-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathNotesTODO.txt
73 lines (52 loc) · 2.54 KB
/
NotesTODO.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
Currently on dev github branch.
Inproess of spellcehcking coments/ variable names as well as implenmenting ThreadContext
****************
Telemetry Class functional is a way to register handlers for exceptions of arbitrarty values and let
the user of the API deal with said exceptions without the need of knowning *which* class to use.
***************
Begin work on winsock telemetry wrapper to MiTM a single process's IPv4/6 communcaiton
Before publish release,
Stablish ThreadContext, process context, and ensure symobl handler enough
so that risk of an exception on the native side is minumal and the managed side has handlers for their problems.
Write up some samples to show different things.
Spawn a process
Spawn and debug a process
Fetch thread data
Set thread data.
Figure way to monitize it.
Suggestions?
MIT for personal / non commercial license with a Pay pal link included.
Commercial License
Malware Analyis
Personal
As it one has none plans to monitize this or distribute for cash.
Commercial
A Company wants to use this for something that does not deal with malware anaylsis
Malware Anaylis
Company / Personal is using this to do that.
Right reserced to suspend price (if any) for emergent threats.
Remove the FileSandBoxHelper DLL because it uses somethings that I'm not quite ready to release into the public.
-> Add writeup on how Detours can be used with this library. - for example, Routing NtCreateFileA/W to point to a zip file instread.
Current Native pinvoke structure is placing everything in NativeMethods class.
-> Decide on security impleincations / needs and move between
SafeNativeMethods
UnsafeNativeMethods
NativeMethods
What?s the different?
NativeMathodssbhu
(System.Security.SuppressUnmanagedCodeSecurityAttribute must not be applied to this class.)
Ok for wanywhere as a stackwalk is performed
SafeNativeMethods
(System.Security.SuppressUnmanagedCodeSecurityAttribute
Stackwalk supprised
Callers need not perform full security review
UnsafeNativeMethods
Stackwalk suprosed
(System.Security.SuppressUnmanagedCodeSecurityAttribute is appplied
Risky methods.
A Calls need full security review before using this.
Thoughts:
Understand the risk between the three.
Need not be consisitant between repleases as public code in the sheetch does not export.
All the methods do have a bit of security risk as they deal with spawning, writing and reading to processes.
The debug method privlage will be placed in UnsafeNativeMethods (if inported at all)