Welcome to ASP`s bsdpatch project

Our main goal is to find Trojans which are hidding in normal applications like the kown datatype.library trojan. We patch some functions in the lib to monitor the task. This can be done by patching openlibrary() and tell the user when a task wants to open it. But thats not enough. What, if a task wants open the lib for normal activity like ping,nslookup, ircclients, webbrowsers?
If a trojan knows which task uses him, he could easily use his bsdbasepointer to access the stack. A simple patch wouldn`t recognize it and wouldn`t find a trojan.

Now think of something more complex which guards the entries to the stack for you and finds illegal activity and can stop it.

The first step to this patch is done and it showed up some interessting activity and bugs in some executables. Miami i.e. opens some sockets at stages which i didn`t expect to and ixemul.library tries 255 times to open a socket if this is denied.

In a future version of this patch, it is possible to PREVENT RemoteExploits if we know the exploit. This can be done like the xvs anti-virus library.
However, this patch makes it possible to sniff much easier to in and outgoing traffic, so you can check if someone ( i.e. the webbrowser via JS ) reads out important informations/passwords from your configfiles.
I have seen window pc`s t-online passwords to be read out by this methode which our patch can find an reject. As a sideeffect of the search for passwords in fragmented calls it could build more effectiv datapackets to send to the device.

That`s because we want inform you about our project`s, get discussions about it, make new partners in delevopment and, ofcourse, get more traffic to this page ;-)

not until 1.9.2001, but you can join the asp-mailinglist and stay informed about the progress and get some testversions.