From Collaborative RCE Tool Library
KernelSpy
| Tool name: | KernelSpy |
|
||
|---|---|---|---|---|
| Author: | Anton Bassov | |||
| Website: | http://www.codeproject.com/system/kernelspying.asp | |||
| Current version: | 1.0 | |||
| Last updated: | April 22, 2004 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | After having published my article about process-wide API spying, I received plenty of encouraging messages - readers have generally accepted my model of hooking function calls. In this article, we will extend our model to kernel- mode spying, and hook the API calls that are made by our target device driver. We will also introduce a brand-new way of communication between the kernel-mode driver and the user-mode application - instead of using system services, we will implement our own mini-version of Asynchronous Procedure Calls. This task is not as complicated as it may seem - in fact, it is just shockingly easy. Windows flat memory model offers us plenty of exciting opportunities - the only thing we need is a sense of adventure (plus a good knowledge of assembly language, of course). All tips and tricks, described in this article, are 100% of my own design - you would not find anything more or less similar to these tricks anywhere. | |||
| Related URLs: | No related URLs have been submitted for this tool yet | |||
Feed containing all updates for this tool.
(please also edit it if you think it fits well in some additional category, since this can also be controlled)
You are welcome to add your own useful notes about this tool, for others to see!