Zapewne znacie dwie oklepane juz metody na omijanie firewalla - CreateRemoteThread i SetThreadContext - zostaly one swietnie opisane tu: Bypassing Windows personal fw with process infection. Lecz sa one juz zbyt dobrze znane by mogly jeszcze dlugo cieszyc sie funkcjonalnoscia. Zapewne kolejni producenci fw podaza sladami ZoneAlarm jak napisal Dolphin:
Zapewne macie wlasne teorie i pomysly zwiazane z tym tematem. Skutecznym rozwiazaniem zapewne byl by kod na poziomie ring0 - lecz szczerze jeszcze nie analizowalem takiej opcji i nie moge nic powiedziec w tej sprawie.As far as I can tell you, the infection method works on most average firewalls, including NIS. For now, ZoneAlarm 5.5+ blocks DLL infection. Even worse, ZoneAlarm Security Suite 6+ is completely protected, and blocks every suspicious action like installing a driver, accessing registry, hooking API's, DLL injection, etc.. As far as I know, it has never been bypassed.. And I assume more firewalls will follow ZoneAlarm with their next releases..[/b]