"Open EMET" - progress being made

Just checked out the blog of a member in here, and saw that much progress has been made on a project they're working on named Open EMET, that they mentioned in here in the past. I've been keeping track of it and am eager to give it a go. Here's a link to it:

http://voidmain.realplain.com/OpenEMET.html

 

Very interesting.
TH.

 

Dude! You started a thread about this? Jumping the gun and putting pressure on me now.

Umm, hopefully in a couple weeks I'll have [finally] locked the door to the underground bunker until something is ready. I STILL haven't touched a single line of code since the AppCompat/SDB stuff last summer, although I have the majority of stuff worked out in my head now (more still as of last week), and actually doing stuff from there isn't a huge deal -- just so you know I'm still at "nothing" at this point until I start. And see how quick (?) something is available. (Actually, not totally true I guess; last month I was trying out some new C++ code/concepts, with Windows' XML stuff, for handling import/export of EMET's config files, etc.)

I was going to PM you, lucid, after posting that update, but of course didn't get to it. Also thought about you, Sampei Nihira, since I saw in one of your posts how you just have .NET installed for EMET, so thought you might be interested.

Also saw that Windows_Security always uninstalls .NET after installing EMET (so no Agent/Notifier functionality)...

I hope it ends up satisfactory for anyone interested to try! Don't expect 100% of features at first (like Certificate Pinning checking I guess, but it's GREAT that's doable too) -- I'll release when I feel an acceptable start (e.g. not "what's this barely functional mess?"), and probably not before EMET 5 Final in any case. On purpose, although I'm assuming EMET 5 will be out first anyway. (I sure hope it has XP support!)


And in case there's any confusion for people over how this is intended to work... You can choose to use it with any EMET version (I'm assuming 4+, but I can support earlier if desired? Mostly just Notifier difference.) I plan on having you just feed it the EMET install .msi file and it'll take care of setting up the "real" EMET.dll file, etc. Guess there could be an auto-download option even...

And again, the plan is to have it 100% feature compatible (or you can swap any component with real .NET EMET stuff, or vice-versa), as-native-as-can-be, small, fast, and free of little bugs that EMET GUIs seem to have. Fixes/updates will hopefully come fast once we have an initial version, while I hope that they don't completely change how EMET works and make it all useless.

Finally, I now hope to expose a somewhat reasonable API via the [presumed] OpenEMET.dll (which was going to be shared by my GUI and CLI programs anyway), in response to this EMET forum topic wanting enhanced programmability. This is simply having functions that were going to be used anyway available for consistent and logical use that anyone else can use with their own code or whatever. That made me think of better and more shared/modular ways to implement things these last couple weeks.

 

Srry ; )... but you should expect this from a "crazed fan". Don't ya know I have your blog perpetually opened in a tab, which I refresh every 5 minutes whilst biting my fingernails in feverish anticipation. I didn't wanna go over your head and was thinking you may mention it in here, but after waiting a whole 2 weeks couldn't fight the temptation anymore.