pt driver in user mode

I’d like to to load a .sys protocol driver in user mode. Anyome has an idea about how this can be achieved ?

Tnx
Matteo

Try to use Service Control Manager routines like CreateService,
StartService etc.
Also look into NT DDK \src\general\instdrv sample.
?
Paul

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Wednesday, October 11, 2000 2:27 PM
To: NT Developers Interest List
Subject: [ntdev] pt driver in user mode

I’d like to to load a .sys protocol driver in user mode. Anyome has an
idea about?how this can?be achieved ?
?
Tnx
Matteo?

On a related note, I would like to know how to install a driver from a
process having normal USER mode privelages instead of requiring ADMIN
privelages. Is there any way a process without admin privelages can call
OpenSCManager() followed by CreateService?

-----Original Message-----
From: Hrdina Pavel [mailto:xxxxx@COMPELSON.COM]
Sent: Wednesday, October 11, 2000 8:32 AM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode
Importance: High

Try to use Service Control Manager routines like CreateService, StartService
etc.
Also look into NT DDK \src\general\instdrv sample.

Paul

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Wednesday, October 11, 2000 2:27 PM
To: NT Developers Interest List
Subject: [ntdev] pt driver in user mode

I’d like to to load a .sys protocol driver in user mode. Anyome has an idea
about how this can be achieved ?

Tnx
Matteo

For security reasons, I sincerely hope there is no way in hell a normal user
can install a driver. Think about it. If a normal user could install a
driver without using elevated privileges, they could install all kinds of
kernel-mode drivers/applications and do anything they want to the system.

Greg
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Russ Auerbach
Sent: Wednesday, October 11, 2000 1:25 PM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode

On a related note, I would like to know how to install a driver from a
process having normal USER mode privelages instead of requiring ADMIN
privelages. Is there any way a process without admin privelages can call
OpenSCManager() followed by CreateService?
-----Original Message-----
From: Hrdina Pavel [mailto:xxxxx@COMPELSON.COM]
Sent: Wednesday, October 11, 2000 8:32 AM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode
Importance: High

Try to use Service Control Manager routines like CreateService,
StartService etc.
Also look into NT DDK \src\general\instdrv sample.

Paul
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Wednesday, October 11, 2000 2:27 PM
To: NT Developers Interest List
Subject: [ntdev] pt driver in user mode

I’d like to to load a .sys protocol driver in user mode. Anyome has an
idea about how this can be achieved ?

Tnx
Matteo

NuMega has a tech note that described a solution that worked for me. See:

http:.

This technique will allow non-Admin users to start/stop (load/unload) your
specific driver.

Another alternative, if your driver is written to accomodate it, is to have
an Administrator set the driver’s StartType to Automatic. The driver will
then be loaded at startup and be available for non-Admin users.

Good luck,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - TDI Client - Windows 95 Redirector
http:

----- Original Message -----
From: Russ Auerbach
To: NT Developers Interest List
Sent: Wednesday, October 11, 2000 2:25 PM
Subject: [ntdev] RE: pt driver in user mode

> On a related note, I would like to know how to install a driver from a
> process having normal USER mode privelages instead of requiring ADMIN
> privelages. Is there any way a process without admin privelages can call
> OpenSCManager() followed by CreateService?
>
> -----Original Message-----
> From: Hrdina Pavel [mailto:xxxxx@COMPELSON.COM]
> Sent: Wednesday, October 11, 2000 8:32 AM
> To: NT Developers Interest List
> Subject: [ntdev] RE: pt driver in user mode
> Importance: High
>
>
> Try to use Service Control Manager routines like CreateService,
StartService
> etc.
> Also look into NT DDK \src\general\instdrv sample.
>
> Paul
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
> Sent: Wednesday, October 11, 2000 2:27 PM
> To: NT Developers Interest List
> Subject: [ntdev] pt driver in user mode
>
>
> I’d like to to load a .sys protocol driver in user mode. Anyome has an
idea
> about how this can be achieved ?
>
> Tnx
> Matteo
>
></http:></http:>

Check out the “UNPROTECT” utility on NuMega’s Drivercentral utilities page. With this, an administrator can remove security from a kernel mode driver to allow non-privileged users to dynamically load and unload a driver.

http://www.numega.com/drivercentral/utilfiles/util.shtml http:

Rick Howard
Ontrack Data International

-----Original Message-----
From: Gregory G. Dyess [mailto:xxxxx@pdq.net]
Sent: Wednesday, October 11, 2000 12:32 PM
To: NT Developers Interest List
Subject: [ntdev] RE: RE: pt driver in user mode

For security reasons, I sincerely hope there is no way in hell a normal user can install a driver. Think about it. If a normal user could install a driver without using elevated privileges, they could install all kinds of kernel-mode drivers/applications and do anything they want to the system.

Greg

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]On Behalf Of Russ Auerbach
Sent: Wednesday, October 11, 2000 1:25 PM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode

On a related note, I would like to know how to install a driver from a process having normal USER mode privelages instead of requiring ADMIN privelages. Is there any way a process without admin privelages can call OpenSCManager() followed by CreateService?

-----Original Message-----
From: Hrdina Pavel [mailto:xxxxx@COMPELSON.COM]
Sent: Wednesday, October 11, 2000 8:32 AM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode
Importance: High

Try to use Service Control Manager routines like CreateService, StartService etc.
Also look into NT DDK \src\general\instdrv sample.

Paul

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Wednesday, October 11, 2000 2:27 PM
To: NT Developers Interest List
Subject: [ntdev] pt driver in user mode

I’d like to to load a .sys protocol driver in user mode. Anyome has an idea about how this can be achieved ?

Tnx
Matteo</http:>

Have thought about that. Larger picture -> if a company product consists of
a software application with a driver component, is there no way around
having to have admin privelages to install the product?

R.

-----Original Message-----
From: Gregory G. Dyess [mailto:xxxxx@pdq.net]
Sent: Wednesday, October 11, 2000 2:32 PM
To: NT Developers Interest List
Subject: [ntdev] RE: RE: pt driver in user mode

For security reasons, I sincerely hope there is no way in hell a normal user
can install a driver. Think about it. If a normal user could install a
driver without using elevated privileges, they could install all kinds of
kernel-mode drivers/applications and do anything they want to the system.

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Russ Auerbach
Sent: Wednesday, October 11, 2000 1:25 PM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode

On a related note, I would like to know how to install a driver from a
process having normal USER mode privelages instead of requiring ADMIN
privelages. Is there any way a process without admin privelages can call
OpenSCManager() followed by CreateService?

-----Original Message-----
From: Hrdina Pavel [mailto:xxxxx@COMPELSON.COM]
Sent: Wednesday, October 11, 2000 8:32 AM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode
Importance: High

Try to use Service Control Manager routines like CreateService, StartService
etc.
Also look into NT DDK \src\general\instdrv sample.

Paul

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Wednesday, October 11, 2000 2:27 PM
To: NT Developers Interest List
Subject: [ntdev] pt driver in user mode

I’d like to to load a .sys protocol driver in user mode. Anyome has an idea
about how this can be achieved ?

Tnx
Matteo

I hope you will not be able to do this, not without the cooperation of
some privileged process. The OS trusts drivers to do just about anything,
so I wouldn’t want the average user to be able to install one.

If you trust users in your (customer’s) runtime environment enough to
let them install drivers, why not just put everyone in the Administrators
group?


Dave Cox
Hewlett-Packard Co.
HPSO/SMSO (Santa Barbara)
https://ecardfile.com/id/Dave+Cox

-----Original Message-----
From: Russ Auerbach [mailto:xxxxx@ENGENIA.COM]
Sent: Wednesday, October 11, 2000 11:25 AM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode

On a related note, I would like to know how to install a driver from a
process having normal USER mode privelages instead of requiring ADMIN
privelages. Is there any way a process without admin privelages can call
OpenSCManager() followed by CreateService?
-----Original Message-----
From: Hrdina Pavel [mailto:xxxxx@COMPELSON.COM]
Sent: Wednesday, October 11, 2000 8:32 AM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode
Importance: High

Try to use Service Control Manager routines like CreateService, StartService
etc.
Also look into NT DDK \src\general\instdrv sample.

Paul
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Wednesday, October 11, 2000 2:27 PM
To: NT Developers Interest List
Subject: [ntdev] pt driver in user mode

I’d like to to load a .sys protocol driver in user mode. Anyome has an idea
about how this can be achieved ?

Tnx
Matteo

I think the key here is to INSTALL, not just stop/start a driver. The
original question asked about calling CreateService. In this regard, I
stand by my original assertion that this would be a major security hole.

