Defense in depth — the Microsoft way (part 68): where compatibility means vulnerability
Posted by Stefan Kanthak on Dec 18
Hi @ll,
this post is a shortened version of
<https://skanthak.homepage.t-online.de/detour.html>
With Windows 2000 and Windows XP, Microsoft introduced the functions
SystemFunction035() alias RtlCheckSignatureInFile(),
SystemFunction036() alias RtlGenRandom(),
SystemFunction040() alias RtlEncryptMemory(), and
SystemFunction041() alias RtlDecryptMemory() in ADVAPI32.dll
Note: RtlCheckSignatureInFile() was never documented, it has the…
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
