Defense in depth — the Microsoft way (part 68): where compatibility means vulnerability

Click the icon to Follow me:- twitterTelegramRedditDiscord

Posted by Stefan Kanthak on Dec 18

Hi @ll,

this post is a shortened version of
<https://skanthak.homepage.t-online.de/detour.html>

With Windows 2000 and Windows XP, Microsoft introduced the functions
SystemFunction035() alias RtlCheckSignatureInFile(),
SystemFunction036() alias RtlGenRandom(),
SystemFunction040() alias RtlEncryptMemory(), and
SystemFunction041() alias RtlDecryptMemory() in ADVAPI32.dll

Note: RtlCheckSignatureInFile() was never documented, it has the…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source