Greg
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of xxxxx@ontrack.com
Sent: Wednesday, October 11, 2000 1:42 PM
To: NT Developers Interest List
Subject: [ntdev] RE: RE: pt driver in user mode

Check out the “UNPROTECT” utility on NuMega’s Drivercentral utilities
page. With this, an administrator can remove security from a kernel mode
driver to allow non-privileged users to dynamically load and unload a
driver.

http://www.numega.com/drivercentral/utilfiles/util.shtml

Rick Howard
Ontrack Data International
-----Original Message-----
From: Gregory G. Dyess [mailto:xxxxx@pdq.net]
Sent: Wednesday, October 11, 2000 12:32 PM
To: NT Developers Interest List
Subject: [ntdev] RE: RE: pt driver in user mode

For security reasons, I sincerely hope there is no way in hell a normal
user can install a driver. Think about it. If a normal user could install
a driver without using elevated privileges, they could install all kinds of
kernel-mode drivers/applications and do anything they want to the system.

Greg
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Russ Auerbach
Sent: Wednesday, October 11, 2000 1:25 PM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode

On a related note, I would like to know how to install a driver from a
process having normal USER mode privelages instead of requiring ADMIN
privelages. Is there any way a process without admin privelages can call
OpenSCManager() followed by CreateService?
-----Original Message-----
From: Hrdina Pavel [mailto:xxxxx@COMPELSON.COM]
Sent: Wednesday, October 11, 2000 8:32 AM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode
Importance: High

Try to use Service Control Manager routines like CreateService,
StartService etc.
Also look into NT DDK \src\general\instdrv sample.

Paul
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Wednesday, October 11, 2000 2:27 PM
To: NT Developers Interest List
Subject: [ntdev] pt driver in user mode

I’d like to to load a .sys protocol driver in user mode. Anyome
has an idea about how this can be achieved ?

Tnx
Matteo

AFAIK you can’t install a driver without having an administrator involved.

The NuMega technique modifies the driver Dacl so that a non-Admin user can
subsequently start/stop (load/unload) the driver. HOWEVER, only an
Administrator can make the mod.

In PCAUSA’s case the product is a network monitor framework that uses
dynamically-loadable NDIS protocol drivers. In order for a non-Admin user to
use the product the driver needs to be dynamically loadable by the non-Admin
user. Hence the need for this security tweak.

The Dacl modification function call REQUIRES an administrator.

Good luck,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - TDI Client - Windows 95 Redirector
http:

----- Original Message -----
From: COX,DAVID (HP-Roseville,ex1) <david_cox2>
To: NT Developers Interest List
Sent: Wednesday, October 11, 2000 2:52 PM
Subject: [ntdev] RE: RE: pt driver in user mode

> I hope you will not be able to do this, not without the cooperation of
> some privileged process. The OS trusts drivers to do just about anything,
> so I wouldn’t want the average user to be able to install one.
>
> If you trust users in your (customer’s) runtime environment enough to
> let them install drivers, why not just put everyone in the Administrators
> group?
>
> -----------------------------------------------------------------------
> Dave Cox
> Hewlett-Packard Co.
> HPSO/SMSO (Santa Barbara)
> https://ecardfile.com/id/Dave+Cox
>
>
> -----Original Message-----
> From: Russ Auerbach [mailto:xxxxx@ENGENIA.COM]
> Sent: Wednesday, October 11, 2000 11:25 AM
> To: NT Developers Interest List
> Subject: [ntdev] RE: pt driver in user mode
>
>
> On a related note, I would like to know how to install a driver from a
> process having normal USER mode privelages instead of requiring ADMIN
> privelages. Is there any way a process without admin privelages can call
> OpenSCManager() followed by CreateService?
> -----Original Message-----
> From: Hrdina Pavel [mailto:xxxxx@COMPELSON.COM]
> Sent: Wednesday, October 11, 2000 8:32 AM
> To: NT Developers Interest List
> Subject: [ntdev] RE: pt driver in user mode
> Importance: High
>
>
> Try to use Service Control Manager routines like CreateService,
StartService
> etc.
> Also look into NT DDK \src\general\instdrv sample.
>
> Paul
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
> Sent: Wednesday, October 11, 2000 2:27 PM
> To: NT Developers Interest List
> Subject: [ntdev] pt driver in user mode
>
>
> I’d like to to load a .sys protocol driver in user mode. Anyome has an
idea
> about how this can be achieved ?
>
> Tnx
> Matteo
>
> —
> You are currently subscribed to ntdev as: xxxxx@pcausa.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
></david_cox2></http:>

That was not exactly what i meant. What I’m trying to do is loading the driver not from user mode, but IN the user’s application address space: that is loading more like a dll. I understand that once loaded, there will be plenty of unresolved function references, but what i want to do is remap those references to some user’s process function addresses.

tnx
Matt
----- Original Message -----
From: Hrdina Pavel
To: NT Developers Interest List
Sent: Wednesday, October 11, 2000 2:31 PM
Subject: [ntdev] RE: pt driver in user mode

Try to use Service Control Manager routines like CreateService, StartService etc.
Also look into NT DDK \src\general\instdrv sample.

Paul
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]On Behalf Of Matteo Pelati
Sent: Wednesday, October 11, 2000 2:27 PM
To: NT Developers Interest List
Subject: [ntdev] pt driver in user mode

I’d like to to load a .sys protocol driver in user mode. Anyome has an idea about how this can be achieved ?

Tnx
Matteo

You can look at OpenSCManager() function in VC++ doc, and use OpenService()
and StartService() to start the driver.

Z.S.Wang

-----Original Message-----
From: Matteo Pelati [mailto:xxxxx@dolce.it]
Sent: Wednesday, October 11, 2000 1:42 PM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode

That was not exactly what i meant. What I’m trying to do is loading the
driver not from user mode, but IN the user’s application address space: that
is loading more like a dll. I understand that once loaded, there will be
plenty of unresolved function references, but what i want to do is remap
those references to some user’s process function addresses.

tnx
Matt

----- Original Message -----
From: Hrdina mailto:xxxxx Pavel
To: NT Developers Interest List mailto:xxxxx
Sent: Wednesday, October 11, 2000 2:31 PM
Subject: [ntdev] RE: pt driver in user mode

Try to use Service Control Manager routines like CreateService, StartService
etc.
Also look into NT DDK \src\general\instdrv sample.

Paul

-----Original Message-----
From: xxxxx@lists.osr.com
mailto:xxxxx [
mailto:xxxxx@lists.osr.com
mailto:xxxxx]On Behalf Of Matteo Pelati
Sent: Wednesday, October 11, 2000 2:27 PM
To: NT Developers Interest List
Subject: [ntdev] pt driver in user mode

I’d like to to load a .sys protocol driver in user mode. Anyome has an idea
about how this can be achieved ?

Tnx
Matteo</mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>

What you’re trying to do? Load a driver from kernel mode in an
application address space or from an application in its address space?
And why?

You can try LoadLibraryEx() with DONT_RESOLVE_DLL_REFERENCES flag which
probably won’t work. Next, you can experiment with NtCreateSection() and
NtMapViewOfSection().

Best regards,

Michal Vodicka
Veridicom
(RKK - Skytale)
[WWW: http://www.veridicom.com , http://www.skytale.com]


From: Matteo Pelati[SMTP:xxxxx@dolce.it]
Reply To: NT Developers Interest List
Sent: Wednesday, October 11, 2000 22:41
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode

That was not exactly what i meant. What I’m trying to do is loading
the driver not from user mode, but IN the user’s application address
space: that is loading more like a dll. I understand that once loaded,
there will be plenty of unresolved function references, but what i
want to do is remap those references to some user’s process function
addresses.

tnx
Matt

No, I want an application to load a driver in its address space, more like a
normal dll file. it’s part of a university project. i’m trying to run tcp/ip
in user mode and create a fake ndis enviroment.
I tried with LoadLibraryEx but it doesn’t work… thanks for the suggestion!
I know .sys files are standard Win32 PE files, but I’m wondering how I could
load them in user mode… I don’t want end up creating a custom loader…

Matt

----- Original Message -----
From: “Vodicka, Michal”
To: “NT Developers Interest List”
Sent: Wednesday, October 11, 2000 11:34 PM
Subject: [ntdev] RE: pt driver in user mode

