Geek asks and answers

Disabling WinAPI

I create a game where each player must program his bot. The main idea is that the player will program in C (or C ++ or any other compatible language), build a DLL and send this DLL to the server so that no one can get its code. The problem is this: how to make sure that it does not cause any illegal function? Like creating files or opening a socket. The DLL will be loaded using LoadLibrary, and the function will be called. All interactions will be performed with callback functions. A possible solution would be to place an empty kernel32.dll (and others) so that all winapi calls fail. Is it safe and works in every case? Is there a better way to do this?

Note that the player thread (the one called dll) should still be able to communicate with the game, possibly with an open socket. On Linux, this can be easily done with seccomp.

+5
source share
4 answers

This will not work without a complete analysis of all the DLLs before they are loaded (which is impossible in principle) or the creation of some magic at the same level as seccomp. Given any measures you take to restrict access, such as creating dummy kernel32.dll, a custom DLL may take countermeasures, such as loading DLLs that you have not considered, DLL calls that have been loaded by the host process (possibly through functions in the host application! ) or directly send Windows system calls.

Windows, Google Chrome - "sandbox". , , DLL . , Windows Chrome. , Google , "", - , , Windows.

+9

, - , .

, , .

API, , , " API DLL", :

http://109.163.225.194/download/files/other/DLL_Redirection_en.pdf

( google)

+11

, , , DLL , , , , . , , - -. , DLL, DLL . ,

+1

A local firewall can solve the network aspect, but I don't see a simple bulletproof solution for other parts of your question. I also believe that placing an empty 32 kernel and ntdll can cause some serious problems for many legitimate processes.

0
source

More articles:


All Articles