Exception Chain Validation (ECV, SEHOP).
Structure Exception Handler (SEH) overwrite - ???? ?? ?????????? ???????? ???????? ?????????? ?? ??????????? ???, ?????????? ????? ?? ??? ???? ?????????? (?????? – ???????????? ??????). ????? ???????, ??? ???? ?? ???????? ?????????? ?????? ?? ???? ????????? ????? ????????????? ??????? ?????? ????? ????-?????? ? https://www.thehun.net ???????? ??????? ?? ??? ????????.
Windows Vista SP1/Server 2008 ? ????? ??????? ?????? ??????? ???????? ???????? ?????? ?? ???? – Exception Chain Validation (ECV) ??? Structured Exception Handler Overwrite Protection (SEHOP). ? ????????? ECV ?? ????????? ???????? ?? ?????????? ??????? OS ??-?? ??????????????? ? ?????????? ???????? Cygwin, Skype ? ???????? ?????????? ? ??????? Armadillo. ???????, Skype, ??????? ? 4-?? ?????? ????????? ? ECV ?, ?????? ????????, Cygwin ? Armadillo ???? ??? ?????????? (??? ? ?? ? ?????, ?????? ???????????).
? ?????, ???? ??? ????????? ?????? :-) (?? ? ???? ?? ????????? – ?? ??), ?? ????? ???????? ECV. ? Knowledge Base ???????????? ??????, ?????????? ??? ??? ??????? – KB956607:
? ???? ???? ???????? ????? ?????????, ??????? ??????? regedit ? ??????? ??????? ????.
??????? ????????? ?????? ???????: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation
??????????: ???? ?? ??????? ????? ???????? DisableExceptionChainValidation ? ??????? ??????? HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\ ????????? ????????, ????????? ????, ????? ??????? ???.
- ???????? ?????? ??????? ???? ?????? kernel, ???????? ??????? ???????, ? ????? — ???????? DWORD.
- ??????? DisableExceptionChainValidation ? ??????? ??????? ????.
?????? ???????? ??????? DisableExceptionChainValidation.
????????? ????????? DisableExceptionChainValidation ???????? 0, ????? ???????? ???, ? ????? ??????? ?????? ??.
??????????: ???????? 1 ????????? ???? ???????? ???????. ???????? 0 ???????? ???.???????? ???????? ???????.
????????????? ??????, ??? ECV ???????? ?????? 32-? ?????? ??????????, ??????? ??, ??? ??????????? ??? Wow64 ?? 64-? ?????? ????????. 64-? ?????? ??? ?? ????????? ????? ???? ?????.
Cross-posted from blog.not-a-kernel-guy.com.