|
|
|
|
#1
01-17-2005, 13:13
|
|||
|
|||
Kernel Mode Threads
Quote:
Goodluck 
|
|
#2
01-17-2005, 14:10
|
|||
|
|||
|
I don't want to suspend current thread, It's all about to suspend other driver threads so KeWaitForSingleObject can't do anything about it.
|
|
#3
01-17-2005, 17:56
|
|||
|
|||
|
If you know the KTHREAD address of those system threads, just
remove it from the internal kernel thread lists like KiDispatcherReadyListHead and KiWaitListHead. If you make this, the kernel thread will not get any CPU time  Take a look in the klister source code at www.rootkit.com and this paper: http://opensores.thebunker.net/pub/mirrors/blackhat/presentations/bh-usa-03/bh-us-03-rutkowski/bh-us-03-rutkowski.pdf Regards, Opc0de
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code | sh3dow | Source Code | 0 | 05-12-2016 03:15 |
| Use IDA in kernel mode ?? | Veyskarami | General Discussion | 14 | 02-23-2013 12:38 |
| How to pass the large data in kernel mode to user mode? | benina | General Discussion | 3 | 03-06-2010 04:50 |
| Kernel-Mode GUI!? (like SoftIce) | Cobi | General Discussion | 1 | 01-21-2005 02:24 |
| Kernel Mode Driver for NT | SPeY | General Discussion | 12 | 04-22-2004 15:34 |
Hybrid Mode
