Debugger and Sandboxes in Windows

It is not always possible or desirable to set up a Virtual Machine for debugging an application. While useful, it can be boring to work within a VM, and on the other hand it can become an useless complexity. However, you need administrator’s privilege to debug (seDebugPrivilege turned on). And this means your debuggee will run as administrator too. So? In Windows XP, a good solution is to perform a full sand-boxing of the Debuggee, but there are other solutions too.

One is to make the debuggee and the debugger run on different accounts. So, the debugger runs as administrator and the debuggee as a limited user.

A limited user cannot install drivers, alter executables, Windows stuff, and better- it stays away from our private document folder.

Yes, but how obtain this? A simple yet effective solution is to hook the function responsible for launching the debuggee, and force it to start under another account.

Sphere: Related Content

Comments

• Tag Cloud

  Binary Analysis Binary Auditing CMMI ISO/IEC 15504 ISO/IEC 17024 Process Management Reverse Code Engineering Risk Assessment Security Engineering Security Risk Management Software Engineering Software Process Improvement and Capability dEterminati SPICE SSE-CMM Systems Security Engineering Capability Maturity Model

• Recent Posts

  • Microsoft Security Risk Management Guide - Worth a look?
  • Debugger and Sandboxes in Windows
  • How secure is SSE-CMM?
  • Insecure SPICE?

• Categories

  • Binary Auditing
  • Featured Article
  • Lead Article
  • Secure Software Engineering

• Blogroll

  • Cognitive Debugging
  • Damn Vulnerable Linux
  • IITAC
  • Scientific Hacking