Digital rights management systems (DRMS) tend to solve two aspects about rights protection of the protected content for content provider: access control and usage control. Access control concerns ...about how users access the content, while usage control focuses on how users use it. In this paper, we introduce some key techniques and strategies to overcome the difficulties in implementation of a compatible and transparent-to-user DRMS on Windows NT platforms. These techniques, including hardware fingerprint encryption (HFE), Win32 API Hook and kernel function interception, have been carried out and applied in experiments based on Adobe Reader (PDF file) and the results shows that they have the potential to solve both of the problems mentioned above.
The focus of this article is to evaluate which of the three platforms: Flash, Java and Win32 is more appropriate for e-Learning simulators development. Selecting a platform should not restrict the ...end users about the operating system, neither should require high-end performance computer. The platforms are compared by many indices like availability, price, features, etc. In the article are explored also the multimedia capabilities of these platforms, since the e-Learning simulators should embed a lots of multimedia features.
In this paper, using the Win32 API (Application Programming Interface) functions and MDI (Multiple Document Interface) programming technique, which is main principle of Windows system, designed an ...image enhancement environment at 32-bit version of Visual Basic 4 programming language is investigated. Image enhancement algorithms could be easily applied in this environment and each of results obtained could be separately showed in frames on same environment. Image enhancement techniques used in this environment are observed in spatial domain. With this program observing image enhancement techniques are contrast stretching, histogram equalization, thresholding, negative imaging, low-pass filtering, high-pass filtering and median filtering. In the filtering process of the images are utilized of the convolution techniques at this environment.
Traditional anti-virus scanner employs static features to detect malicious executables. Unfortunately, this content-based approach can be obfuscated by techniques such as polymorphism and ...metamorphism. In this paper, we propose a malicious executable detecting method using 35-dimension feature vector. Each dimension stands for a malicious run-time behavior feature represented by corresponding Win32 API calls and their certain parameters. An automatic executable behavior tracing system (Argus) is also implemented to dynamically capture the features. Experiments are performed on a data set of 8223 malicious and 2821 benign executables. Training set is then used to generate detection model and several testing groups are set up for classification. Experiment result suggests that the method is efficient in detecting previously unknown malicious executables which have more than two behavior features captured.
The speed of today's worms demands automated detection, but the risk of false positives poses a difficult problem. In prior work, we proposed a host-based intrusion-detection system for worms that ...leveraged collaboration among peers to lower its risk of false positives, and we simulated this approach for a system with two peers. In this paper, we build upon that work and evaluate our ideas ``in the wild.'' We implement Wormboy 2.0, a prototype of our vision that allows us to quantify and compare worms' and non-worms' temporal consistency, similarity over time in worms' and non-worms' invocations of system calls. We deploy our prototype to a network of 30 hosts running Windows XP with Service Pack 2 to monitor and analyze 10,776 processes, inclusive of 511 unique non-worms (873 if we consider unique versions to be unique non-worms). We identify properties with which we can distinguish non-worms from worms 99% of the time. We find that our collaborative architecture, using patterns of system calls and simple heuristics, can detect worms running on multiple peers. And we find that collaboration among peers significantly reduces our probability of false positives because of the unlikely appearance on many peers simultaneously of non-worm processes with worm-like properties.
The point of this chapter was to examine exactly how a .NET executable image is hosted by the .NET platform. As you have seen, the long-standing notion of aWin32 process has been altered under the ...hood to accommodate the needs of the CLR. A single process (which can be programmatically manipulated via the System.Diagnostics.Process type) is now composed of multiple application domains, which represent isolated and independent boundaries within a process. As you have seen, a single process can host multiple application domains, each of which is capable of hosting and executing any number of related assemblies.
Furthermore, a single application domain can contain any number of contextual boundaries. Using this additional level of type isolation, the CLR can ensure that special-need objects are handled correctly. The chapter concluded by examining the details regarding how the CLR is hosted by the Win32 OS.
In the previous two chapters, you examined the steps taken by the CLR to resolve the location of an externally referenced assembly as well as the role of .NET metadata. In this chapter, you’ll drill ...deeper into the details of how an assembly is hosted by the CLR and come to understand the relationship between processes, application domains, and object contexts.
The point of this chapter was to examine exactly how a .NET executable image is hosted by the .NET platform. As you have seen, the long-standing notion of aWin32 process has been altered under the ...hood to accommodate the needs of the CLR. A single process (which can be programmatically manipulated via the System.Diagnostics.Process type) is now composed of multiple application domains, which represent isolated and independent boundaries within a process. As you have seen, a single process can host multiple application domains, each of which is capable of hosting and executing any number of related assemblies.
Furthermore, a single application domain can contain any number of contextual boundaries. Using this additional level of type isolation, the CLR can ensure that special-need objects are handled correctly. The chapter concluded by examining the details regarding how the CLR is hosted by the Win32 OS.