Author Topic: Questions about protected instructions  (Read 9375 times)

Offline ben321

  • Full Member
  • **
  • Posts: 185
Questions about protected instructions
« on: November 21, 2015, 11:39:21 PM »
How do I use "protected instructions" or "privileged instructions"? I know in WinXP and beyond they are protected and only allowed to be accessed by kernel driver files supposedly. However the driver files themselves must somehow have a way of elevating their privilege level, which suggests that there is some x86 privilege elevation instruction/opcode that exists. What is the neumonic for this opcode? How does one call it? Maybe there's a way I could elevate my own EXE file to a kernel driver's privilege level, if I can figure out the right instructions to call. If so, I could then call all sorts of cool instructions like
mov ax,0x0013
int 0x10

This would force the screen into VGA mode (320x200 with 256 colors), even though Windows is trying to run the screen at 1280x768 size with over 16million colors. Then, when my program forced the graphics mode change, my program would have complete control of what was being shown on the screen, and Windows would have no control of the screen, meaning I could theoretically make a DOS-like game that would run in Windows, in VGA mode. Although, there would be no way to get back to Windows own graphics mode without rebooting the PC (since I'm sure any of the Windows graphics code in memory would be wrecked beyond all usability by this forced change of graphics mode to VGA mode which isn't supported in Windows), it would still be really cool and nostalgic to be able to have VGA mode in Windows, even if you'd have to reboot the PC to get out of it.

Do you have any idea how I can force my EXE file to run in privileged mode, just like a kernel driver normally would?

Offline Frank Kotler

  • NASM Developer
  • Hero Member
  • *****
  • Posts: 2667
  • Country: us
Re: Questions about protected instructions
« Reply #1 on: November 22, 2015, 01:13:00 AM »
Sure, find a bug in your OS. "Protected Mode" is protected from US, Ben! Try this...

http://duartes.org/gustavo/blog/post/cpu-rings-privilege-and-protection/

Best,
Frank