SHELLCODE EXECUTION PROTECTION FOR
WINDOWS NT
PROTTY PROJECT
CURRENT RELEASE VERSION 01A (BETA) - DOWNLOAD
by Piotr Bania
http://www.piotrbania.com
| Disclaimer |
Author takes no responsibility for any actions with provided informations or codes. The copyright for any material created by the author is reserved. Any duplication of codes or texts provided here in electronic or printed publications is not permitted without the author's agreement. If you disagree - leave now!
|
| What is Protty ? |
Protty is a ring 3 library developed to protect against shellcode execution on Windows NT based systems. The full description of the mechanism was published within the Phrack magazine volume #63 (sources of the initial release are also available) . Currently Protty stops most known Windows shellcodes. Moreover it can block some types of viruses which use similiar methods as shellcodes do.
|
| Main Protty v.01a (test phase) |
- Process Environment Block protection (currently 2 modules protection used) - Structured Exception Handling protection - Import section killing (currently main application only) - Export section protection (currently 2 modules protection used) - RtlEnterCrticialSection protecting (currently disabled)
|
| Download |
| CURRENT RELEASE VERSION 01A (BETA) - DOWNLOAD
|
| Sponsors and support |
If you want to sponsor or support Protty library with your own ideas. don’t hesitate to contact me, you can do this by using this email: bania.piotr@gmail.com. |