F
F
FroggyStyle2013-12-22 19:59:00
Delphi
FroggyStyle, 2013-12-22 19:59:00

Is it possible to create a "generic" driver to execute arbitrary code in Ring0?

Hello! Is it possible to create a "universal" driver that executes arbitrary code in the null ring? I imagine the work as follows: a pointer to a function is passed to the driver, it executes it in the zero ring, returns the result. If this is possible, how can it be done?
Or maybe it is possible to perform actions in the zero ring without a driver? For example, relatively recently I found a library (namely, a library, a DLL) for direct access to I / O ports (inpout32.dll). Tellingly, the library works without *.sys files, without any additional gestures on Win8.1 x64 (which means there is some way to get access to Ring0 without a driver, because ports are a zero privilege level!)
And, if ports are accessed, can't Ring0 as a whole be accessed in some similar way?
This is needed not for something serious, but for a couple of instructions, such as RDMSR / WRMSR / IN / OUT. Read/write model-specific registers to get internal processor information (temperature and frequencies), access to debug registers, access to ports (to get temperature from motherboard sensors, access to the system buzzer).
That is, I do not need a driver to install new equipment - perhaps for these purposes it will be possible to do without a driver, as in the case of access to ports.
I’ll make a reservation right away that I don’t know C / C ++ at all, I write in Delphi 2007 and Flat Assembler, I tried to write a driver according to instructions from RSDN, I assembled it with a MASM linker. Be that as it may, the *.sys file was obtained, but it did not work to install it into the system. It might work in WinXP (didn't try it), but not in Win8.1 x64.
In general, if anyone knows how to write a similar driver with an installer into the system, so that it does not need to disable signature verification (or whatever blocks the installation of an arbitrary driver) - I will be glad to hear rational suggestions.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
M
mayorovp, 2013-12-23
@mayorovp

It is possible to do this, but for such thoughts you have to kill!

M
Mercury13, 2013-12-28
@Mercury13

This is for Sony or StarForce. Both those and others did for SHIT and pierced on a similar one.

K
KOLANICH, 2014-01-18
@KOLANICH

a driver with an installer into the system so that it does not need to disable signature verification

And if you sign it with a self-signed one, and add the self-signed one to the trusted ones, will it work?
WMI to help you, kernelmode is not needed

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question