The WOW-Effect (how Microsoft's WOW64 technology fools security analysts)

Discussion in 'other security issues & news' started by MrBrian, Jan 7, 2014.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://cert.at/downloads/papers/wow_effect_en.html:
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,060
    I stumbled across this WOW-Effect few month ago, when I was configuring a HIPS. For some reason, unknown to me, system applications would run from Syswow64 instead of System32. Now, after reading the article, I understand why that happened. Thank you for link.

    Regards, hqsec
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :). I've mentioned it a few times in the past, but never before in a dedicated thread.
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I wonder how much other "File access is transparently redirected to other directories in certain cases" ? If you know what i mean :eek:
     
  5. Kyle_Katarn

    Kyle_Katarn Registered Member

    Joined:
    Dec 20, 2007
    Posts:
    1,556
    The WoW effect was a huge pain for me while coding SUMo for software update scanning due to redirection by OS...
     
Loading...
Thread Status:
Not open for further replies.