From Collaborative RCE Tool Library
KernelSpy
| Tool name: | KernelSpy |
|
||
|---|---|---|---|---|
| Author: | Anton Bassov | |||
| Website: | http://www.codeproject.com/system/kernelspying.asp | |||
| Current version: | 1.0 | |||
| Last updated: | April 22, 2004 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | After having published my article about process-wide API spying, I received plenty of encouraging messages - readers have generally accepted my model of hooking function calls. In this article, we will extend our model to kernel- mode spying, and hook the API calls that are made by our target device driver. We will also introduce a brand-new way of communication between the kernel-mode driver and the user-mode application - instead of using system services, we will implement our own mini-version of Asynchronous Procedure Calls. This task is not as complicated as it may seem - in fact, it is just shockingly easy. Windows flat memory model offers us plenty of exciting opportunities - the only thing we need is a sense of adventure (plus a good knowledge of assembly language, of course). All tips and tricks, described in this article, are 100% of my own design - you would not find anything more or less similar to these tricks anywhere. | |||
| Related URLs: | No related URLs have been submitted for this tool yet | |||
Feed containing all updates for this tool.
(please also edit it if you think it fits well in some additional category, since this can also be controlled)
