This tutorial is written not for newbies, to be able to understand
the code you must have some knowledge about system interrupts and 
the way they work. I wrote it in hope that it will be useful.

Windows memory protection is organized in 4 levels called Rings. 
Windows separates different types of programs and gives them different 
priviledges : from 0 to 3. 0 is the highest priviledge level, system's 
kernel32 runs on it; and 3 is the lowest priviledge level it is for 
user appilcations. Levels 1 and 2 are for drivers and other system 
software That protection mechanism usually protects software on 
higher levels from crashes of software on lower levels, so kernrel 
wont crash if your proggie will produce General Protection Fault.

In Ring0 programs have full control over system, including the direct 
access to hardware and ability to use processor's debug features, for 
example you can do HDD low-level format using Ring0 DeviceIOControl 
mechanism. For detailed information on Ring0 services see WinDDK help
 
Jumps from Ring3 to Ring0 most often are used in viruses(like win95 
CIH), commercial  software protectors and ofcourse in debuggers. The 
main purpose of this tutorial is to show the possibility of how to 
make system software in SpAsm.

During the development of Ring0 code keep in mind that any fault of 
your code in Ring0 will not be handled by windows and your system may 
hang so you will have to push Reset.

This example shows how to switch from Ring3 to Ring0 and back. To 
switch to Ring0 we use INT 5 (structured exception handling) Ring3 
application programs are allowed to execute sidt instruction and 
modify the IDT(interrupt description table), so we are able to modify 
the interrupt vectors to set out own ones. Interrupt code is executed 
in Ring0 and we shall use this.

 The program does the following :
 1. Save's the app's startup register values
 2. Get's IDT and saves the system INT 5 handler
 3. Modifies IDT to set new INT 5 handler that containes our code to
    be executed in Ring0.
 4. Generates the INT 5 to call the Ring0 code
 5. When our INT 5 handler finishes his job it restores the
    system's INT 5 handler
 6. Restores the startup register values and continues
    execution of main Ring3 code that displays messagebox and 
    terminates the program


For questions please mail me to:  kick10@inbox.ru



