top | item 42991950

(no title)

You could try to use the Win32 debug API in the same way like Linux UML by using ptrace. But it would probably still be much slower because of missing things like PTRACE_SYSCALL.

More performant would be a noMMU variant of UML for Windows, supporting only PIE executables, similar to nabla-linux [1]. This is also quite similar to how mssql for Linux works NT kernel+Win32 in a single usermode process (single address space) [2]. Interestingly, mssql also uses memory protection keys to recover a bit of fault tolerance but last time I checked Win32 does not have an API for MPKs.

[1] https://github.com/nabla-containers/nabla-linux

[2] https://threedots.ovh/slides/Drawbridge.pdf

discuss

p_ing|1 year ago

SeDebugPrivilege requires local admin, which would be required to debug a process the user doesn't own. This privilege level is just about the highest one you can obtain in NT.