WinRing:任何函式皆可隨意進入Ring0(含Source) |
|
|
|
lcsboy
版主   發表:87 回覆:622 積分:394 註冊:2002-06-18 發送簡訊給我 |
支援作業系統: Windows 2K, Windows XP, 及WindowsXP以後未來的作業系統
用途: 提供超簡易使用的API:ProcessRing0()
可將BCB內的任一個函式由原來的Ring3 權限, 提昇至Ring 0 權限 詳細資訊:
http://delphi.ktop.com.tw/topic.php?TOPIC_ID=27089 使用概念:
宣告一個函式(如void ReadCMOSData(void);), 你只需要把函式名稱放入這個API就可以自動提昇權限
Ex: ProcessRing0(ReadCMOSData); 除個人使用, 未經授權不得作為商業用途 發表人 - lcsboy 於 2003/03/21 15:38:24
 附加檔案:27086_WinRing.zip
|
|
領航天使
站長  發表:12216 回覆:4186 積分:4084 註冊:2001-07-25 發送簡訊給我 |
一般 CPU 分為 Privileged (Ring 0) 及 Non-Privileged Mode (eg. Ring 3) 在 Windows 95/98 裡頭, Ring3 Components 執行一般 APs 及 System Services(*KERNEL, USER, GDI), Ring0 Components 執行 File Management Subsystem (32-bit FAT, CDFS, Network Redirectors) 及 Virtual Machine Manager Subsystem (Memory Management, Scheduler, VxD Services, DPMI Server & Drivers)
------
~~~Delphi K.Top討論區站長~~~ |
|
lcsboy
版主 發表:87 回覆:622 積分:394 註冊:2002-06-18 發送簡訊給我 |
|
|
SmallBare
一般會員  發表:2 回覆:11 積分:2 註冊:2003-10-20 發送簡訊給我 |
這是修改後Delphi可使用的WinRing 已測試可用
由於不會上傳檔案,就麻煩各位手動建檔嘿 ===================WinRing.pas=========================== unit WinRing; interface uses Windows,WinSvc,Dialogs,Forms; Type TRingData = Record AdjRing0Entry:ULONG ; RegData:array[0..6] of ULONG; end; TRing0Proc = Procedure;StdCall; procedure OpenWinRing; function CloseDriver:boolean; procedure ProcessRing0(Ring0Proc: TRing0Proc);StdCall; const DRIVER = 'WINRING'; implementation var DriverHandle: THandle; Ring: TRingData; RetByte:DWord; OSVersion: byte; Function WINRING_Access:Cardinal; Begin Result:=(($22) shl 16) or (($999) shl 2); End; Procedure _WinRing; Begin DeviceIoControl(DriverHandle,WINRING_Access,@Ring, sizeof(Ring),@Ring,sizeof(Ring),retbyte,Nil); End; function BuildDriverService:boolean; var scHandle, srvHandle: SC_Handle; a:Pchar; begin Result:=False; scHandle:=OpenSCManager(Nil,Nil,SC_MANAGER_ALL_ACCESS); if (scHandle<>0) then Begin srvHandle:=OpenService(scHandle,DRIVER,SERVICE_ALL_ACCESS); if (srvHandle=0) then begin srvHandle:=CreateService( scHandle, DRIVER, DRIVER, SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, SERVICE_ERROR_NORMAL, '.\WINRING.sys', Nil,Nil,Nil,nil,nil); end; if (srvHandle<>0) then Begin A:=''; StartService(srvHandle,0,A); CloseServiceHandle(srvHandle); CloseServiceHandle(scHandle); Result:= true; End; end; end; function OpenDriver:Boolean; begin if (BuildDriverService) then begin DriverHandle:=CreateFile( '\\.\' DRIVER, GENERIC_READ or GENERIC_WRITE, 0, nil, OPEN_EXISTING, 0, 0); Result:=(DriverHandle<>INVALID_HANDLE_VALUE); end else Result:=False; end; function DeleteDriverService:boolean; var srvStatus: TServiceStatus; scHandle,srvHandle: SC_HANDLE; begin scHandle:=OpenSCManager(Nil,Nil,SC_MANAGER_ALL_ACCESS); if (scHandle<>0) then begin srvHandle:=OpenService(scHandle,DRIVER,SERVICE_ALL_ACCESS); if (srvHandle<>0) then begin ControlService(srvHandle,SERVICE_CONTROL_STOP,srvStatus); DeleteService(srvHandle); end; CloseServiceHandle(srvHandle); CloseServiceHandle(scHandle); Result:=true; end Else Result:=False; end; function CloseDriver:boolean; begin CloseHandle(DriverHandle); Result:=DeleteDriverService; end; procedure OpenWinRing; begin OSVersion := LOBYTE(LOWORD(GetVersion)); if (OSVersion<>4) then begin if (not OpenDriver) then begin ShowMessage('Driver not ready!!!'); CloseDriver; Application.Terminate; end; end; end; procedure SaveAllReg;stdcall; Begin Asm push eax mov eax, offset Ring.RegData mov [eax][04], ebx mov [eax][08], ecx mov [eax][12], edx mov [eax][16], esi mov [eax][20], edi mov [eax][24], ebp mov ebx, eax pop eax mov [ebx], eax End; end; procedure ProcessRing0(Ring0Proc: TRing0Proc);StdCall; var retbyte:DWORD; Label ADJRing0,ADJRing; Begin SaveAllReg(); Asm Mov Ring.AdjRing0Entry, offset ADJRing0 End; DeviceIoControl(DriverHandle,WINRING_Access, @Ring, sizeof(Ring), @Ring, sizeof(Ring), retbyte, Nil); Asm jmp ADJRing ADJRing0: mov eax, [esp 4] End; Ring0Proc; Asm Ret ADJRing: End; end; end. ===================Unit1.pas=========================== unit Unit1; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs,WinRing, StdCtrls, ExtCtrls; type TForm1 = class(TForm) Button1: TButton; Timer1: TTimer; procedure Button1Click(Sender: TObject); procedure FormClose(Sender: TObject; var Action: TCloseAction); procedure Timer1Timer(Sender: TObject); private { Private declarations } public { Public declarations } end; var Form1: TForm1; Timer:Array[0..2] Of Byte; V:Integer; implementation {$R *.dfm} procedure TForm1.Button1Click(Sender: TObject); begin OpenWinRing; end; procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction); begin CloseDriver; end; Procedure Test;StdCall; Var Val1,Index:Byte; I:Integer; Begin Asm cli End; for i:=0 to 2 Do Begin Index:=i*2; asm mov al, Index out $70, al in al, $71 mov Val1, al End; Timer[i]:=Val1; End; Asm sti End; End; procedure TForm1.Timer1Timer(Sender: TObject); begin ProcessRing0(Test); Form1.Caption:=Format('%2x,%2x,%2x',[Timer[2],Timer[1],Timer[0]]); end; end. |
發表時間:2003-03-13 23:52:22
IP:211.76.xxx.xxx 未訂閱
系統時間:2024-11-22 20:15:23
聯絡我們 | Delphi K.Top討論版
| 本站聲明 |
|
1. 本論壇為無營利行為之開放平台,所有文章都是由網友自行張貼,如牽涉到法律糾紛一切與本站無關。 2. 假如網友發表之內容涉及侵權,而損及您的利益,請立即通知版主刪除。 3. 請勿批評中華民國元首及政府或批評各政黨,是藍是綠本站無權干涉,但這裡不是政治性論壇! |