Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Is GlobalLock() hacker/cracker-proof?

Posted on 2003-10-21
11
328 Views
Last Modified: 2010-05-18
Hello,

I have a very simple yes/no-question for which I'd like a detailed answer :))

The simple question:   Can GlobalLock() under Windows be trusted?


The more elaborate sub-questions:

I have sensitive data to process in one of my Windows programs.

If I use GlobalAlloc(),  and then use GlobalLock() on these heap-pages, how secure are they from spying eyes?

Who can read those pages (I assume just the locking thread or is it the locking process?)?
What actually does GlobalLock on the deep levels of Windows?
How can "locked" pages be broken into by a cracker/hacker and how can that be prevented or at least detected?

What do I have to do to detect read-access to a certain memory-page.  (Read, if I don't want to trust the locking mechanism of Windows, can I somehow monitor what processes or threads are reading from that memory-area, and if I detect an intruder, I would clear the memory area again and terminate my program.   How would I implement such a page-watch mechanism reliably) ?

Can I prevent Windows from swapping my locked pages to the swapfile on disk?
Do device drivers or other Ring0 code have free access to locked pages?

Basically I want to make sure that ONLY my thread (not even my whole process, just the locking thread) can read from a certain memory-page.  Is that possible under Windows?
Could you point me to websites that deal with that problem?

Simple question, probably no simple answers :))

But thank you all for your input!

Kind regards
Reinhard

0
Comment
Question by:rhopperger
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 22

Accepted Solution

by:
grg99 earned 63 total points
ID: 9592100
I think you're misinterpreting what GlobalLock() does.

IIRC all it does is force that range of addresses to stay in real silicon.
Nothing to do with access rights.

Also the whole concept of "peeking" into other address spaces varies from version to version of windows.

On Windows 95/98/Se/Me there is no real security..  Programs can peek anywhere using standard API's.

On Windows NT/2000/XP security is much better... In theory you can't go poking and peeking into any old address,
at least not with the typical access rights.   You have to have "admin" privs. to do any major peeking and poking.



0
 
LVL 86

Assisted Solution

by:jkr
jkr earned 62 total points
ID: 9592119
>>If I use GlobalAlloc(),  and then use GlobalLock() on these heap-pages, how secure are they from spying eyes?

Not at all. Any debugger will be able to read that memory.

>>What do I have to do to detect read-access to a certain memory-page

There's no way to do so. At best, you will be able to tell whether your program is running under a debugger ('IsDebuggerPresent()')

>> I want to make sure that ONLY my thread can read from a certain memory-page.  Is that possible under
>> Windows?

No. Not even in kernel mode (remember SoftICE :o)
0
 

Author Comment

by:rhopperger
ID: 9592372
grg99, jkr,  thank you for your comments.
So if I read that right then GlobalLock means nothing other than "Fix the block in memory and give me a pointer".  It makes the block immovable.   Ok.  Accepted.

So obviously there's no such thing as "locked" memory under Windows.

How can I then detect if anybody other than my thread is reading from that memory?
Can I create some code that receives a memory page exception or something the like when a read is done ?

Thanks for your help!
Reinhard
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 86

Expert Comment

by:jkr
ID: 9592416
>>Can I create some code that receives a memory page exception or something the like when a read is done ?

You could use 'VirtualProtect()' with 'PAGE_NOACCESS' to generate access violations when that memory area is accessed - but, as with everything, a hacker could reset the page status also. And, the access violation does not apply to a debugger reading the memory...
0
 

Author Comment

by:rhopperger
ID: 9592784
thanks again jkr.   So no chance for any kind of "private" memory?

I could try to detect a debugger and rule out that case.   If a debugger is detected, I would just not run my program.

So I would only have to get an exception or notification if any other program (ring0 or 3) accesses my memory-page.

Would VirtualProtect() accomplish this reliably?    Are there work-arounds around VirtualProtect that others can use to still get access to my page?

Thanks a lot for your help!
Reinhard
0
 
LVL 17

Expert Comment

by:rstaveley
ID: 9594265
Can't you put the process with sensitive data onto a separate secure PC - i.e. a PC which doesn't have unknown processes running on it?
0
 
LVL 86

Expert Comment

by:jkr
ID: 9595444
>>If a debugger is detected, I would just not run my program.

Remember that a hacker could zero out such functionality - it just adds another hurdle, but does not make anything "proof"

>>So I would only have to get an exception or notification if any other program (ring0 or 3)
>>accesses my memory-page.

Yup, an access violation to be precise.

>>Would VirtualProtect() accomplish this reliably?

Definitely.

>>Are there work-arounds around VirtualProtect that others can use to still get access to my
>>page?

Yes :o)

Using a debugger or just changing the page's protection attributes etc. *veg*
0
 
LVL 22

Expert Comment

by:grg99
ID: 9595679
I don' tthink this page-protect business is going to help you much.

Maybe you culd give us a hint as to what you're trying to do?

If you're trying to protect data in memory, you could always encrypt it.
To protect code, you could encrypt it and then just decrypt small bits at a time.
or write the code in some pseudo-language like java byte-codes.

That will stop 95% or so of the crackers.  For the rest, you leave some text in ther like
"If yo can decode this, we may want to hire you"




0
 

Author Comment

by:rhopperger
ID: 9599252
Hello again.

I think my questions have been sufficiently answered (although I am not happy about the result).  I would like to split the points between the two of you but I do not know how to do that.

Can you please let me know?

Thank you both for your help.

Kind regards
Reinhard
p.s.  If either of you wants to take a last shot at the question "How to maximally ensure that a block of memory is only read by my program and all other accesses are detected reliably" then please go ahead.  If a better answer deserves the whole points then I will give them undivided, otherwise I will (try to) divide them.   Thanks again!
0
 
LVL 11

Expert Comment

by:bcladd
ID: 10481849
sNo comment has been added lately, so it's time to clean up this TA. I will
leave a recommendation in the Cleanup topic area that this question is:

Answered: Points split between grg99 and jkr

Please leave any comments here within the next four days.

Experts: Silence means you don't care. Grading recommendations are made in light
of the posted grading guidlines (http://www.experts-exchange.com/help.jsp#hi73).

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

-bcl (bcladd)
EE Cleanup Volunteer
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction This article is the first in a series of articles about the C/C++ Visual Studio Express debugger.  It provides a quick start guide in using the debugger. Part 2 focuses on additional topics in breakpoints.  Lastly, Part 3 focuses on th…
  Included as part of the C++ Standard Template Library (STL) is a collection of generic containers. Each of these containers serves a different purpose and has different pros and cons. It is often difficult to decide which container to use and …
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question