how to create a process which will run in kernel level in windows?
Question
I want to create a kernel level of process for windows (Ring 0) but i don't know where to start from. I want to know which SDK is required and any tutorial showing its implementation would be helpful.
3 answers
solution1
6 ACCPTED 2011-02-07 13:22:22
The SDK is the Windows Driver Kit and documentation here . As a correction to your question, at kernel mode you can't use processes, since kernel-mode drivers run as part of the operating system's executive. You can create kernel threads though.
solution2
2 2011-02-07 13:59:20
You are asking this in conjunction with how to create a process which is not visible in task manager or services list
Creating a kernel mode solution is going to be so much overhead to do what you want that it is really not the solution. Creating a driver as a substitute for a typical user mode desktop application is not as straight-forward as it sounds.
You should either:
- Use Windows security to restrict users
- Write your app as a service (this is still even not a good solution imo because admins can stop it and it sees 'activity' at a different level than a desktop app)
- Do some basic trick to prevent closing, such as two sentinel processes that watch each other and keep each other alive.
solution3
0 2011-02-07 17:15:37
You can create system threads as pointed by Shinnok. Windows does not have facilities for what you are trying to do.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.