PowerShadow does not stop low level disk changes

Discussion in 'sandboxing & virtualization' started by flinchlock, Jun 14, 2007.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Mike

    Have a good trip. I've been emailing with Coldmoon re Returnil handling Raid 0 which it can't right now. He also said he really appreciated seeing your test of Powershadow and the low level disk access. Based on your tests they tested Returnil and found it had the same vulnerablity. They have fixed that and the next build contains the fix.

    Well done.

    Pete
     
    Peter2150, Jun 15, 2007
    #26
  2. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    When I get back, I plan to also test writing/deleting in a sector than is blank somewhere in the sector range that drive C: is.

    For example, if C: is from sector 63 to 100,000,000 and the disk is 50% full/empty, I would be able to find lots of empty sectors, for example sector 90,000,000.

    In case you wonder why I said sector 63 in the above sentence... the MBR is sector 0, and sectors 1-62 are not used. Sectors 0-62 = 1st cluster.

    I am also about 90% sure the even "Paragon Hard Disk Manager 8 Special Edition" can also do damage to any sector.

    But, need to test Full Shadow mode... maybe FULL = ALL SECTORS?

    Mike
     
    flinchlock, Jun 15, 2007
    #27
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Re: Zhusan trojan

    Hi Solocroft! pls check ur PM box!
     
    aigle, Jun 16, 2007
    #28
Page 2 of 2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...