Windows-namespace

From aldeid
Jump to navigation Jump to search

Description

INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

The namespaces can be browsed using Winobj.

Namespaces tree

\.                              <----- NT Namespace
├── ArcName
├── BaseNameObjects
├── Callback
├── Device                      <----- Win32 Device Namespaces (\\.\)
├── Driver
├── FileSystem
├── GLOBAL???                   <----- Win32 Namespaces (Symbolic links)
├── KernelObjects
├── KnownDlls
├── KnownDlls32
├── NLS
├── ObjectTypes
├── RPC Control
├── Security
├── Sessions
├── IMDFCommunicationPorts
└── Windows

Access physical devices

Malware oten use namespace to access physical devices. For example, a malaware can use \\.\PhysicalDisk1 to directly access the filesystem.