> What you’re trying to do? Load a driver from kernel mode in an
> application address space or from an application in its address space?
> And why?
>
> You can try LoadLibraryEx() with DONT_RESOLVE_DLL_REFERENCES flag which
> probably won’t work. Next, you can experiment with NtCreateSection() and
> NtMapViewOfSection().
>
> Best regards,
>
> Michal Vodicka
> Veridicom
> (RKK - Skytale)
> [WWW: http://www.veridicom.com , http://www.skytale.com]
>
>
>
> > ----------
> > From: Matteo Pelati[SMTP:xxxxx@dolce.it]
> > Reply To: NT Developers Interest List
> > Sent: Wednesday, October 11, 2000 22:41
> > To: NT Developers Interest List
> > Subject: [ntdev] RE: pt driver in user mode
> >
> > That was not exactly what i meant. What I’m trying to do is loading
> > the driver not from user mode, but IN the user’s application address
> > space: that is loading more like a dll. I understand that once loaded,
> > there will be plenty of unresolved function references, but what i
> > want to do is remap those references to some user’s process function
> > addresses.
> >
> > tnx
> > Matt
> >
>
> —
> You are currently subscribed to ntdev as: xxxxx@dolce.it
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
>

It is a little unusual so you have to experiment. If LoadLibraryEx()
doesn’t work, find why (error code). Maybe some little changes in
driver’s PE header would help. Also, previously mentioned
NtCreateSection() could work although this experiment can be more
laborious.

BTW, NDIS isn’t enough for tcpip.sys. Look for imports, you’ll also have
to fake TDI, HAL and NT kernel.

Best regards,

Michal Vodicka
Veridicom
(RKK - Skytale)
[WWW: http://www.veridicom.com , http://www.skytale.com]


From: Matteo Pelati[SMTP:xxxxx@dolce.it]
Reply To: NT Developers Interest List
Sent: Wednesday, October 11, 2000 23:57
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode

No, I want an application to load a driver in its address space, more
like a
normal dll file. it’s part of a university project. i’m trying to run
tcp/ip
in user mode and create a fake ndis enviroment.
I tried with LoadLibraryEx but it doesn’t work… thanks for the
suggestion!
I know .sys files are standard Win32 PE files, but I’m wondering how I
could
load them in user mode… I don’t want end up creating a custom
loader…

Matt

Personally, I think computing PI to the last digit would be more meaningful.

-----Original Message-----
From: Matteo Pelati [mailto:xxxxx@dolce.it]
Sent: Wednesday, October 11, 2000 2:57 PM
To: NT Developers Interest List
Subject: [ntdev] RE: pt driver in user mode

No, I want an application to load a driver in its address space, more like a
normal dll file. it’s part of a university project. i’m trying to run tcp/ip
in user mode and create a fake ndis enviroment.
I tried with LoadLibraryEx but it doesn’t work… thanks for the suggestion!
I know .sys files are standard Win32 PE files, but I’m wondering how I could
load them in user mode… I don’t want end up creating a custom loader…

Matt

----- Original Message -----
From: “Vodicka, Michal”
To: “NT Developers Interest List”
Sent: Wednesday, October 11, 2000 11:34 PM
Subject: [ntdev] RE: pt driver in user mode

> What you’re trying to do? Load a driver from kernel mode in an
> application address space or from an application in its address space?
> And why?
>
> You can try LoadLibraryEx() with DONT_RESOLVE_DLL_REFERENCES flag which
> probably won’t work. Next, you can experiment with NtCreateSection() and
> NtMapViewOfSection().
>
> Best regards,
>
> Michal Vodicka
> Veridicom
> (RKK - Skytale)
> [WWW: http://www.veridicom.com , http://www.skytale.com]
>
>
>
> > ----------
> > From: Matteo Pelati[SMTP:xxxxx@dolce.it]
> > Reply To: NT Developers Interest List
> > Sent: Wednesday, October 11, 2000 22:41
> > To: NT Developers Interest List
> > Subject: [ntdev] RE: pt driver in user mode
> >
> > That was not exactly what i meant. What I’m trying to do is loading
> > the driver not from user mode, but IN the user’s application address
> > space: that is loading more like a dll. I understand that once loaded,
> > there will be plenty of unresolved function references, but what i
> > want to do is remap those references to some user’s process function
> > addresses.
> >
> > tnx
> > Matt
> >
>
> —
> You are currently subscribed to ntdev as: xxxxx@dolce.it
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
>
>


You are currently subscribed to ntdev as: xxxxx@broadstor.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)