Quote:
|
Originally Posted by zEr0
so then if SICE core is kernel driver i think that it can run under ring0 privileges
by u can find some useful thing about Ring mode in very useful virus ezines from 29A labs 
http://29a.host.sk/ |
I don't think it is about whether it is a kernel driver, but rather about when SoftICE loads. SoftICE seems to always start first, and can actually debug other kernel drivers when they load. Just wondering how they manage to do that....
Re: BlindStudio
Thanks a lot!