| Download:Naked
NT version:test 0.1 |
Last Update:21.1.2004 Naked NT provides some unavailable system information (except UR driver developer),also enable user mode appliction to execute code inside Ring 0 privilege level. Exported Functions: (ring0provider.dll+vfdriver.sys)+example provided too. Tested on W2k,XP Initialization InitializeDrive -Load driver UninitializeDrive -Unload driver Interrupt Call Ring 0 EnableInt2AGate -Enable ring 0 interrupt through software 2Ah gate DisableInt2AGate -Disable ring 0 interrupt Ring0Int -call through interrupt gate to the specific function Call Gate Ring 0 EnableR0CallGate -Enable ring 0 call through 02f8h callgate (cannot be disabled) Ring0Call -call though call gate to the specific function Specific functions CopyMemory -though driver (entire process linear address space is accessible) GetEThreadAddress -get kernel EThread structure by Id GetEProcessAddress -get kernel EProcess structure by Id DereferenceEObject -dereference object count used by GetEThreadAddress or GetEProcessAddress EnableThreadIO3 -enable I/O ports,also cli/sti inside Ring 3 code (IF is set,so be aware of error handling while IF=1) AllocateNonCachedMem -allocate kernel non cached memory [can be reached only while Ring 0 code execution -page protected) FreeNonCachedMem -free non cached memory previously allocated EnableCopyOnWrite -enable protection DisableCopyOnWrite -disable protection (Ring 0 may override page protection,any code / data can be modified) EnableIOConstantAccess -enable constant access to IO Ports while Ring 3 execution,also cli/sti DisableIOConstantAccess -disable constant access
|