All geek questions in one place

So what are Windows Atom tables for?

The security world was stunned by a new code-entry technology called “atomic bombing” (see “Description of an Injection Attack” and the Question on Sharing Security Files ). Simply put, an attacker can use atom tables to store executable code.

The threat is that the global atom table function exists in all versions of Windows and is a deliberate function, not an error. It is unclear how to reduce the threat through changes in Windows.

What are Windows Atom tables used for? If Microsoft simply said “what is it, no more atom tables”, what would be the impact?

+4
source share
1 answer

TL DR: I personally do not think that Microsoft will make any changes to the global atom table, since this is only a minor security issue.

The atomic table allows you to associate a row with a 16-bit number. You give Windows your line, and it returns you the number. Then you can restore the string again, knowing the assigned number.

Each normal process has its own table of local atoms, but it is usually empty and is not a security problem.

"" , . 1 . MSDN , RegisterClipboardFormat RegisterClass . , SetProp, , , , GlobalAddAtom.

- , DDE. , 8 (2 , 4 ), URL-.

, //URL , GlobalAddAtom. GlobalAddAtom , . DDE, GlobalGetAtomName .

? , (IMHO) , , ; .

, OpenProcess, , VirtalAllocEx, , WriteProcessMemory, , , CreateRemoteThread, .

GlobalGetAtomName (NtQueueApcThread), WriteProcessMemory. , ROP NtQueueApcThread, , - / .

, , NtQueueApcThread , . NtQueueApcThread, , , , , -, , , .

Microsoft ? , , .

? , , API 20 , Microsoft .

, , . , . , .

, Microsoft , , ?

Microsoft DDE Windows XP, Vista/7 . Windows 8.1 Internet Explorer - DDE " ", .html. ddeexec, , DDE . DDE , . ; .

DDE , , / .

, DDE, , .

, , , .

+6

Source: https://habr.com/ru/post/1660531/

More articles:


All Articles