Counter


Download:Naked NT 

version:test 0.1

Last Update:21.1.2004

Naked NT provides some unavailable system information (except UR driver developer),also enable user mode appliction to execute code inside
Ring 0 privilege level.

Exported Functions: (ring0provider.dll+vfdriver.sys)+example provided too.
Tested on W2k,XP

Initialization
 InitializeDrive  -Load driver
UninitializeDrive  -Unload driver
Interrupt Call Ring 0
EnableInt2AGate  -Enable ring 0 interrupt through software 2Ah gate
DisableInt2AGate  -Disable ring 0 interrupt
Ring0Int -call through interrupt gate to the specific function
Call Gate Ring 0
EnableR0CallGate  -Enable ring 0 call through 02f8h callgate
(cannot be disabled)
 Ring0Call -call though call gate to the specific function
Specific functions
CopyMemory -though driver (entire process linear address space is accessible)
GetEThreadAddress -get kernel EThread structure by Id
GetEProcessAddress -get kernel EProcess structure by Id
DereferenceEObject -dereference object count used by GetEThreadAddress or GetEProcessAddress
EnableThreadIO3 -enable I/O ports,also cli/sti inside Ring 3 code (IF is set,so be aware of error handling while IF=1)
AllocateNonCachedMem -allocate kernel non cached memory [can be reached only while Ring 0 code  execution -page protected)
FreeNonCachedMem -free non cached memory previously allocated
EnableCopyOnWrite -enable protection
DisableCopyOnWrite -disable protection  (Ring 0 may override page protection,any code / data can be modified)
EnableIOConstantAccess -enable constant access to IO Ports while Ring 3 execution,also cli/sti
DisableIOConstantAccess -disable constant access


Note:
segment  GS:[0-limit 0fffh] point to special shared memory / can be accessed from any process but only inside Ring 0 code execution
 


Author: Vanja Fuckar,EMAIL:INGA@VIP.HR