Look at the contents of the system registry, ignoring the restrictions on the permission to access, and looking at very restrictions. Give you such opportunity is the mission of the target driver.

bottle neck
The driver depends on the KeServiceDescriptorTable variable of the ntoskrnl.exe and it requires such export.
The index of the system service routines depends on the version of OS, since to each her own a binary image.

only x86
The x64 from Windows Server 2003 stops exporting KeServiceDescriptorTable.

This driver targets WinXP or W2k3, and later versions of Windows. The last exist as one of the buildable choices in the project configuration as a light perspective. Pay a special attention to the "AdditionalLibraryDirectories" position of the configuration for new Windows version.

  • The driver does not search an original address of the system service routines in a kernel image file. It invokes and restores only previous address and if you juggle with hooking of SSDT by several drivers there is perchance a blue screen emerges but reboot will be quite remedy to repairing situation if you use drvload.exe for your dangerous exercises.
  • At the same time the driver can service less than four thread's, the overtop thread's will return the status: Access Denied.
  • The driver is not signed but the full sources waits upon you.

Last edited Oct 12, 2011 at 5:49 PM by kannoner, version 27


No comments yet.