Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/atrexus/ws-watcher

A PoC application that detects unauthorized external access to select memory regions.
https://github.com/atrexus/ws-watcher

cpp memory-management security windows x64

Last synced: 2 months ago
JSON representation

A PoC application that detects unauthorized external access to select memory regions.

Awesome Lists containing this project

README

        

# ws-watcher
This application protects its heap-allocated memory from being accessed externally and internally. The working set watcher introduces a custom smart pointer, `ws::paged_ptr`, which pages the memory associated with the pointer out of the working set. The watcher then launches a separate thread that queries the working set and catches any page faults that occur. If a page fault was caused externally, information about the handle used is logged.

To safely access the memory in a paged pointer, use the `lock` method to retrieve a shared pointer instance to that data. Refer to the example below:
```cpp
// Allocate a 10 byte array of paged memory
const auto& paged = ws::make_paged< std::uint8_t >( 10 );

// Lock the page in memory so that we can safely access it's data
if ( const auto& data = paged.lock( ) )
{
// Get the raw pointer to the data.
const auto& ptr = data.get( );

// Edit the memory
ptr[ 0 ] = 0xFF;
ptr[ 1 ] = 0xFF;
}
```

The video below demonstrates what happens if an external process attempts to read from a buffer protected by the `ws::paged_ptr` class.

https://github.com/user-attachments/assets/e84d6526-4c43-42de-84d7-035e6690b041