简体繁体 English

如何创建将在Windows的内核级别运行的进程？

[英]how to create a process which will run in kernel level in windows?

原文 2011-02-07 13:18:12 2 3 c++/ windows/ visual-c++/ sdk

I want to create a kernel level of process for windows (Ring 0) but i don't know where to start from. 我想kernel level of process for windows (Ring 0)创建一个kernel level of process for windows (Ring 0)但是我不知道从哪里开始。 I want to know which SDK is required and any tutorial showing its implementation would be helpful. 我想知道需要哪个SDK ，任何显示其实现的教程都将有所帮助。

3 个解决方案

The SDK is the Windows Driver Kit and documentation here . 该SDK是Windows驱动程序工具包和此处的文档。 As a correction to your question, at kernel mode you can't use processes, since kernel-mode drivers run as part of the operating system's executive. 作为对问题的更正，在内核模式下不能使用进程，因为内核模式驱动程序作为操作系统执行程序的一部分运行。 You can create kernel threads though. 您可以创建内核线程。

You are asking this in conjunction with how to create a process which is not visible in task manager or services list 您在询问此问题以及如何创建在任务管理器或服务列表中不可见的流程

Creating a kernel mode solution is going to be so much overhead to do what you want that it is really not the solution. 创建内核模式解决方案将花费很多精力来做您想做的事情，但这实际上不是解决方案。 Creating a driver as a substitute for a typical user mode desktop application is not as straight-forward as it sounds. 创建驱动程序来代替典型的用户模式桌面应用程序并不像听起来那样简单。

You should either: 您应该：

Use Windows security to restrict users 使用Windows安全性限制用户
Write your app as a service (this is still even not a good solution imo because admins can stop it and it sees 'activity' at a different level than a desktop app) 将您的应用程序编写为服务（这仍然不是imo的好解决方案，因为管理员可以停止它，并且看到的“活动”与台式机应用程序不同）
Do some basic trick to prevent closing, such as two sentinel processes that watch each other and keep each other alive. 做一些基本的技巧来防止关闭，例如两个互相监视并保持彼此活力的哨兵进程。

You can create system threads as pointed by Shinnok. 您可以按照Shinnok的指示创建系统线程。 Windows does not have facilities for what you are trying to do. Windows没有您要执行的操作。