It also helps that Riot Games sued a lot of the old scripting platforms and for small groups who develope scripts can't pay them when they get sued. In kernel mode case, it will be really difficult (only Windows debugging another Windows install with driver, or directly reverse engineering Kernel driver component which is really hard and time consuming). Can I see something tries to log stuff it shouldn't? Generally yes easly, of course i don't audit every single small piece of software running, but for most popular game in the world, I assure you there are lots of people who can monitor LoL's actions and raise public attention if something goes wrong. You can call stuff directly, you can use memory of other stuff directly, and since you can hook windows API functions, theoreticly you can monitor every single call every program does on your machine, with data included.įor example I work for company where I am not allowed to share clients data obviously and I am under secret clauses etc.
What happens when you go kernel mode? All of that is gone. process A cannot access memory of process B directly, only by those specific readProcess() function from windows kernel. Also worth mentioning, admin privilages doesn't break process memory isolation. they see file is not digitally signed, and reads files it should not, and modifies files it should not -> yeah it is a threat. Every function call can be seen by program like this :Īntiviruses for example rely a lot on that, eg. If you even have admin/root privilages, and you call a function, you are monitored you did it.
System has certain API/functions exposed to users. I will tell you as person who actually is into security (sorry for necroing).
0 kommentar(er)
