I would like to know where to get started, or how possible it is to hook into, or patch the windows kernel(XP and up). I am specifically interested in software like McAfee Entercept, or certain antivirus scanners that patch the kernel. I would like to know how feasable it is for a startup to create software that added in functionality to the kernel(I am aware of KPP, and that it can possibly be bypassed), and any remifications of doing this. I was unable to find a simple description, and only have limited experience with Win32. Any help is much appreciated,
J
Further clarification: I am not after a driver as such, and would be interested in if it was technically possible to port something like PaX to windows for example. It is a bad example as windows already has an implementation, but I am interested if similar technologies could be ported without having access to the NT source.
Serafina Brocious :
Yes, it's very possible to hook into the kernel. I strongly suggest the books Windows Internals and Rootkits.\n\nThese should give you all of the information you need.",
2008-10-07T09:55:56
Greg Hewgill :
The Microsoft Detours library allows you to intercept API calls from processes, and insert or replace your own code.\n\nNote that successfully doing this sort of thing will likely require somewhat more than limited Win32 experience. As you can imagine, this can be a very complex topic.",
2008-10-07T09:56:41