WindowsXP Service Pack 1 seems to have fixed the
WM_TIMER message bug, which was the base for all
shatter attacks.
How was it fixed? as Matt Pietrek had written in his
1997 MSJ article a list of all registered timer
functions is saved, and any WM_TIMER message is
checked against that list.
I traced DispatchMessage api and found a function
named _NtValidateCallbackProc which seems to do the
checking(You need to have XP SP1 debug symbols
installed to see its name). The attached program shows
how a timer function is validated.
WindowsXP Service Pack 1 seems to have fixed the
WM_TIMER message bug, which was the base for all
shatter attacks.
How was it fixed? as Matt Pietrek had written in his
1997 MSJ article a list of all registered timer
functions is saved, and any WM_TIMER message is
checked against that list.
I traced DispatchMessage api and found a function
named _NtValidateCallbackProc which seems to do the
checking(You need to have XP SP1 debug symbols
installed to see its name). The attached program shows
how a timer function is validated.
MSJ article address :
http://www.microsoft.com/msj/defaultframe.asp?page=/msj/0397/hood/hood03
97.htm&nav=/msj/0397/newnav.htm
bye
-------------
Mohsen Hariri
__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
[ reply ]