Some files, that are executed/or currently opened are prohibited even to read (like Windows SWAP file). I know, that it is a business of file system driver. How to disable (temporary/forever) that limitation and to read/write opened/executed files?
Posted on 2002-05-26 11:34:09 by Maestro
Operating Systems take things like Permissions very seriously.
About the only way that springs to mind of overriding the Operating System File Permissions is to get your hands dirty and go lowlevel, whether that be using INT13 BIOS calls to perform lowlevel sector-based read and writes to your target device (meaning emulating the FileSystem as well) or possibly by going to Ring Zero and calling 16-bit "lowlevel api functions" by hand
(..."Most 32-bit Windows API functions thunk down to 16-bit code"...)
I haven't had to perform many "hacks" on Win boxes, but when I wanted rawsocks on win98, I achieved it by using a VXD to talk directly to the NDIS layer of my network interface card.
I am assuming that File Permissions are not a "core" function of the Operating System, which could be flawed too.
Posted on 2002-05-26 15:04:41 by Homer
Anyway, what WIn32 is responsible for file/disk writing? Or it is a BIOS?
Posted on 2002-05-27 05:38:35 by Maestro
Maestro: File protection is there for a reason. There won't be any clean way to break this protection. There might be a way to do this using device drivers or other dirty tricks, although I don't know one.
Why do you want to read such files?

Thomas
Posted on 2002-05-27 05:59:31 by Thomas
That is my little secret :). Frankly, I need to add a portion to some DLL that is always protected by NT. So that is possible to do just under other OS than NT.

Can somebody tell me what should I concern about while searching for a way to break that protection? What driver does a file management under NT/2000 systems?
Posted on 2002-05-27 09:13:36 by Maestro
I know of only a few ways to do this... and I sure hope you have
legitimate reasons for doing this (like fixing the debugging "local-root"
NT exploit). One way would be booting either to dos mode (in case
you run FAT32), or the ERD system commander (in case you run NTFS),
to be able to overwrite system files with your patch.

Another solution would be writing a KMD to do the patch runtime
(IMO a lot safer), but this will be tricky if there's not enough space
in the executable/driver (I don't know how to allocate globally visible
shared memory, but I've been told that it's not entirely straightforward).
Posted on 2002-05-27 09:19:11 by f0dder
maestro,

why you dont copy the DLL, modify it, and set the system to update it in the next reboot?

ancev
Posted on 2002-05-27 15:33:04 by ancev