BATTLE OF SKM AND IUM
1MHMIxh
1MHMIxh
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
LOADING A TRUSTLET<br />
• Ldr, or the Windows Loader (inside of NTDLL.DLL), will load a Trustlet just like any other process, with a<br />
few changes in behavior<br />
• These are detected through the PEB’s Process Parameter Flags (0x80000000 == RTL_USER_PROC_SECURE) and<br />
stored in LdrpIsSecureProcess<br />
• No per-user Application Verifier support<br />
• System-wide settings still respected<br />
• No Image File Execution Options (IFEO) if queried by LdrQueryImageFileExecutionOptions<br />
• RtlQueryImageFileExecutionOptions still respected (but no registry APIs)<br />
• No DLL Redirection (Side-by-Side Manifest File Support, SxS, Fusion)<br />
• No communication with CSRSS (Windows Subsystem) allowed<br />
• No Safer (Authz) / Software Restriction Policies enforced<br />
• This allows Trustlets not to have to share other data with Normal Mode (such as CSRSS data) or to have<br />
their behavior influenced by it<br />
• Like the Shim Engine