.Hi,
i tried to use the ZwSetSystemInformation(...) with SYSTEM_INFORMATION_CLASS::SystemLoadAndCallImage to load a monolithiqc non-pnp driver on my windows vista system, but it tells me that the caller lacks a privilege to do so. Well, i run the application fully elevated and i enabled any possible privileges on the process,...it still fails! I could create a service/driver entry in the SCM of the OS and then start the driver, but i am looking for some way to load kernel drivers on the fly (with no option to unload until next reboot). I could also implement a driver that will act as a proxy by using some IOCTL to pass down a piece of memory and the necessary information to the driver and then call the function in kernel mode (i guess this will work), but thats a way too much of overhead for me.
Is there any other way to load a driver on the fly an call its DriverEntry from Usermode? I am NOT trying to write some bad code, its just for some experimental stuff,...
I have the suspicion that the SYSTEM_INFORMATION_CLASS::SystemLoadAndCallImage on ZwSetSystemInformation(...) is not callable on Vista+ Systems in Usermode anymore, even if you run on full power.
Regards
R.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}