Win32 Programming
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Win32 Programming

  1. #1
    Banned
    Join Date
    Sep 2002
    Posts
    17

    Win32 Programming

    I'm just getting into Win32 programming with C, and have noticed some funny things. Using Win32 you can shut down a computer, play around with drives, and other neat stuff. What is there to stop an evil prgrammer from exploiting these commands?

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    outside of needing access to the mach or getting someone else to run it on the machine...not much. virus protection does look for devistating lines of code and does provide a measure of protection.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    More than likely, they are already patched since I think that form of programming is sort of outdated, I could be wrong though. I'm reading a book called "Windows 32 Programming For Dummies" and so far it has helped me learn it. I'm into learning alot of outdated or old material since I generally have a basic to advanced understanding and knowledge of today's usual stuff (VisualBasic, PHP, Perl, C/C++). I've been trying to learn, as I said, some old things so I can increase my knowledge and to see how some older programming languages started out. Anyways, my advice to you would be to read a few books, search for some e-books or tutorials, and to be a little more forward with the question (Sorry, I didn't understand part of it).

    Also, what Tedob1 said is true, because with the right firewalls, virus protection, and the common means to security, it wouldn't be easy to exploit. Remember, mostly every program has a vulnerability or way to be exploited.
    Space For Rent.. =]

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027

    Re: Win32 Programming

    Originally posted here by Ajchez
    I'm just getting into Win32 programming with C, and have noticed some funny things. Using Win32 you can shut down a computer, play around with drives, and other neat stuff. What is there to stop an evil prgrammer from exploiting these commands?
    Depends:
    On win9x/me, there are no security restrictions, so the anwser would be "nothing" except user vigilance.

    On winNT4/2K/XP, it's a diffrent story: on these, system call are restricted based on the configuration (local security policy: user rights assignments, security options ), so what a program is allowed to do is restricted based on the user owning the process's permissions.


    Ammo
    Credit travels up, blame travels down -- The Boss

  5. #5
    Banned
    Join Date
    Jul 2002
    Posts
    877
    The way C++ can do things with Internet Explorer, this can also be a great tool for makeing worms. DOS commands... you can do alot of stuff in dos. And in M$-WORD 97 you can attach code into a document. You can do alot of good and bad things in a PC. Nothing can totally protect you no matter what OS you have or how many patches you download.

    Be paraniod! Thats part of the fun of being admin. over your own PC and/or network.

  6. #6
    Banned
    Join Date
    Sep 2002
    Posts
    17
    Thanks for your replies. After using the security juggernaut that is JAVA, I was pretty amazed you could do some of the stuff with C++.

  7. #7
    Member
    Join Date
    Aug 2001
    Posts
    46
    Ajchez > Just keep in mind what it is that you are actually doing. Programming languages by themselves don't open holes for malicious hackers to penetrate your system. The assumption is that if you write a program for distribution that the people who are installing and running that piece of software know who you are and what the program does. The oneness is on the owner of the computer to make sure that the programs they install aren't malicious. In other words, if I write a C program that will wipe a hard drive and disable peripheral devices it can't do anything unless someone runs it.

    And just a note about Java, while it is fundamentally secure, I can still write an application in Java that can wipe a machine. Applets are a little different since by their nature they really aren't allowed to do anything other than run in a browser, but a full Java app can toast a system as easily as a C++ app.
    Time is a created thing -- to say \"I don\'t have time\" is like saying \"I don\'t want to.\"

    Lao-Tzu

  8. #8
    Deceased x acidreign x's Avatar
    Join Date
    Jul 2002
    Posts
    455
    I am reminded of a quote... "C makes it easy to shoot yourself in the foot, C++ makes it harder, but when you do, it blows away your entire leg."
    :q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    The Win32 API is there for the legitimate program to carry out legitimate tasks. Its completeness means that you can achieve most things relatively easily.

    This can be used for good or evil.

    The win32 API is no different from any other OS or language - I can just as easily write a hard-disc frying program in Java (except that inside an applet it would not be allowed to run - outside an applet it can still fry the disc.)

    Programmers who see what you can do can now fully appreciate the risks associated with running untrusted binaries. It's a pity that (most) other users can't

  10. #10
    Banned
    Join Date
    Sep 2002
    Posts
    17
    It is true that it takes a malicious programmer to make malicious code, but there are a bunch of programmers out there. C++ is incredible, and I wish I could afford MSVC++. Can an AV program actually look for commands that delete things, or pass system handles? I wrote a test program that looked and actually worked as an SMTP client. Yet, if anyone clicked "Send", their hard drive was formatted. My friend and I put it on his computer, and none of his AV caught it. How does one protect themselves from this, as I download programs all the time.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •