On 23 February 2012 21:12, Hall, Keven <[email protected]> wrote: > The hook that Bill discovered is the same one I'm referring to. After I > found it I there was some discussion about disabling it to see what > might shake out but I had already figured who owned the code and even > located the load module in the vendor's load library so we figured it > was best to avoid a scene. > I'd agree that the code is now more convoluted; it would require some > time and effort to decipher it to the point where it could be exploited. > Which is not to say I don't consider it an abomination; I do, and it is.
I don't have the time or inclination to analyse this code, nor is it my business to do so, but like certain unexpected things one finds on one's PC, it has some features -- one might use the word signature -- that jump to the eye of anyone who's been looking at dumps for some time, and leave a bit of a queasy feeling. Quite probably these features are well protected against abuse, and in that case I would expect that the vendor has documented this to the satisfaction of its customers. Tony H.
