PDA

View Full Version : KMD in asm


^DAEMON^
December 17th, 2001, 11:07
Hi,

hmm iam searching for documentations about kernel mode driver in asm (tasm sources would be best)....

^DAEMON^

DakienDX
December 17th, 2001, 12:59
Hello ^DAEMON^ !

What type of Kernel Mode Drivers do you think of?

VxD on Win9X ?
SYS on Win9X ?
SYS on WinNT ?
WDM on Win9X and WinNT ?

VxDs are the best in MASM, WDM in VC++, SYS mainly in C++, perhaps other too.
But you know, nothing is impossible.

Gadix
December 17th, 2001, 19:24
Hello Daemon

KMD docs-sources:

http://www.cmkrnl.com/faq.html
http:/yoda.cjb.net

One suggestion: if KMD is for your protector this is not a good idea: KMD only runs in administrator mode (remeber user-mode)

Gadix

^DAEMON^
December 19th, 2001, 03:15
hi,

nope the url cmk.... is useless!
i wanna write a sys (NT) driver
yoda sux!

^DAEMON^

^DAEMON^
December 20th, 2001, 06:42
hmmm kmd (sys) will only run in admin (supervisor) mode....
puhh then i'll need to use r0 exploits...

anyway sad to see that there is no help
(and please don't point me to elicz page, coz the sources are terrible no documentation etc... etc...)

^DAEMON^

DakienDX
December 20th, 2001, 12:02
Hello ^DAEMON^ !

If you want to search for Ring0-exploits in WinNT: Good luck. You'll really need it. But there is no need for it anyway.

Try to get the WinXP source code. Analyse it. Change it. Fix all problems. Recompile it. Give it an other name. Sell it. Get rich.

But don't ask me where and how.

TheFCE2
December 20th, 2001, 19:06
I'm currently writing a KMD for W2K / XP.

Write me an email or something.

tony b.
December 20th, 2001, 21:15
Yoda has a sample:
h**p://y0da.teamunknown.com/snippets/TracerKMD.zip

regards,

tony

ps. whoops, i see you said "yoda sux"... hmm.. personally, i just use the NT DDK, which has masm in it (but i find C much easier and quicker).

^DAEMON^
December 21st, 2001, 03:00
puhhh i need tasm sources or documentations about it!

DakienDX
December 21st, 2001, 11:58
Hello ^DAEMON^ !

I'm sure you would get more help by the people here if you would be more conductive. I hope you understand what I mean.
If you would discuss your 'powerful' protector in public, it wouldn't be a protector any more, but the topic would be more interesting to many people.
If you want to really keep it secret, why are you posting here?
If you just come here and say "I need this and that,... quick,... hurry,... this one sucks,... that one sucks,... oh no,... you are so stupid" then why do you think anybody is willing to help you?

^DAEMON^
December 23rd, 2001, 06:03
sorry i know, but isn't it the fact that there aren't any good docs out there ? i found all the links the people posted here... and they didn't really help me... so iam sorry! masm is really cruel in my opinion (i can't handle it ) and did u ever saw a source by elicz ?? maybe this is only true for me, but i can't read em... (only portions) so please don't be angry with me! discussing my protector in public, hmmm iam currently busy with a new homepage - where iam going to discuss about protecting better... maybe u'll visit it... available in about one or two weeks! h**p://cdaemon.piranho.de (or .com .org)
thx ^DAEMON^

TheFCE2
December 26th, 2001, 04:12
For my KMD I started out looking at C sources and documentation about kernel drivers in general. I then just converted stuff to Asm. Took me quite a while to get started though.

daze666
December 31st, 2001, 01:41
Hi Daemon,
I'm also looking for KMD ASM sources, could only find the one by Elicz. Found a nice site by some german guy with some good links though: http://www.wischrop-net.de. Not ASM, but this site got me started anyway (I mailed the guy and asked for his C source code, I'm reversing his KMD now, together with the C source and the ElicZ ASM source, I hope to be able to reconstruct it in ASM).
Daze