Post on 15-Dec-2015
Protector of My Digital Contents
So Cool(PL) 19th Kang, Sung won
19th Park, Jong min19th Park Gui mong
Agenda
1. Project Motive
2. Goal3. Architecture4. Detail5. Development Environment6. Division of Work7. Project Schedule8. Q & A
Protector of My Digital Contents Busan Samsung Software Membership
Project Motive
Protector of My Digital Contents Busan Samsung Software Membership
Project Motive
X?
User
Protector of My Digital Contents Busan Samsung Software Membership
Goal
Protector
Prevent Illegal Copy & Use
Unlimited
File Format
(Limited Period)
JPG
JPG
Regular Players
Protector of My Digital Contents Busan Samsung Software Membership
Entire Architecture
LicensePolicy
Contents
ProviderApplicatio
n
+
Web Server
WindowsDriver
ActiveX
LicensePolicy
LicensePolicy
Contents
User
WindowsDriver
WebServer Address
Connect(Using WebBrower)
Using ActiveX ( Automatically install Driver &
License )
Contents Transmit
Protector of My Digital Contents Busan Samsung Software Membership
Provider Architecture
ProviderApplicatio
nAdd File
Save String[]
License Setup to File
CAB File Auto Make
Add to Web Server& Running
Protector of My Digital Contents Busan Samsung Software Membership
DownLoader ArchitectureProvider User
Add File
ProviderApplicatio
n
WebServer DownFile
List
INCLUDE
Setup
RUN
WebServer DownFile
List
READ
DownlaoderFile Down
Protector of My Digital Contents Busan Samsung Software Membership
System Architecture (File System Filter Driver)
Application
I/O Manager
File System Filter
File System
Stack
User Level
Kernel Level
FilterManage
r
System Mini Filter Driver
NetworkMini FilterDriver
Protector of My Digital Contents Busan Samsung Software Membership
Detail (SSDT Hooking)
System Service Dispatch Table
XX
Keeper (Self Defender)
SystemService
Dispather
SystemService
XX
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Process Hide)
Keeper Driver (Self De-fender)
SystemInformationClass
SystemInformation
….
ReturnLength
SystemInformation-Length
NewZwQuerySystemInforma-tion
Process information
DCBA
Protector of My Digital Contents Busan Samsung Software Membership
Detail (File Hide)
Keeper Driver (Self De-fender)
hFile
hEvent
….
IoApcContext
FileInfoClass
NewZwQueryDirectoryFile Hide File & Folder inform
DCBA
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Active X)
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Active X)
.inf File Make
.CAB File Make
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Active X)
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Anti-Reversing)
Anti-Reversing Techniques
Anti-Analysis
BreakPoint Detection
Garbage Code
Anti-Disassembly
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Anti-Reversing)
Anti-Disassembly
Example Code
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Anti-Reversing)
Anti-Disassembly
Apply
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Anti-Reversing)
Anti-Disassembly
Result
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Anti-Reversing)
BreakPoint Detection
Apply
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Anti-Reversing)
BreakPoint Detection
Result
Will jump to the wrong memory address.
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Anti-Reversing)
Garbage Code
Apply
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Anti-Reversing)
Garbage Code
Result
Complex code
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Anti-Capture)
Anti-Capture
Empty clipboard
Native Api Hooking
Dll Injection
Ctrl + C, PrintScreen Key to prevent use
BitBlt() Hooking
NtGdiBitBlt() HookingUser
Anti-Capture
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Anti-Capture)
Anti-Capture
Native Api Hooking
NtGdiBitBlt Funtion Hooking
Win32k.sys SystemServiceDescriptorShadowTable Hook-ing
Protector of My Digital Contents Busan Samsung Software Membership
Detail (Device Driver Loader)
Device Driver Loader
Service Control Manager (SCM)
InstallHinfSection
Program Install
Registry Protection
RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 Driver.inf
Protector of My Digital Contents Busan Samsung Software Membership
Development Environment
Development Environment
OS : Windows Window XP SP3
IDE : Microsoft Visual Studio 2008 / 6.0
Windows Device Kit 7600.16385.0
Debug Tool : OllyDBG, WinDbg, DbgView
Virtual Machine : VMWare Workstation 6.0
Language : C#, C, C++, Assambly
Protector of My Digital Contents Busan Samsung Software Membership
Division of Work
Kang,Sung won
(PL)
Provider Application (Protector) - Digital Contents File Management - License Policy - WebSever & WebPage - ActiveX (Automatically install Driver & License)
Anti-Reversing - Garbage Code - Anti-Disassembly - Breakpoint Detection Anti Capture
Park,Jong min
Park,Gui mong
Keeper (Windows Driver) Mini Filter Driver - System Filter Driver - Network Filter Driver Driver Loader
Protector of My Digital Contents Busan Samsung Software Membership
Project Schedule
TASK 08 09 10
1 2 3 4 5 6 7 8 9 10 11 12
Protector
GUI
Contents File Manage-ment
License Policy
Web Server & Page
ActiveX (Auto Install)
AntiRevers-
ing
Garbage Code
Anti-Disassembly
Breakpoint Detection
Keeper
Anti Capture
System Filter Driver
Network Filter Driver
Driver Connection Process
Driver Loader
Keeper Driver
Anti-SSDTHooking
Unify Test & Debugging Kang, Sung won
Park, Jong min
Park, Gui mong
Question & Answer
Thank you