Skip to content
This repository has been archived by the owner on Oct 7, 2022. It is now read-only.
/ seal2 Public archive

A crude process restriction tool for Windows 2000 and later. Proof of concept only.

License

Unlicense license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jkatzmewing/seal2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
main.c
main.c
 
 
seal2.c
seal2.c
 
 
seal2.h
seal2.h
 
 

Repository files navigation

Seal2

A crude process restriction tool for Windows 2000 and later.

Summary

Seal2 is a port of the original SEAL to ANSI C, which is more tolerable than C++ to non-programmer types like myself. It can prevent a Windows program from launching other programs; and also optionally restrict its interaction with other (graphical) programs, at the cost of disabling copy/paste functionality.

Caveats

Seal2 by itself is not an adequate defense against modern adversaries. For exploit mitigation, you want Microsoft EMET.

Seal2 cannot restrict Windows Explorer with default Explorer settings. All Explorer windows belong to the same process, so there is no "new" Explorer process to effect restrictions on.

Seal2 can't restrict Internet Explorer on newer Windows versions, due to later IE versions using their own JobObject sandboxes. The same applies for Chrome, and anything else that uses Win32 native sandboxing mechanisms.

Seal2 working on Windows 2000 and XP is more proof-of-concept than anything else. You should still limit your legacy Windows OSes to virtual machines without Internet access, at a bare minimum.

IT security is a bottomless pit, as always.

Invocation

Seal2 is invoked as follows:

seal.exe "Path\To\Executable Argument1 Argument2 ..."

or just

seal.exe "Path\To\Executable.exe"

Note that, when passing command line arguments to the child program, the command and arguments must be quoted. Seal2 must receive the program and arguments as a single string, otherwise it will fail.

Compiling

Only cross-builds on Linux are currently supported. Building stuff on Windows is painful, and EXEs built under Debian Jessie (AMD64) have invariably worked fine on my Windows 2000 virtual machines.

The makefile is set for 32-bit cross-builds by default. It should work on any modern Linux distro with a recent version of MinGW-w64. Just type

make

64-bit cross-builds also work on Jessie AMD64, though I can't (yet) test them in an actual 64-bit Windows environment. Just substitute the 64-bit MinGW compiler:

make CC=x86_64-w64-mingw32-gcc

Implementation

Like the old version, Seal2 uses Win32 JobObjects to prevent process spawning, and also for the optional GUI restrictions. JobObjects are part of the NT kernel in Windows 2000 and later; and are supposed to be securely implemented, insofar as anything on Windows can be.

For more information, please see Microsoft's Win32 API docs on JobObjects.

About

A crude process restriction tool for Windows 2000 and later. Proof of concept only.

Resources

Readme

License

Unlicense license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages