Is it possible to run some my code in ring3 for some specified process.

OSR_Community_User · October 13, 2002, 10:23am

Can you, please, help me ?
I’m thinking about buying IFS kit in order to solve the following:

I have a PID of the process and should run some code there: ex. load some
DLL and perform some work. Is it possible to do so ? In particular:

How can I get process by pid in ring0 ?
How can I enforce some process to run my code (may be using kernel mode
special APC) ?
What APIs should I use for this ?
What about security ?

Can IFS help me in this ?

OSR_Community_User · October 13, 2002, 6:11pm

There are user mode ways of doing this like AppInit_DLLs etc. This
task does not require kernel-level development.

Max

----- Original Message -----
From: “Dmitry”
To: “File Systems Developers”
Sent: Sunday, October 13, 2002 6:26 PM
Subject: [ntfsd] Is it possible to run some my code in ring3 for some
specified process.

> Can you, please, help me ?
> I’m thinking about buying IFS kit in order to solve the following:
>
> I have a PID of the process and should run some code there: ex. load
some
> DLL and perform some work. Is it possible to do so ? In particular:
> 1. How can I get process by pid in ring0 ?
> 2. How can I enforce some process to run my code (may be using
kernel mode
> special APC) ?
> 3. What APIs should I use for this ?
> 4. What about security ?
>
> Can IFS help me in this ?
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>

OSR_Community_User · October 14, 2002, 2:59am

I cannot use AppInit_DLLs, because I can be installed only after those apps already started and have to be able to attach to them without using Debug API.

–
Dmitry Kaptsenel, Intel Performance Tools Lab (MPL), (972)-4-8655719

-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Sunday, October 13, 2002 11:30 PM
To: File Systems Developers
Subject: [ntfsd] Re: Is it possible to run some my code in ring3 for some specified process.

There are user mode ways of doing this like AppInit_DLLs etc. This
task does not require kernel-level development.

Max

----- Original Message -----
From: “Dmitry”
To: “File Systems Developers”
Sent: Sunday, October 13, 2002 6:26 PM
Subject: [ntfsd] Is it possible to run some my code in ring3 for some
specified process.

> Can you, please, help me ?
> I’m thinking about buying IFS kit in order to solve the following:
>
> I have a PID of the process and should run some code there: ex. load
some
> DLL and perform some work. Is it possible to do so ? In particular:
> 1. How can I get process by pid in ring0 ?
> 2. How can I enforce some process to run my code (may be using
kernel mode
> special APC) ?
> 3. What APIs should I use for this ?
> 4. What about security ?
>
> Can IFS help me in this ?
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>

—
You are currently subscribed to ntfsd as: xxxxx@intel.com
To unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · October 14, 2002, 7:55am

Then use DLL injection by CreateRemoteThread.

----- Original Message -----
From: “Kaptsenel, Dmitry”
To: “File Systems Developers”
Sent: Monday, October 14, 2002 10:56 AM
Subject: [ntfsd] Re: Is it possible to run some my code in ring3 for
some specified process.

I cannot use AppInit_DLLs, because I can be installed only after those
apps already started and have to be able to attach to them without
using Debug API.

–
Dmitry Kaptsenel, Intel Performance Tools Lab (MPL),
(972)-4-8655719

-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Sunday, October 13, 2002 11:30 PM
To: File Systems Developers
Subject: [ntfsd] Re: Is it possible to run some my code in ring3 for
some specified process.

There are user mode ways of doing this like AppInit_DLLs etc. This
task does not require kernel-level development.

Max

----- Original Message -----
From: “Dmitry”
To: “File Systems Developers”
Sent: Sunday, October 13, 2002 6:26 PM
Subject: [ntfsd] Is it possible to run some my code in ring3 for some
specified process.

> Can you, please, help me ?
> I’m thinking about buying IFS kit in order to solve the following:
>
> I have a PID of the process and should run some code there: ex. load
some
> DLL and perform some work. Is it possible to do so ? In particular:
> 1. How can I get process by pid in ring0 ?
> 2. How can I enforce some process to run my code (may be using
kernel mode
> special APC) ?
> 3. What APIs should I use for this ?
> 4. What about security ?
>
> Can IFS help me in this ?
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>

—
You are currently subscribed to ntfsd as: xxxxx@intel.com
To unsubscribe send a blank email to %%email.unsub%%

—
You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
To unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · October 14, 2002, 8:10am

CreateRemoteThread

doesn’t work between Window Stations. In order to CreateProcess in existing Window Station I have to know Station’s name, but API for this is undocumented.
requires OpenProcess that fails for some system processes, like csrss.exe, etc.

So, what could I do ?

Dmitry Kaptsenel, Intel Performance Tools Lab (MPL), (972)-4-8655719

-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Monday, October 14, 2002 1:33 PM
To: File Systems Developers
Subject: [ntfsd] Re: Is it possible to run some my code in ring3 for some specified process.

Then use DLL injection by CreateRemoteThread.

----- Original Message -----
From: “Kaptsenel, Dmitry”
To: “File Systems Developers”
Sent: Monday, October 14, 2002 10:56 AM
Subject: [ntfsd] Re: Is it possible to run some my code in ring3 for
some specified process.

I cannot use AppInit_DLLs, because I can be installed only after those
apps already started and have to be able to attach to them without
using Debug API.

–
Dmitry Kaptsenel, Intel Performance Tools Lab (MPL),
(972)-4-8655719

-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Sunday, October 13, 2002 11:30 PM
To: File Systems Developers
Subject: [ntfsd] Re: Is it possible to run some my code in ring3 for
some specified process.

There are user mode ways of doing this like AppInit_DLLs etc. This
task does not require kernel-level development.

Max

----- Original Message -----
From: “Dmitry”
To: “File Systems Developers”
Sent: Sunday, October 13, 2002 6:26 PM
Subject: [ntfsd] Is it possible to run some my code in ring3 for some
specified process.

> Can you, please, help me ?
> I’m thinking about buying IFS kit in order to solve the following:
>
> I have a PID of the process and should run some code there: ex. load
some
> DLL and perform some work. Is it possible to do so ? In particular:
> 1. How can I get process by pid in ring0 ?
> 2. How can I enforce some process to run my code (may be using
kernel mode
> special APC) ?
> 3. What APIs should I use for this ?
> 4. What about security ?
>
> Can IFS help me in this ?
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to %%email.unsub%%
>

—
You are currently subscribed to ntfsd as: xxxxx@intel.com
To unsubscribe send a blank email to %%email.unsub%%

—
You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
To unsubscribe send a blank email to %%email.unsub%%

—
You are currently subscribed to ntfsd as: xxxxx@intel.com
To unsubscribe send a blank email to %%email.unsub%%