Windows Kernel Program
A wild question! Here is my idea, I came across about deepfreeze (www.faronics.com) and amazed how their system works. I find deepfreeze helpful and beneficial in protecting computers from spyware, virus and improper installation of programs since a simple reboot of the computer systems restores the original setup (in effect removing all virus and spywares). I conceptualize that maybe the system are manipulating the System's registry (by importing a backup registry file - maybe) during boot process .
Upon surfing the net, I came to learn how Windows XP boot process works (http://www.microsoft.com/technet/prodtechnol/winxppro/reskit/c29621675.mspx), and thinking to write (if possible) a bogus NTOSKRNL.EXE which copy or import a backup registry file (using reg.exe) and later calls the true NTOSKRNL.EXE using exec or spawn.
I don't really know if the idea would work.
A link or advice on how to write a kernel mode program or to import a backup registry file during boot process of windows OS would be of help.
Hoping for a reply soon. Thanks!
Software/Hardware used:
Software/Hardware used:
ASKED:
April 22, 2006 3:22 AM
UPDATED:
May 7, 2006 7:37 AM
Answer Wiki:
Sorry I can not give you any direct assistance, but below are some links to potentially helpful information.
BE AWARE that some of these pages are very OLD (technologically speaking). However, they still contain potentially useful information, depending on your current level of expertise.
Other sites that I did not check, but almost surely have valuable and applicable information regarding this topic include
Dr. Dobbs Journal
http://www.ddj.com/
If you are not a subscriber, you should consider doing so.
Intel Hardware Design Home
http://developer.intel.com/
I know the name does not sound applicable, but this site offers a wealth of information.
Steve Thornburg's Technology page
http://stevethornburg.com/rooms/tech.html
Long sortable list of professional resources, and a tailored Google Site Flavored Search portal.
One more comment...
I make extensive use of Virtual PC, http://www.microsoft.com/windows/virtualpc/default.mspx
When satisfied with configuration, I clone the VM. Then, if anything "goes wrong", I delete the existing VM and copy the clone.
This is particularly helpful for evaluating new software, or running new code during development.
I hope this helps, and good luck.
http://www.reactos.org/xhtml/en/index.html
http://en.wikipedia.org/wiki/Device_driver
http://www.microsoft.com/whdc/default.mspx
http://www.microsoft.com/whdc/devtools/ddk/default.mspx
http://www.codeproject.com/system/idd.asp
http://www.catch22.net/tuts/kernel1.asp
http://www.sysinternals.com/Blog/
http://www.microsoft.com/technet/archive/ntwrkstn/reskit/execmsgs.mspx?mfr=true
http://www.microsoft.com/msj/0199/bugslayer/bugslayer0199.aspx
http://www.internals.com/articles/apispy/apispy.htm
http://www.sysinternals.com/Information/TipsAndTrivia.html
http://www.sysinternals.com/Information/WindowsXpSourceTree.html
http://www.cygwin.com/packages/
http://www.cmkrnl.com/faq03.html
http://www.nu2.nu/pebuilder/faq/
http://www.osronline.com/article.cfm?id=81
http://www.osronline.com/article.cfm?id=69
http://www.phrack.org/phrack/55/P55-05
http://www.jankratochvil.net/project/captive/
http://www.sonic.net/~undoc/ntcallgate.html
[END]
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
