| |
| |
|
 | I need time something Brainstorming. The following trouble:
One Profanprogramm launch a driver, the in the Kernel Mode defined data read should. These data must then on the Profanprogramm übermittelt go.
1.) The driver must know, which data it read should - it must means data of Profanprogramm on whom driver übermittelt go.
2.) The Ausgelesenen data should of Profanprogramm showing. it must means data of driver on the Profanprogramm übermittelt go.
thereby there the following trouble:
The driver can useful only APIs from the ntoskrnl.exe and the ntdll.dll using, there into Kernel The GDI32, USER32, KERNEL32.dll,... not loaded are. How ließe itself the best manage?
only ideas desired, View source naturally not absolutely. |
|
| |
| |
| |
|
|
Michael
Wodrich | what standing because on Opportunities available?
Message-Handling?
somewhere must still into driver-Kits stand How one data on The driver heading and receiving. very there would I to whom Info search.
Best wishes
Michael Wodrich |
|
| |
| Programmieren, das spannendste Detektivspiel der Welt. | 11/05/06 ▲ |
|
| |
|
|
| [quote:77fcc8a5e9=Michael Wodrich]what standing because on Opportunities available?
Message-Handling?
[/quote:77fcc8a5e9]
Messages of Profanprogramm on whom driver can I on none drop Send. Andersherum becomes it well too very difficult go.
The Festplatte and the Registry stand In any drop available.
[quote:77fcc8a5e9=Michael Wodrich]
somewhere must still into driver-Kits stand How one data on The driver heading and receiving. very there would I to whom Info search.
Best wishes
Michael Wodrich[/quote:77fcc8a5e9]
time look... it could but thoroughly his, the one such replacement none vorgesehen is and one self improvisieren must. of it I'm going really even almost from.... |
|
| |
| |
| |
|
|
Michael
Wodrich | No You do not need of go out.
too under DOS was is already so, that with IOCTRL a interface there was, with its Help one data in both directions manage could.
How otherwise can data on a Druckertreiber Send and this whom Druckerstatus zurückmelden?
there's there with safety a lane, the into Treiberkits too described becomes.
have unfortunately in the momentum little Time for a driver-trip, but you become there with absolute safety fündig.
ALLE driver must data Send and receive can, otherwise is your existence still very Zweifelhaft.
Best wishes
Michael Wodrich |
|
| |
| Programmieren, das spannendste Detektivspiel der Welt. | 11/05/06 ▲ |
|
| |
|
|
| | best Thanks, the bring me already something moreover. |
|
| |
| |
| |
|
|
 | |
| |
| |
| |
|
|
| Mmmh... The functions, The I there know, come from the Kernel32. can Yes time look, whether it in the NTDLL there what entsprechendes gives.
One direktes write into memory the Profan-Prozesses would too possible. |
|
| |
| |
| |
|
|
| Hallöchen...
the cant shining here Device coachman To his. around the To make, I really vorhabe, I will me there well complete einarbeiten must  . i'll means in the next Time only yet sporadisch here his and me really only the durchlesen, what me important appear.
what I vorhabe, is a Memory-Scanner for Speicherbereiche Pipe.pcu 2GB to develop, in the manner How the [...]  to Time for Speicherbereiche below of 2GB do can. it would so The Possibility give, to beliebiegen Objects in memory to search and these with want directly To Change.
example:
One as driver programmierter virus has a computer befallen. One Virenscanner can it not find and through defined modes has it itself for normal Treiberlistings invisible made. with one such Tool could one then first to the list the loaded Module Search and itself these complete Show let. are here defined Changes To see, has one already time dier address (and Size) the Treibers. About these data could one then The suitable DRIVER_OBJECT structure the virus detect and the Treibernamen get.
there one with the Tool, that I there building would like, How with [...] to beliebiegen data in memory search can should, ließe itself everything possible so employ and one could quasi the Betriebsystem windows The underwear take off.
the whole is for somebody How me, the weder splendid Idea of ASM yet of Treiberprogrammierung has a riesengroße task, and I am already very tensely, how far I so come  .
Greeting
Andreas |
|
| |
| |
| |
|
(1.112)
Deutsch
English
Français
Español
Italia