CIS3.8.65951.477_BSODhook测试结果

显示全部楼层 · 发表于 2009-4-7 14:40:10

11:27:42: Probing 33 function(s) started.
11:27:42: Probing function NtAdjustPrivilegesToken(DDDDDD) ...
11:30:14: Function NtAdjustPrivilegesToken passed the tests.
11:30:14: Probing function NtClose(B) ...
11:30:25: Function NtClose passed the tests.
11:30:25: Probing function NtConnectPort(DUDDDDDD) ...
11:36:38: Function NtConnectPort passed the tests.
11:36:38: Probing function NtCreateFile(DDODDDDDDDD) ...
11:41:55: Function NtCreateFile passed the tests.
11:41:55: Probing function NtCreateKey(BDODUDD) ...
11:45:40: Function NtCreateKey passed the tests.
11:45:40: Probing function NtCreatePort(DODDD) ...
11:49:31: Function NtCreatePort passed the tests.
11:49:31: Probing function NtCreateSection(DDODDDD) ...
11:54:52: Function NtCreateSection passed the tests.
11:54:52: Probing function NtCreateSymbolicLinkObject(DDOU) ...
12:01:47: Function NtCreateSymbolicLinkObject passed the tests.
12:01:47: Probing function NtCreateThread(DDODDDDD) ...
12:05:46: Function NtCreateThread passed the tests.
12:05:46: Probing function NtDeleteKey(B) ...
12:06:03: Function NtDeleteKey passed the tests.
12:06:03: Probing function NtDeleteValueKey(BU) ...
12:07:02: Function NtDeleteValueKey passed the tests.
12:07:02: Probing function NtDuplicateObject(DDDBDDD) ...
12:09:01: Function NtDuplicateObject passed the tests.
12:09:01: Probing function NtLoadDriver(U) ...
12:10:35: Function NtLoadDriver passed the tests.
12:10:35: Probing function NtMakeTemporaryObject(D) ...
12:10:59: Function NtMakeTemporaryObject passed the tests.
12:10:59: Probing function NtOpenFile(DDODDD) ...
12:14:28: Function NtOpenFile passed the tests.
12:14:28: Probing function NtOpenProcess(DDOD) ...
12:17:13: Function NtOpenProcess passed the tests.
12:17:13: Probing function NtOpenSection(BDO) ...
12:21:13: Function NtOpenSection passed the tests.
12:21:13: Probing function NtOpenThread(DDOD) ...
12:23:56: Function NtOpenThread passed the tests.
12:23:56: Probing function NtOpenThreadToken(DDDD) ...
12:25:04: Function NtOpenThreadToken passed the tests.
12:25:04: Probing function NtQueryValueKey(DUDDDB) ...
12:26:18: Function NtQueryValueKey passed the tests.
12:26:18: Probing function NtRenameKey(BU) ...
12:27:39: Function NtRenameKey passed the tests.
12:27:39: Probing function NtReplaceKey(OBO) ...
12:29:47: Function NtReplaceKey passed the tests.
12:29:47: Probing function NtRequestWaitReplyPort(BDD) ...
12:31:09: Function NtRequestWaitReplyPort passed the tests.
12:31:09: Probing function NtRestoreKey(BDD) ...
12:31:56: Function NtRestoreKey passed the tests.
12:31:56: Probing function NtSecureConnectPort(DUDDDDDDD) ...
12:36:28: Function NtSecureConnectPort passed the tests.
12:36:28: Probing function NtSetInformationThread(DDDD) ...
12:37:22: Function NtSetInformationThread passed the tests.
12:37:22: Probing function NtSetSecurityObject(DDD) ...
12:37:56: Function NtSetSecurityObject passed the tests.
12:37:56: Probing function NtSetSystemInformation(DDD) ...
12:38:52: Function NtSetSystemInformation passed the tests.
12:38:52: Probing function NtSetValueKey(BUDDDD) ...
12:40:53: Function NtSetValueKey passed the tests.
12:40:53: Probing function NtShutdownSystem(D) ...
12:41:11: Function NtShutdownSystem passed the tests.
12:41:11: Probing function NtSystemDebugControl(DDDDDD) ...
12:42:56: Function NtSystemDebugControl passed the tests.
12:42:56: Probing function NtTerminateProcess(PD) ...
12:43:36: Function NtTerminateProcess passed the tests.
12:43:36: Probing function NtTerminateThread(PD) ...
12:44:16: Function NtTerminateThread passed the tests.
12:44:16: Probing complete.

结果说明CMF的整合虽然增加了HOOK入口点函数的个数，但依然可以通过这个稳定性测试。

显示全部楼层 · 发表于 2009-4-7 14:41:52

虽然不懂。。。还是支持下~~~

很好很强大

谢谢星星

显示全部楼层 · 发表于 2009-4-7 14:47:01

matousec测试结果还是3.5的毛豆，等不及了测了一下。

显示全部楼层 · 发表于 2009-4-7 14:48:10

蓝屏hook测试？星星，这个是啥？

显示全部楼层 · 发表于 2009-4-7 14:50:19

这个是什么测试？详解一下

显示全部楼层 · 发表于 2009-4-7 15:36:56

Level 10

The product has to score at least 100% in the tests on this level to pass it.
Back to contents
Tests

BSODhook
Test type: Other
Scoring: Starting with 100%; -10% for every function that caused the system crash; -5% for every function that did not cause the system crash but somehow damaged the system.
Description: BSODhook is not a part of SSTS, it is a stand-alone tool that checks the implementation of a special kind of firewall's kernel hooks. BSODhook test in the challenge probes hooked native SSDT functions.

matousec测试第十级第一个，不到100%不能通过，从100%开始每个造成系统崩溃的函数减10%的分数，每个对系统造成破坏的函数减5%。

能测试到这级的软件就不多，其中MD和PCTOOLS没通过。

[ 本帖最后由星之梦于 2009-4-7 15:40 编辑 ]

显示全部楼层 · 发表于 2009-4-7 15:43:35

记忆中上次Matousec FWC测试中OP就没有通过。

[ 本帖最后由 Atlantis祭司于 2009-4-7 15:48 编辑 ]

显示全部楼层 · 发表于 2009-4-7 16:10:41

OP达到第九级，达不到第十级的matousec不测。

显示全部楼层 · 发表于 2009-4-7 16:19:58

不知道星版是如何看待Matousec的Level Up测试方法。

虽然这个测试方法有其一定的合理性，但是个人觉得这样其实并不能真正反映出一些防火墙的实力。

显示全部楼层 · 发表于 2009-4-7 16:28:53

当然了，Jetico已经被这个方法冤枉很久了。
按理是全测试拿总成绩说话才算公平。

不过，看Jetico走过的路反过来想想，这么测也可以从另一个侧面来看。
如果想提高matousec成绩，及时更新，提高防护水平才是最重要的。

[其他相关] CIS3.8.65951.477_BSODhook测试结果

评分

回复 6楼星之梦的帖子

回复 7楼 Atlantis祭司的帖子

回复 8楼星之梦的帖子

回复 9楼 Atlantis祭司的帖子

评分

浏览过的版块

[其他相关] CIS3.8.65951.477_BSODhook测试结果

评分

回复 6楼 星之梦 的帖子

回复 7楼 Atlantis祭司 的帖子

回复 8楼 星之梦 的帖子

回复 9楼 Atlantis祭司 的帖子

评分

浏览过的版块

回复 6楼星之梦的帖子

回复 7楼 Atlantis祭司的帖子

回复 8楼星之梦的帖子

回复 9楼 Atlantis祭司的帖子