Manual for HIPS: Send message to other processes?

Discussion in 'other anti-malware software' started by xtree, Aug 29, 2008.

Thread Status:
Not open for further replies.
  1. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    Your simple and clear explanations are highly appreciated to shed light on this subject. (Simple examples are also welcome)
    What does it mean?
    When does it happen?
    Usually which kind of normal apps do it?
    Symptoms of suspicious activities?
    Any important remarks?

    Your thoughts are also welcome at https://www.wilderssecurity.com/showthread.php?t=218867

    Thanks in advance/xtree
     
    Last edited: Aug 29, 2008
  2. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    The whole list of the tasks the messages can be used for is actually VERY VERY huge, so it is hardly can be put in short and in too clear way :)

    Messages can be used to:
    close another application
    get text from other application windows
    set test to other application windows
    use DDE
    simulate system shutdown
    destroy another application window
    simulate keyboard or mouse activity
    simulate timer activity
    IPC

    every case needs separate review. For example, some vendors (like asus) use wm_ set/get text messages for IPC (their dll does it when it is injected in the processes). From the other side the same message can be used for malicious activity, for example using wm_settext it is possible to make IE to go to unwanted site.
     
  3. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    Hi Alex s,

    Thank you for your detailed explanation. So there are several cases when one can run into this pop-up.
    What I experienced on my pc so far:
    1. You can get this message when for instance net-related apps (email clients, security apps, software updates) try to reach the net thru a firewall.
    2.When 'system explorer' type programs (Autoruns, Injecteddll) try to map the system.
    3...?
     
Loading...
Thread Status:
Not open for further replies.