Win32 Kernel Shellcode sources & articles

[weiss]

Hi all

I was wondering if anyone here had any links to sites or articles on shellcode development for windows kernel.

So far, the best papers i've read are by Bugcheck & Skape - http://www.uninformed.org/?v=3&a=4&t=txt and by Eeye http://research.eeye.com/html/Papers/download/StepIntoTheRing.pdf

any others recommended? it would be cool to have some sources if possible.

thanks

[Skywing]

Metasploit 3.0 is intended to have support for kernel mode payloads.

[weiss]

I'm definitely keeping an eye on the metasploit developments all right.
what kind of environment would i need to work in to study writing my own?

when i was writing user-mode shellcodes, it was fairly straight forward, writing the code, debugging..
i've not much experience at all working in kernel land.
so, what kind of setup would you recommend? tools..etc

thanks

[Skywing]

I would start out with installing the WDK, assuming you are starting from scratch (the WDK replaces the DDK as of Windows Vista).  Although that page cliams the WDK is still beta, it has been out of beta and in production release mode since last Friday.

The WDK has documentation and a build environment that will let you write code to interact with the kernel.  While your final end work is probably not going to be just a C-based driver written with the WDK, the documentation on the kernel mode API and a build environment that you can use to experiment with it are likely to help in learning how things work.