10 Nov
2010
10 Nov
'10
7:51 p.m.
On Wed, Nov 10, 2010 at 08:51:55PM +0100, Joxean Koret wrote:
Hi,
El mié, 10-11-2010 a las 19:28 +0000, Dan Kegel escribió:
BTW the audio talk at the first link talk about wine at about 50 minutes. He said wine worked great until he found malware that needed windows kernel modules.
Yep, Wine doesn't work for testing rootkits, unfortunately :( And I guess there is no plan to support execution of Win32's drivers, right? Because, except for malware analysis, I see no benefit for it.
We run Win32 drivers in a very basic form (for some copyprotection stuff).
This can be enhanced, but there are limits of course. Rootkits probably want to hook the filesystem and there we will probably fail ;)
Ciao, Marcus