Services, Drivers Ring-0

[ic2]

Hello everybody.  I need to write a small tool that will turn-off a few services that displays in the Windows Task Manager under the Processes tab, that are initiated during start-up.  This was my main concern until now.

Now I want to go to ring 0 to monitor all applications that has been started at  boot time and others that get executed during the life of that Windows session before being restarted again.  Writing a routine to do all this thing may not a problem for me but getting to ring-0 by-way of an Device Driver is.  If I can learn how to do this I be able to do what I want to do in the first place... That is, turning-off some un-needed services and turn them back-on again, only when needed by me and not by Windows.

I don't know to much about services and drivers.  I have been playing around with Four-F  KMDKIT and looking into Don's Service Skeleton which I will be experimenting with (if need in my case) after some suggestions, ideas or examples from other experienced people.  I would have posted there but most don't visit the laboratory until they ready to optimize.

http://www.masm32.com/board/index.php?topic=8592.0

So far I read into some of KMD sample code to get an idea of what things are about and then I assembled some of the examples to make sure it works.  Things do re-assemble with no problems. Now  I need to know which sample to use and where do I start including my code for generating a start-up list of all application .

You may wonder why I want to do it at ring-0 level.  Well, I always wanted to write a driver but I never could figure a reason to do so.  I already know how track newly started app's using a dll  that monitor a registry key and with a FindWindow and compare program I wrote.  I want to take this code one step farther by coding it in a service driver entering the lowest level... Ring-0.

Am I'm thinking in the right direction?  If so could someone show me the step needed to get what I am after?

Thanks in advance

[Tedd]

There's already a tool on windows for starting and stopping services..

net help -- to get a list of commands

The main ones you'll want are "net start" and "net stop"

(Admin rights required to do anything useful :bdg)

[ic2]

I can't believe a coder of your caliber and all you had done for us around here would even suggest to anyone to go to Windows for help.  Do something useful???  Again...

(1)
Is Don Service Skeleton something I should be working with or not?

(2)
What example in KMD should I start building from for what I am trying to do as described above?

(3)
Would you mind sharing your example or skeleton?

(4)
Is this something only for C++ and off limits to ASM coders?

[Tedd]

I can't believe a coder of your caliber and all you had done for us around here would even suggest to anyone to go to Windows for help.

I suggested a solution to your problem -- "what I want to do in the first place ... turning-off some un-needed services and turn them back-on again, only when needed by me and not by Windows." -- one that can be used today and doesn't require getting into the murky depths of KMDs and ring-0. Of course, if you do want to get into that anyway, that's another matter :wink But a direct solution is to simply use "net stop messenger" (or whichever services.)


Anyway, I'm not sure it's even necessary to do this from ring-0. The only safe (wrt system stability) way to do it will be to instruct the 'service manager' to load/unload the listed services. My first guess would be that it's going to require some RPC.

Is this something only for C++ and off limits to ASM coders?

Off limits?? Nothing's off limits to asm coders! - if anything, it would be the other way around :bdg

[ic2]

I tried to be blunt about it and that still didn't work...  Please everyone , skip the first paragraph in my initial post. I am not looking for a quick fix.

Tedddddddd, I not worries about necessitiessssssss.

I want to learn how to write Drivers.  :'(  :'(  :'( 

I'm tired of being a button pusher.   ::) 

I want to swim in the Muddy Waters.   :dazzled:


I need Guidance.

BTW: I really don't even know if I'm barking up the right tree or not and what I want to do may not even be possible.  I heard nothing about that yet from experenced ASM people.   Anyway, those are some great tips.  RPC do seem interesting and I will be looking seriously into that and wrt.  But my goal is  "system driver writing" as described above with-out the first paragraph if it works for what I'm after.   I just got beat-up and now I'm ready to kick some a** to boot.


Thanks Ted

[sebart7]

http://www.freewebs.com/four-f/

[hutch--]

ic2,

There is a place for drivers but note that with the coming Microsoft OS versions you cannot run them unless they are signed and known alsewhere. Basically you can write non certified drivers up to the end of XP, Server 2003 etc ... but not the later versions as they restrict drivers for security reasons.

For NT based systems (2k, XP, server2003) the tutorials by four-f are very good but its not for the faint of heart.

[ic2]

Thanks you so much hutch, and all the crew, here and at DEP.  The  information  giving in these pass few days have saved me time, money and MOST definitely my sanity/life.  I spoke my peace and if I'm even half right someone somewhere will address that problem and may get paid for it too. All I need to do is stay up to date and Thank God everyday for this masm32forum.

Back to the drawing board.  I KNOW what I have to do.  I'm going to have a 7%$*!&g B A L L behind this one  ...

Thanks again Guys

Thanks Ted your solutions still exist

[DavidJohn]

@ic2

If u are looking for a tool. This may surely help you.

http://www.snapfiles.com/get/smartclose.html

David