flat assembler
Message board for the users of flat assembler.

Index > Windows > How to bypass Privileged instruction(0xC0000089) (User mode)

Author
Thread Post new topic Reply to topic
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 13 Apr 2011, 03:07
I have this snippet in DLL

Read time (second) from CMOS

Code:
mov dx,70h
mov al,0
out dx,al  ;<------------ Happens here
inc dx
in al,dx

    


Is there a good way of doing that?
Post 13 Apr 2011, 03:07
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20355
Location: In your JS exploiting you and your system
revolution 13 Apr 2011, 03:55
Which version of Windows?

There are many available drivers available for download that allow user mode I/O, but later versions of Windows (Vista and 7) won't load unsigned drivers. Search for Userport (both on this board and the wider Internet), I have used it successfully in the past.
Post 13 Apr 2011, 03:55
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 13 Apr 2011, 03:59
Ok. Thanks.

I'm using Windows XP, SP 3
Post 13 Apr 2011, 03:59
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 13 Apr 2011, 04:01
Wait...Hold on..... I'll try it my self in Kernel mode... I have WDK and I was recently making a driver.....
LOL

What am I thinking.....
Post 13 Apr 2011, 04:01
View user's profile Send private message Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji 13 Apr 2011, 07:18
proc DriverEntry pDriverObject, usRegistryPath ...
a driver, there is no alternative.
possibly a "callgate", but this raises other problems,
switch to ring0 via a "callgate" isn't completely stable.
Because "far jmp" does not clear interrupt flag.
A driver is the only real solution

_________________
I am not young enough to know everything (Oscar Wilde)- Image
Post 13 Apr 2011, 07:18
View user's profile Send private message Send e-mail Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 13 Apr 2011, 14:19
yup...i just made a driver and it's able to dump 255 bytes from cmos.....interesting....maybe i could find something on the way
Post 13 Apr 2011, 14:19
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 790
Location: Adelaide
sinsi 13 Apr 2011, 14:28
revolution wrote:
Which version of Windows?

There are many available drivers available for download that allow user mode I/O, but later versions of Windows (Vista and 7) won't load unsigned drivers. Search for Userport (both on this board and the wider Internet), I have used it successfully in the past.


There is a boot menu option (a one-time option too) but it's a bit unclear as to unsigned drivers.
Quote:
Disable Driver Signature Enforcement
- Allows drivers containing improper signatures to be installed

Does unsigned=improper?
Post 13 Apr 2011, 14:28
View user's profile Send private message Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 295
Alphonso 13 Apr 2011, 14:57
AFAIK you can self sign and use the test signing option. Since self signed usually has no recognized CA chain then maybe that's what is meant by "improper signatures".
Post 13 Apr 2011, 14:57
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.