Back to Top

Monday, November 27, 2006

Cutting off user-mode

With every release Microsoft tries to separate user-mode and kernel mode more and more. Some say that this is a temporary solution, however it is still important. These hacks were probably done in the name of efficiency back in the days, but this is largely irrelevant today with as much computing power as we have and should be rapidly eliminated, otherwise they undermine the security of the system.

Now for the fun part of it: it is possible to change the IOPL level of a user mode process from user mode. What this means that you can directly control all the hardware from user mode (think DMA controller, HD controller, etc). For those of you who don't want to fiddle with the policy editor, download PsTools and use the -s command line switch - don't forget to give the full path name to the executable. And yes, it works with Vista too if you are Administrator (I've tested using a pre-RTM build, but I don't think they changed anything in the RTM build).

Be safe out there and remember: don't run as root!

PS: If you don't have access to a compiler, you can grab the exe here. Just remember, it will restart your computer without a warning!

  • File size: 36864 bytes
  • MD5: 19cd8a70f199df4182eb198818e6c782
  • SHA1: 7c5dc5ab1c36b3876bedcb3641513a06b75bf453

2 comments:

  1. Rather than PSTools, don't you mean PSExec?

    ReplyDelete
  2. Yes, the particular executable you have to use is PSExec, but it is only available as the part of the PsTools package.

    ReplyDelete