Another stab with a little more clarity --- Hello all, On a related topic. Would it not be possible to use a similar exploit technique, specifically concerning NAI's fine products, to establish a bogus pagefile.sys. For Example: Search the system for valid HD drives: C: D: E:, etc. not removable and RW use a (little better, maybe I'll post some code) paging a little at a time to disk and decoding... to a drive without a pagefile.sys Now all that is left to do is to get the system to read the code, yes? Not to difficult considering the constant reads done to paging files. Maybe you could even race the thing into memory??? I believe pagefile.sys and windows.swap files are excluded by default, and AFAIK Windows NT does not 'scan' the drive or establish a new pagefile, that is at boot time all done by (previous) registry configuration. Just a thought. The InfoBro Eric Williams, Pres. Information Brokers, Inc. http://www.infobro.com/ mailto:ericat_private For More Info: infoat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:37 PDT