Jump to content
  • Advertisement
Sign in to follow this  
vNistelrooy

Executing privileged instruction at user level

This topic is 4766 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Whenever I try to execute a ring 0 instruction I get an exception, but I know that this is possible. CPUz can do it and they use the Panopsys hardware detection engine. Quote from http://www.panopsys.com/Developers.html: "The Basic SDK allows a user-level Windows application to use privileged ring 0 functions, in order to provide an easy and safe access to hardware. These functions are encapsulated in an exception catching mechanism that provides a very safe behavior, even if a ring-0 exception occurs." How do they do it?

Share this post


Link to post
Share on other sites
Advertisement
You access ring-0 functions by writing a driver, which your program then connects to (the driver is acting like a proxy). You can probably find a tutorial for writing a simple driver like this by searching for direct serial port access on NT.

Share this post


Link to post
Share on other sites
What about callgates? I don't want to use a proxy-driver for a few ring-0 instructions. I have barely found any documentation on callgates, but it seams to be what I need.

Share this post


Link to post
Share on other sites
AFAIK Call gates are used to call kernel functions from userspace (i.e. calling something with ring-0 permissions from ring-3 code). You can't use them to execute arbitrary ring-0 code.

Share this post


Link to post
Share on other sites
Well.. Your trying to execture at ring level 0 on Windows? You do know that windows is a protected mode operating system? You cant just exectute at ring level 0. You have to have correct permissions to do so. The best way to exectute at ring level 0 will be to code a kernel driver.

Either way you have to be admin to do so.

Share this post


Link to post
Share on other sites
Quote:
Original post by gosper
Well.. Your trying to execture at ring level 0 on Windows? You do know that windows is a protected mode operating system? You cant just exectute at ring level 0. You have to have correct permissions to do so. The best way to exectute at ring level 0 will be to code a kernel driver.


Yeah, I know that I'm running in protected mode and in ring 3, this is why I'm asking how do I execute ring 0 code.
I'd need the DDK to write a driver, right?

Share this post


Link to post
Share on other sites
Quote:
You can use a callgate to execute arbitrary ring 0 code.


Well you can, but you're doing it by exploiting the OS (in this case Windows) rather than using an inherent property of call gates (or at least I think this is the case, I haven't read that article fully).

As for getting your hands on the DDK you can order a copy of it from MS, though you have to pay for shipping and it seems to be pretty expensive (for shipping a DVD or something anyway).

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!