JustKernel

Ray Of Hope

Microsoft Internals

Want to Hack the Windows OS. Want to Customize it. Want your Win OS to behave As Per your Need.. Hook SSDT.

Sample Code..  for Hooking Nt Functions.. #include “ntddk.h” #include “stdarg.h” #include “stdio.h” #include “hooksys.h” #include “hook.h” int ProcessNameOffset; /*hooktypedefs for each of the functions*/ typedef NTSTATUS (*NTCREATEFILE)( PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER AllocationSize OPTIONAL, ULONG FileAttributes, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, PVOID EaBuffer OPTIONAL, ULONG EaLength ); typedef NTSTATUS(*NTWRITEFILE)( HANDLE […]

Tags: , ,

Posted in Microsoft Internals | No Comments »

USB Device Redirection

USB Device Redirection is controlled by the Redirection Policy Manager (RPM). RPM is a kernel-mode export driver that is available in Windows 7. By using RPM, third-party developers can load an alternate driver in place of the original USB device driver. RPM abstracts the redirection functionality that is provided by Microsoft. One of the clients […]

Tags:

Posted in Microsoft Internals | No Comments »

WDM driver layers – An Example

following figure shows a sample PnP hardware configuration for a USB joystick. <img id=”usbjoyhw” src=”http://i.msdn.microsoft.com/dynimg/IC134586.png” alt=”Sample PnP Hardware – USB Joystick” /> Sample PnP Hardware – USB Joystick In this figure , the USB joystick plugs into a port on a USB hub. The USB hub in this example resides on the USB Host Contrller […]

Tags:

Posted in Microsoft Internals | No Comments »

USB Device Stack

<img id=”joydobj” src=”http://i.msdn.microsoft.com/dynimg/IC103532.png” alt=”Sample WDM Device Object Layers – USB Joystick” /> Starting at the bottom of the figure , the device objects in the sample device stack include: 1. A PDO and an FDO for the PCI Bus: The root bus driver enumerates the internal system bus 9the root bus) and creates a PDO […]

Tags:

Posted in Microsoft Internals | No Comments »

Shared Memory Between User-Mode And Kernel-Mode (Section Object)

A section object describes an area of meoryt that tow or more processes can potentially share. Sections Objectas are called file-mapping objects. Windows uses section objects to implement shared memory and to map disk files into memory. Important note. Use of this mechanism is discourage for sharing memory between user mode and kernel mode. But […]

Tags:

Posted in Microsoft Internals | No Comments »

Shared memory Between User-Mode And Kernel Mode (IOCTL)

User-mode components cannot allocate virtual memory in the kernel address spaces. Although it is possible to map kenrel memory into user mode, a driver should never do so for security reasons. Therefor, drivers and user-mode components must use other strategies fo sharing memory. Such strategies typically involve : – Mapped memory buffers. – Section objects […]

Tags:

Posted in Microsoft Internals | No Comments »

Memory Descriptor List

A memory descriptor list (MDL ) describes a list of pages in physical memory internally, the Windows kernel uses MDLs in numerous ways. For example, when the I/O manager sets up a direct I/O request to send to a driver, it creates an MDL to describe the I/O buffer. The driver receives a pointer to […]

Tags:

Posted in Microsoft Internals | No Comments »

Thread Context And Driver Routines

Most Windows drivers do not cr eate threads; instead , a driver consists of a group of routines that are called in an existing thread that was created by an application or system component. Kernel-mode software developers use the term “thread context” in two slightly different ways. In its narrowest meaning, thread context is the […]

Tags:

Posted in Microsoft Internals | No Comments »

Accessing parallel port – So simple and yet so complicated

small module of accessing parallel port turns to a horrific story.. The task was just to replicate a user layer app in Linux which accesses parallel port , to Windows OS. Sounds simple, yes it did same to me.. The design was – use IOCTL to get exclusive access to parallel port and then Dispatch […]

Tags:

Posted in Microsoft Internals | No Comments »

Design approach application programming vs kernel/ device driver

During my experience I worked on the application level softwares and kernel / device drivers in some of the best organizations like Samsung and McAfee. One major difference I noticed in design approach is that for application level projects major focus is on designing the module. Coding is relatively simpler. Most of the time is […]

Posted in Microsoft Internals | No Comments »