Working in kernel mode ?????

Status
Not open for further replies.
A

ahmed osama

Full Member level 6
Joined
Jul 18, 2004
Messages
352
Helped
2
Reputation
4
Reaction score
0
Trophy points
1,296
Location
Cairo, Egypt, Egypt
Activity points
2,652
Hi all

Can i write a program working in the kernel mode (W2K) without using the deivce driver kit (DDK) !!!..

Or In other words "HOW TO WORK IN THE KERNEL MODE W2K??"
thx alot
bye
 

i think it is very hard to enter kernel mode without DDK in W2K.
 

swgchlry said:
i think it is very hard to enter kernel mode without DDK in W2K.
Click to expand...

OKAY

now i got the DDK

HOW CAN I USE IT WITH VC++....... I don't want to use the "BUILD" program !!
 

There are some lazy ways to survive without learning DDK. You can try WinDriver from Jungo or Driver Studio from Compuware. Both have easy integration with MSVC and can generate driver template for you, so that you will just put your functionality inside and will not worry about system part of driver.
 



Indeed I want to make a program works in kernel mode and not a driver..so i asked alot and all told me u must have the DDK and i got the DDK but now i don't know how to use it in VC++ to create a normal program and not a driver..

Please help me
 

Why do you need an application to work in kernel mode? FYI, the opposite of Kernel-Mode is Application-Mode? The whole idea of having a Kernel-Mode is to control application access. If you need kernel access, you usually create a driver for it, and then interface your application to the driver. DDK is basically C, but you can use the extern "C" commands to allow for C++-like coding, mostly for the convenience declaring variables on-the-fly, none of the OO stuff.
 

ahmed osama said:
Indeed I want to make a program works in kernel mode and not a driver..so i asked alot and all told me u must have the DDK and i got the DDK but now i don't know how to use it in VC++ to create a normal program and not a driver..
Please help me
Click to expand...

Probably, you can describe your task in more details?
I'm asking, because there are solutions for some kernel-mode operations, like getting direct access to IO ports (with giveio driver) or accessing DRx registers from Ring 3 applications.
 


I want a program to spy on the communication between a certain process and a port .........SO any ideas EXPERT !!!
 

It's called a filter driver. Essentially, you must be very familiar with the driver stack and wdm driver architecture. A good start would be Walter Oney's "Programming the Microsoft Windows Driver Model". It's the most definitive book on writing windows drivers, and I vaguely remembered he had an example on filter drivers. And as I've said before, you still have to write a separate application to communicate with the driver.
 

ahmed osama said:
I want a program to spy on the communication between a certain process and a port
Click to expand...

You will definitely need driver for this. It could be filter driver if you want to get into protocol stack or you can just set hardware breakpoint to desired port and analyze plain data. This second apporach can be useful only for simple protocols, like RS232 and LPT. But anyway not chances to proceed without driver.

Also, if you want ready solution, try Bus Hound from PeriSoft - it is exactly what you need.
 


Can one application to has a driver inside it and use it..since i saw a spying program without any driver files ( NO sys No dll No in No inf ...just one EXE)

how they create that??
 

Can you give a link to the program? Note that driver files are installed during installation, and normally will reside in the system32 directory rather than the application directory.

As far as I know, there is a clear distinction between kernel mode and application mode.
 

There is sources of Sysinternals Regmon and Filemon filter driver:
**broken link removed**
 

urm actually it still relies on drivers. You don't see it cuz when you execute it, it creates the driver and then delete it when you close the program. try tdimon.

EDIT:

there's another one which i can't find the driver. Active Ports. Anyone has any idea how is it being done?
 

Status
Not open for further replies.

Similar threads

Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…