Appendix – NTFS, Paths, and Symbols

There are many security designs on Windows, including security protection, antivirus software, and whitelisting mechanisms, which are based on the path comparison of disk files. If we want to find a breakthrough in heavy path-based protection design, it is essential to build a solid foundation of understanding the various path specifications and conversion processes on Windows.

Win32 and NT path specification

The content presented in this chapter is inspired by the following four publicly available documents and highlights extracts that can be maliciously exploited:

A blog post by Google’s top vulnerability research team, Project Zero, The Definitive Guide on Win32 to NT Path Conversion (googleprojectzero.blogspot.com/2016/02/the-definitive-guide-on-win32-to-nt.html ...

Get Windows APT Warfare now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows APT Warfare by Sheng-Hao Ma, Ziv Chang, Federico Maggi

Appendix – NTFS, Paths, and Symbols

Win32 and NT path specification

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly