The WOW-Effect (how Microsoft's WOW64 technology fools security analysts)

Discussion in 'other security issues & news' started by MrBrian, Jan 7, 2014.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://cert.at/downloads/papers/wow_effect_en.html:
     
    MrBrian, Jan 7, 2014
    #1
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,883
    Location:
    Slovenia, EU
    I stumbled across this WOW-Effect few month ago, when I was configuring a HIPS. For some reason, unknown to me, system applications would run from Syswow64 instead of System32. Now, after reading the article, I understand why that happened. Thank you for link.

    Regards, hqsec
     
    Minimalist, Jan 8, 2014
    #2
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :). I've mentioned it a few times in the past, but never before in a dedicated thread.
     
    MrBrian, Jan 8, 2014
    #3
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    I wonder how much other "File access is transparently redirected to other directories in certain cases" ? If you know what i mean :eek:
     
    CloneRanger, Jan 8, 2014
    #4
  5. Kyle_Katarn

    Kyle_Katarn Developer

    Joined:
    Dec 20, 2007
    Posts:
    3,331
    The WoW effect was a huge pain for me while coding SUMo for software update scanning due to redirection by OS...
     
    Kyle_Katarn, Mar 9, 2014
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...