问题
I want to create a kernel level of process for windows (Ring 0) but i don't know where to start from. I want to know which SDK is required and any tutorial showing its implementation would be helpful.
回答1:
The SDK is the Windows Driver Kit and documentation here. As a correction to your question, at kernel mode you can't use processes, since kernel-mode drivers run as part of the operating system's executive. You can create kernel threads though.
回答2:
You are asking this in conjunction with how to create a process which is not visible in task manager or services list
Creating a kernel mode solution is going to be so much overhead to do what you want that it is really not the solution. Creating a driver as a substitute for a typical user mode desktop application is not as straight-forward as it sounds.
You should either:
- Use Windows security to restrict users
- Write your app as a service (this is still even not a good solution imo because admins can stop it and it sees 'activity' at a different level than a desktop app)
- Do some basic trick to prevent closing, such as two sentinel processes that watch each other and keep each other alive.
回答3:
You can create system threads as pointed by Shinnok. Windows does not have facilities for what you are trying to do.
来源:https://stackoverflow.com/questions/4921753/how-to-create-a-process-which-will-run-in-kernel-level-in-windows