	
		******************************************************
		*						     *
		*   GET KERNEL-MODE BY INTERRUPT DRIVER (G.K.I.D.)   *
		*						     *
		******************************************************


 DISCLAIM: 

 The software author reserved the source codes only for educational purpose.
 People who use improply the sources, the assembled files, all code or a part
 of it can go on many violations depending the current state of laws.


 DESCRIPTION:

 This is a NT kernel driver (for windows XP) that create a special interrupt.
 its interrupt will return to the caller program with IOPL = 0.
 The effect is to entering in Kernel-mode for the caller program.

 All the programs segments remain unchanged, but the registers assume the values
 specified into the source driver.
 You can return in user-mode simply by pushing dword 246h and popping the dword 
 eflags, but the kernel set automatically IOPL = 3 after evry system call.


 USAGE:

 The "Kernel-mode by interrupt.asm" file is the driver source in FASM assembly.
 (You should download a FASM comatible assembler)
 There's in the driver source, some fields (variables) about the new interrupt to
 be created when driver is load.

 You can change the values:

	VECTOR:	A decimal number from 0 to 255 or a hex number from 0h to 0FFh

	SELECTOR: should be 8h (the conforming kernel selector) as the driver CS
		  else your interrupt gate can be not conforming (not recomanded)
		  Conforming means: interrupt caller IOPL number can be equal 
		  or less than gate RPL.
	
	PRESENT: the flags that indicate if interrupt is active (TRUE or FALSE)

	RPL: the requested privilege level to allow interrupt execution.
	     if is not conforming gate then IOPL must be equal than RPL

 After changed the values as you want you have to assemble the source driver and
 load it using the "KMD manager.exe" program (into test directory)


 LIMITATIONS:

 This is not an WDM driver, it should be used for Windows XP (NT kernel)
 The executions of some privileged instructions may create exceptions or faults.
 Be quite on testing.


	------------------------------------------------------------------------------
	"The PHOENIX Projects  2009" and the others not publicated files are reserved
				until their accomplishment.
	      ------------------------------------------------------------------

			Pirata Derek L.S. - 12th July 2009 - Italy	