21
11
341 Views
Last Modified: 2010-05-18
Hello,

I have a very simple yes/no-question for which I'd like a detailed answer :))

The simple question:   Can GlobalLock() under Windows be trusted?


The more elaborate sub-questions:

I have sensitive data to process in one of my Windows programs.

If I use GlobalAlloc(),  and then use GlobalLock() on these heap-pages, how secure are they from spying eyes?

Who can read those pages (I assume just the locking thread or is it the locking process?)?
What actually does GlobalLock on the deep levels of Windows?
How can "locked" pages be broken into by a cracker/hacker and how can that be prevented or at least detected?

What do I have to do to detect read-access to a certain memory-page.  (Read, if I don't want to trust the locking mechanism of Windows, can I somehow monitor what processes or threads are reading from that memory-area, and if I detect an intruder, I would clear the memory area again and terminate my program.   How would I implement such a page-watch mechanism reliably) ?

Can I prevent Windows from swapping my locked pages to the swapfile on disk?
Do device drivers or other Ring0 code have free access to locked pages?

Basically I want to make sure that ONLY my thread (not even my whole process, just the locking thread) can read from a certain memory-page.  Is that possible under Windows?
Could you point me to websites that deal with that problem?

Simple question, probably no simple answers :))

But thank you all for your input!

Kind regards
Reinhard

0
Comment
Question by:rhopperger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 22

Accepted Solution

by:
grg99 earned 63 total points
ID: 9592100
I think you're misinterpreting what GlobalLock() does.

IIRC all it does is force that range of addresses to stay in real silicon.
Nothing to do with access rights.

Also the whole concept of "peeking" into other address spaces varies from version to version of windows.

On Windows 95/98/Se/Me there is no real security..  Programs can peek anywhere using standard API's.

On Windows NT/2000/XP security is much better... In theory you can't go poking and peeking into any old address,
at least not with the typical access rights.   You have to have "admin" privs. to do any major peeking and poking.



0
 
LVL 86

Assisted Solution

by:jkr
jkr earned 62 total points
ID: 9592119
>>If I use GlobalAlloc(),  and then use GlobalLock() on these heap-pages, how secure are they from spying eyes?

Not at all. Any debugger will be able to read that memory.

>>What do I have to do to detect read-access to a certain memory-page

There's no way to do so. At best, you will be able to tell whether your program is running under a debugger ('IsDebuggerPresent()')

>> I want to make sure that ONLY my thread can read from a certain memory-page.  Is that possible under
>> Windows?

No. Not even in kernel mode (remember SoftICE :o)
0
 

Author Comment

by:rhopperger
ID: 9592372
grg99, jkr,  thank you for your comments.
So if I read that right then GlobalLock means nothing other than "Fix the block in memory and give me a pointer".  It makes the block immovable.   Ok.  Accepted.

So obviously there's no such thing as "locked" memory under Windows.

How can I then detect if anybody other than my thread is reading from that memory?
Can I create some code that receives a memory page exception or something the like when a read is done ?

Thanks for your help!
Reinhard
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 86

Expert Comment

by:jkr
ID: 9592416
>>Can I create some code that receives a memory page exception or something the like when a read is done ?

You could use 'VirtualProtect()' with 'PAGE_NOACCESS' to generate access violations when that memory area is accessed - but, as with everything, a hacker could reset the page status also. And, the access violation does not apply to a debugger reading the memory...
0
 

Author Comment

by:rhopperger
ID: 9592784
thanks again jkr.   So no chance for any kind of "private" memory?

I could try to detect a debugger and rule out that case.   If a debugger is detected, I would just not run my program.

So I would only have to get an exception or notification if any other program (ring0 or 3) accesses my memory-page.

Would VirtualProtect() accomplish this reliably?    Are there work-arounds around VirtualProtect that others can use to still get access to my page?

Thanks a lot for your help!
Reinhard
0
 
LVL 17

Expert Comment

by:rstaveley
ID: 9594265
Can't you put the process with sensitive data onto a separate secure PC - i.e. a PC which doesn't have unknown processes running on it?
0
 
LVL 86

Expert Comment

by:jkr
ID: 9595444
>>If a debugger is detected, I would just not run my program.

Remember that a hacker could zero out such functionality - it just adds another hurdle, but does not make anything "proof"

>>So I would only have to get an exception or notification if any other program (ring0 or 3)
>>accesses my memory-page.

Yup, an access violation to be precise.

>>Would VirtualProtect() accomplish this reliably?

Definitely.

>>Are there work-arounds around VirtualProtect that others can use to still get access to my
>>page?

Yes :o)

Using a debugger or just changing the page's protection attributes etc. *veg*
0
 
LVL 22

Expert Comment

by:grg99
ID: 9595679
I don' tthink this page-protect business is going to help you much.

Maybe you culd give us a hint as to what you're trying to do?

If you're trying to protect data in memory, you could always encrypt it.
To protect code, you could encrypt it and then just decrypt small bits at a time.
or write the code in some pseudo-language like java byte-codes.

That will stop 95% or so of the crackers.  For the rest, you leave some text in ther like
"If yo can decode this, we may want to hire you"




0
 

Author Comment

by:rhopperger
ID: 9599252
Hello again.

I think my questions have been sufficiently answered (although I am not happy about the result).  I would like to split the points between the two of you but I do not know how to do that.

Can you please let me know?

Thank you both for your help.

Kind regards
Reinhard
p.s.  If either of you wants to take a last shot at the question "How to maximally ensure that a block of memory is only read by my program and all other accesses are detected reliably" then please go ahead.  If a better answer deserves the whole points then I will give them undivided, otherwise I will (try to) divide them.   Thanks again!
0
 
LVL 11

Expert Comment

by:bcladd
ID: 10481849
sNo comment has been added lately, so it's time to clean up this TA. I will
leave a recommendation in the Cleanup topic area that this question is:

Answered: Points split between grg99 and jkr

Please leave any comments here within the next four days.

Experts: Silence means you don't care. Grading recommendations are made in light
of the posted grading guidlines (http://www.experts-exchange.com/help.jsp#hi73).

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

-bcl (bcladd)
EE Cleanup Volunteer
0

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Errors will happen. It is a fact of life for the programmer. How and when errors are detected have a great impact on quality and cost of a product. It is better to detect errors at compile time, when possible and practical. Errors that make their wa…
Introduction This article is a continuation of the C/C++ Visual Studio Express debugger series. Part 1 provided a quick start guide in using the debugger. Part 2 focused on additional topics in breakpoints. As your assignments become a little more …
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question