how to create a process which will run in kernel l

2019-09-20 14:53发布

站内问答 / C++
1125 3 4

I want to create a kernel level of process for windows (Ring 0) but i don't know where to start from. I want to know which SDK is required and any tutorial showing its implementation would be helpful.

3条回答
beautiful°
2楼-- · 2019-09-20 15:34

You can create system threads as pointed by Shinnok. Windows does not have facilities for what you are trying to do.

查看更多
0人赞 添加讨论(0) 举报
时光不老,我们不散
3楼-- · 2019-09-20 15:37

You are asking this in conjunction with how to create a process which is not visible in task manager or services list

Creating a kernel mode solution is going to be so much overhead to do what you want that it is really not the solution. Creating a driver as a substitute for a typical user mode desktop application is not as straight-forward as it sounds.

You should either:

  1. Use Windows security to restrict users
  2. Write your app as a service (this is still even not a good solution imo because admins can stop it and it sees 'activity' at a different level than a desktop app)
  3. Do some basic trick to prevent closing, such as two sentinel processes that watch each other and keep each other alive.
查看更多
0人赞 添加讨论(0) 举报
你好瞎i
4楼-- · 2019-09-20 15:44

The SDK is the Windows Driver Kit and documentation here. As a correction to your question, at kernel mode you can't use processes, since kernel-mode drivers run as part of the operating system's executive. You can create kernel threads though.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)