Windows Firewall Programming [closed] - windows

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I googled many times till I created this question, so please excuse me if there are some tutorials out there. I didn't found them.
How can I code a firewall application in windows? I thought about a usermode fiewall using inline hooks in every process, but there is the problem that I can't hook csrss.exe (which creates the new processes) in windows 7. The second thing is that it's not very clean and will be detected as malware for sure.
So I think that I should hook the APIs in kernel mode as a driver. But there are 3 problems.
First I don't know the kernel APIs
for the windows sockets.
Second I havent't got any experience in kernel
mode hooks.
Third I don't know if
it's the right way.
Don't worry, I know that it's not easy and I'm not a beginner with jsut an idea ;). If anyone has got good information please share it.
Oh and I want to write for x86 Systems ;).

You need Windows Filtering Platform (WFP).
With the WFP API, developers can
implement firewalls, intrusion
detection systems, antivirus programs,
network monitoring tools, and parental
controls. WFP integrates with and
provides support for firewall features
such as authenticated communication
and dynamic firewall configuration
based on applications' use of sockets
API (application-based policy). WFP
also provides infrastructure for IPsec
policy management, change
notifications, network diagnostics,
and stateful filtering.

Related

How hard is it to control laptop's battery charge or to limit? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 months ago.
Improve this question
I wonder if it is possible to write a program which would limit the battery charge of a laptop. I know some manufacturers like Asus, Lenovo etc. have such build-in software, but I am curious if anyone had tried creating a universal software for that and if you would share some starting points. Not sure if that is even possible since I am unable to find such software. Thanks!
There is an almost generic tool for Linux: TLP. You find it's homepage (including a link to the source code) on https://linrunner.de/tlp/. It works as power saving utility and also can adjust the battery charge levels, BUT that feature is only for ThinkPads.
To my knowledge there is no universal interface to set the charge levels of laptop batteries, so a generic utility would have to know all that vendor specific settings probably.
A short research showed, that Linux supports more than Lenovo inside some kernel drivers, so maybe that code could help you to also write software for a different OS. My advice would be to research the possibilities for Linux to then think about a generic utility for another operating system.

What is the difference between distro features, machine features and image features ? What dependicies between them? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I am using Yocto project to build a customized distribution to my board. I just want to ask you, what is the difference between distro features, machine features and image features ?
Yocto uses features as a means to figure out which libraries, utilities and kernel modules to include in the image.
There is some overlap between the three feature categories (especially distro- and image features), and it is not always obvious where to look for a particular feature. For example, api-documentation is a distro feature, while doc-pkgs is an image feature.
So these definitions are my own, check out the reference manual for more details.
Machine features are related to the hardware that the image is built for. For instance, the rtc feature specifies that the hardware has a built-in real-time clock, while the bluetooth feature indicates that the hardware supports bluetooth.
Distro features select broader categories of software support, though there is some overlap with machine features. Examples of distro-level features include ipv6, systemd and x11.
Image features typically (but not always, see splash or read-only-rootfs) are used to enable functionality useful for debugging and diagnosing issues. For example, allow-empty-password configures SSH servers to allow root login without password, and dbg-pkgs installs debug symbols for all packages in the image.

Analysis of hostile code. How to deal with packer and how to figure out the language it is written on? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I received a tailored email with an infected attachment from a public email. I would like to more about the payload. What is the right way to study this? I would like to use a debugger. Easier, but riskier option is to run it on Windows guest/Linux host on a sacrificial box without wifi card and comparing disk images before and after infection.
If I go the debugger way, how should I unpack the code?
How to tell in what language the malware was written?
Can any code be debugged by changing defensive conditional jumps (like "if debugger present" jump, or there are other pitfalls?
How likely is it for malware jailbreak vmware and infect Linux host?
This is a time consuming project. You should familiarize yourself with several tools:
You will need to identify packer. PEID is a good start.
Unpacking tools (GUNPacker).
Debuggers (OllyDbg or WinDbg).
Code analysis tool (LordPE).
Dissasembler.
Binary Analysis Tools (PE Explorer).
At least get confident using these tools on your own code. Otherwise, it might be better to contact professionals.

Can you Host Windows Apps Online? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
Can you host demos of open source apps online, similar to how http://php.opensourcecms.com/ does for CMSs? For example, could you host a demo of Open Office for people to try out online? Maybe by connecting to a server that has Windows 7 installed or some Windows 7 simulator. How would you do that if you could?
It would certainly be possible, using something like a combination of remote desktop and virtual servers, however I haven't seen any solution like that.
The main reason for that is of course that it would require a lot of hardware. While a web server can handle thousands of concurrent users, a server running virtual remote sessions would be able to handle something in the range of 10-20 concurrent users.
Being somewhere around 100 times more expensive than running web servers, one can easily see why there is little demand for such technology.
There are various ways in which the visual display and mouse interaction of a Windows app can appear on a user's machine while actually running remotely. Refer to—for instance—the RFB protocol which is used by VNC.
It even appears there are some efforts to embed such remote screens into browsers using Flash. I haven't tried it:
http://flashlight-vnc.sourceforge.net/
As #Guffa points out, this really won't scale very well. But at smaller scales it's important to be aware of: I'm a big advocate of using approaches like this when someone has a niche legacy intranet application written in something like Visual Basic that only a few people use. (Why rewrite something that already works in Ruby-on-Rails or whatever if only 10 people in the world will ever use it?)
At a meta-level, I think dropping users into an app they don't know how to use isn't always the best way of selling it. With pervasive Internet video I think there's a big potential for screencasts to explain and introduce software, or teach them features:
http://en.wikipedia.org/wiki/Screencast
It shows people what's possible, is easy for them to pass around, and is a lot less of a development/administrative/security effort on your part.

X11 Feature for MS Windows [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
For decades, X11 has provided the possibility to have many virtual desktops that can be accessed by different people from different machines. The virtual desktops are thus independent of the real physical desktop.
I'm wondering whether there is something similar already on MS windows OS. I would think this could be easily done if virtual desktop managers could make the virtual desktops ---that they already maintain in memory--- available to remote desktop applications.
My needs come from the following situation. Often time, I have to provide support to remote users. In many cases, the support would take hours. Unfortunately, during this time, the user's computer is completely control by us and the user can't do anything. Now my question is whether there is a solution that would allow us to work and repair the user's computer on one virtual desktop while the user is actually working on the other virtual desktop attached the physical one.
Any input would be much appreciated.
Klaus.
The desktop versions of Windows are artificially limited by Microsoft to one desktop session at a time. They want you to spend the big bucks on Terminal Server if you want to have multiple sessions.
Workstation builds of Windows (with the notable exception of Media Center Edition, to support extender devices) are hardcoded to prevent concurrent sessions. That said, there are very unofficial third party binary patches that modify the Terminal Services code to remove the limitation.
Remote Desktop, from Microsoft is what you are looking for.
There are hacks for various versions of windows that allow concurrent Remote Desktop sessions. Here's one for Windows 7, but similar exist for vista and XP.

Resources