[ros-dev] LSASS and MSV1_0.DLL - more research

Luke Kenneth Casson Leighton lkcl at lkcl.net
Sat Sep 10 23:44:55 CEST 2005

lots of people appear to have done quite thorough amounts of digging
into MSV1_0.DLL due to it being the key to security attacks and stuff

e.g. http://www.security-protocols.com/whitepapers/NT/NTcred.txt

the two that i have read so far describe how WINLOGON.EXE is a
"user" of the LSASS system by doing a LsaLookupAuthenticationPackage
call, in order to obtain, presumably, the vector-table which MSV1_0.DLL
registers with the LSASS, and then once that vector-table is obtained,
they then go on to describe how MSV1_0.DLL may be attacked, by
describing in detail the data structures in it.

how very convenient for actually implementing one :)


<a href="http://lkcl.net">http://lkcl.net</a>

More information about the Ros-dev mailing list