Oliver, > Yes. Before we go prompting users ever time someone calls > CreateFile, though, there are much simpler measures. One of them would make > OpenProcess require a priviledge of some sort (see below). Restricting OpenProcess won't help much. For example, CreateProcess will return a handle with full access. Actually, the Windows NT code to start a process utilizes this fact to write to the new process' memory space (although using native calls rather than Win32). Essentially, once someone can execute arbitrary code on your system you're toast. There are just too many holes in Windows for it to be feasible to plug them all. The focus ought to be on preventing the code execution in the first place, not on trying to contain it. Best regards, Torbjörn Hovmark ______________________________________ Abtrusion Security AB - next generation intrusion protection http://www.abtrusion.com
