flat assembler
Message board for the users of flat assembler.

Index > Windows > Entering RING 0

Author
Thread Post new topic Reply to topic
HarryTuttle



Joined: 26 Sep 2003
Posts: 211
Location: Poland
HarryTuttle 14 Dec 2004, 15:53
Code:
include '%fasminc%/win32ax.inc'


struc CONTEXT_
{
.c_contextflags          dd      -1
.c_dr0                   dd      ?
.c_dr1                   dd      ?
.c_dr2                   dd      ?
.c_dr3                   dd      ?
.c_dr6                   dd      ?
.c_dr7                   dd      ?
.c_fpu_controlword       dd      ?
.c_fpu_statusword        dd      ?
.c_fpu_tagword           dd      ?
.c_fpu_erroroffset       dd      ?
.c_fpu_errorselector     dd      ?
.c_fpu_dataoffset        dd      ?
.c_fpu_dataselector      dd      ?
.c_fpu_registerarea      rb      80
.c_fpu_cr0npxstate       dd      ?
.c_gs                    dd      ?
.c_fs                    dd      ?
.c_es                    dd      ?
.c_ds                    dd      ?
.c_edi                   dd      ?
.c_esi                   dd      ?
.c_ebx                   dd      ?
.c_edx                   dd      ?
.c_ecx                   dd      ?
.c_eax                   dd      ?
.c_ebp                   dd      ?
.c_eip                   dd      ?
.c_cs                    dd      ?
.c_eflags                dd      ?
.c_esp                   dd      ?
.c_ss                    dd      ?

}
.data

PL      CONTEXT_

.code
start:


        invoke  CreateThread,0,0,watek_ring3,0,0,esp
        xchg    ebx, eax
        invoke  GetThreadContext,ebx,PL
        push    cs
        pop     eax
        and     eax,0xfffffffc
        mov     [PL.c_cs],eax    ; maybe 0x28 insted eax for Win9x
        mov     [PL.c_eip], watek_ring0
        invoke  SetThreadContext,ebx,PL
        jmp     $
watek_ring3:
        invoke  Sleep,2
        jmp     watek_ring3

watek_ring0:
        push    ss ss
        pop     ds es
        mov eax,[0xffffc000] ;accessing test
        invoke MessageBox,0,"jest OK!","info",0
        invoke ExitProcess,0

.end start
    


why it doesn't work under XP ,under 9x does

_________________
Microsoft: brings power of yesterday to computers of today.
Post 14 Dec 2004, 15:53
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 15 Dec 2004, 01:15
'coz XP (and all NT derivatives) are secure operating systems.

You will need a Kernel Mode Driver to allow you access to ring-0.

KMD's can only be installed by users with priviledges (eg. adminstrators).
Post 15 Dec 2004, 01:15
View user's profile Send private message Visit poster's website Reply with quote
drocon



Joined: 14 Nov 2004
Posts: 8
drocon 19 Dec 2004, 20:20
access /device/physicalmemory to enter ring0 under NT, much like vxdcall0 under 9x.
Post 19 Dec 2004, 20:20
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.