Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Direct port I/O under NT without a driver (https://forum.exetools.com/showthread.php?t=5221)

omega_red 09-04-2004 04:51
Direct port I/O under NT without a driver
 
I've played today with ZwSetInformationProcess and found Process UserModeIOPL information class that can be used to grant direct IO permission to a process. However, it needs that the current account has SeTcbPrivilege granted - "Work as a part of operating system". Code enables this privilege for current account, but changes are visible after next logon. One question follows - if there are no changes till relogin, why GetTokenInformation returs that this privilege is enabled? But call to ZwSetInformationProcess returns STATUS_PRIVILEGE_NOT_HELD.

ry.pl/~omega/progs/DirectIO.rar

lay0n2004 07-23-2005 19:36
I granted SeTcbPrivilege and set it but not work for my winxp+sp1
Are there some thing I missed?

Opc0de 07-24-2005 00:34
Don't work in my XP SP1

Exception information
Code: 0xc0000096
Address: 0x040140e

nskSem 07-24-2005 18:03
Add your user to "As a part of OS" programmly or handly in "local policy". Than set SE_TCB_PRIVILEDGE in your programm, that's all. Work in XP.

lay0n2004 07-25-2005 10:59
Quote:
Originally Posted by nskSem
Add your user to "As a part of OS" programmly or handly in "local policy". Than set SE_TCB_PRIVILEDGE in your programm, that's all. Work in XP.
a tittle odd even your demo code on fasm board I got
EFlags : 00010246 ExceptionCode:C0000096 if dbg attach it eflags will be xxxx3xxx If I run it with dbg, 0xC0000096 exception occured with eflags xxxx0xxx, press f9 key then become xxxx3xxx

omega_red 07-25-2005 16:12
Exception is generated when first running this, without relogging, as explained above (not sure why though). After logout/login all is OK here (xp sp2).

lay0n2004 07-26-2005 12:25
Quote:
Originally Posted by omega_red
Exception is generated when first running this, without relogging, as explained above (not sure why though). After logout/login all is OK here (xp sp2).
thank for your helping. well, i re-loggined! is hardware related? my pc is intel 2.8cg disabling ht. the interesting thing is if i run or attach it with any debugger the iopl will become 3. if run without debugger, context iopl got 0

any idea to help ? thanks for advance

the port i tried : 295h 296h

with Token privileges: 20
SeTcbPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege
SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeSystemtimePrivilege
SeShutdownPrivilege
SeRemoteShutdownPrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeSystemProfilePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeLoadDriverPrivilege
SeCreatePagefilePrivilege
SeIncreaseQuotaPrivilege
SeUndockPrivilege
SeManageVolumePrivilege

ZwSetInformationProcess result: 0h (seem ok)

Trying direct IO...EFlags : 00010246 ExceptionCode:C0000096 (context iopl == 0 ?)

Opc0de 07-27-2005 02:42
This exception is really weird.
I'm trying to figure out what is happening...


All times are GMT +8. The time now is 09:38.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX