Cheat Engine :: View topic - Is there a way running closed source app in kernel mode?

Cheat Engine
The Official Site of Cheat Engine

FAQ

Memberlist

Usergroups

Profile

Is there a way running closed source app in kernel mode?

Cheat Engine Forum Index -> General programming

View previous topic :: View next topic

Author

Message

spyware293
Newbie cheater

Reputation: 0

Joined: 28 Jun 2012
Posts: 13

Posted: Fri Sep 19, 2014 10:37 pm Post subject: Is there a way running closed source app in kernel mode?

Maybe using Injected DLL, or else? haven't seen one before.

Dark Byte
Site Admin

Reputation: 471

Joined: 09 May 2003
Posts: 25819
Location: The netherlands

Posted: Sat Sep 20, 2014 4:11 am Post subject:

If it wasn't created to be used in kernelmode it's not possible. Kernelmode doesn't have imports like kernel32.dll or ntdll.dll and basically every usermode app loads in those imports _________________ Do not ask me about online cheats. I don't know any and wont help finding them. Like my help? Join me on Patreon so i can keep helping

smaudet
Newbie cheater

Reputation: 0

Joined: 06 Sep 2014
Posts: 23

Posted: Sun Sep 21, 2014 4:06 am Post subject: Re: Is there a way running closed source app in kernel mode?

spyware293 wrote:

Maybe using Injected DLL, or else? haven't seen one before.

I wouldn't think it impossible...

I would mainly be worried about the program being smart enough to run without a kernel - there are two parts to running in kernel mode:

A) not needing a kernel
B) being allowed to run that way

A) is paramount to your question -

someReturn someFunction(){
while(somethingTrue){ ... do something }
}

will run fine in kernel/non-kernel mode

but if it does something like

callUserLandKernelFunc()

You're screwed - you either have to:

A) re-write the call (and since this is not source code you are editing, you must either hand edit a bunch of assembly or figure out how to patch in your own generated assembly)

B) remove all references to said call

And both are such large topics that you need to handle this on a case-by-case basis, if you want to preserve program functionality. Now, this is perfectly possible, the kernel is just a program, so you are perfectly capable of running/simulating your own kernel. But its unlikely that you'll be able to achieve this.

As for being allowed to run this way - usually kernels implement user-land in such a manner that it is impossible for this to happen. The only way to get around this is to

A) replace the kernel as the user (e.g. wipe your hard-drive or modify the kernel)
B) hack the kernel.

The second option is probably outside the scope of this forum, as it is essentially what blackhats do when they write system exploits.

Given that most games don't handle a lot of their graphics etc. themselves, instead relying on handy kernel or low level api features, I'd say DarkBytes over-simplified answer is probably correct for your case. No, you can't.

Then again, you've not said what you want this for, and it may in fact be possible to slice up the program and only run certain parts of it. Very, very unlikely, but possible.
_________________

( _ )
(")
(-"-)
(_`/._)

^_^

Display posts from previous:

	Cheat Engine Forum Index -> General programming	All times are GMT - 6 Hours
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum