Mega Code Archive
Privilege 0 execution through IRing0 interface
<![CDATA[
Title: Privilege 0 execution through IRing0 interface
Question: Execute your class procedures like kernel does!
[through interrupt 60 gate]
Enjoy on BSD while debugging!!!!
Answer:
download complete article:
http://web.vip.hr/inga.vip/r0code.zip
unit ring0proc;
interface
uses classes;
type IRing0=interface
['{C6185103-C73B-4086-8E0C-1BB91A4A6AB0}']
function Privilege0 (Param:pointer):cardinal;
end;
type ClassCall=record
IR0:IRing0;
param:pointer;
end;
function Ring0 (const CC:ClassCall):cardinal;stdcall;
function InitializeDriver:boolean ;stdcall ; external 'ring0provider.dll';
procedure UninitializeDriver ;stdcall ; external 'ring0provider.dll';
procedure EnableInt60Gate(); stdcall; external 'ring0provider.dll' name 'EnableInt60Gate';
function Ring0Int(FAddress:Pointer;Param:cardinal) : cardinal ; stdcall; external 'ring0provider.dll' name 'Ring0Int';
type TBaseDriverLoader=class
IsInit:BOOLEAN;
public
constructor Create;
property DriverInitialized:boolean read IsInit;
end;
type TRing0=class (TBaseDriverLoader)
public
function Execute(I0: IRing0;Param:pointer;var Return:cardinal):longbool; stdcall;
end;
implementation
constructor TBaseDriverLoader.Create;
begin
IsInit:=boolean(InitializeDriver);
if IsInit then EnableInt60Gate
end;
{ TRing0 }
function TRing0.Execute(I0: IRing0;Param:pointer;var Return:cardinal):longbool;
begin
asm
and dword ptr [Result],0
end;
if (not DriverInitialized) or not assigned(I0) then exit;
asm
lea eax,[I0]
push eax
push offset Ring0
call Ring0Int
mov ecx,dword ptr [Return]
mov dword ptr [ecx],eax
or dword ptr [Result],$FFFFFFFF
end;
end;
function Ring0 (const CC:ClassCall):cardinal;
begin
//DONT PUT BREAKPOINT HERE AT ANY COST (BSD follows!)
result:=CC.IR0.Privilege0(CC.param)
end;
end.
]]>