KernelMode.info

Hello
I want to know how can I write a backdoor in kernel mode that can listen to a port on the machine and upon connecting it , spawn a cmd shell and hide everything like listening ports and available connections.

Everything about this can help me.

thank you :)

Hi,

This is not a malware writing forum. I don't think you are simply writing a POC because your question seems as though you are not clear yourself what you want to do.

If you are indeed trying to write a POC in order to understand more about the windows kernel, you can spend some time browsing through this forum to look at great posts by other members regarding the topic. You are asking for help to do something that is extremely generic and ambiguous.

I did not have the purpose to develop or spread malware as the question is clear that I want to understand more concepts behind windows kernel architecture and it\'s networking component by writing a practical example.
I searched through google & I just find this one .but I need more helps and resources on this topic. so I think it can be more helpful if you can post some helpful resources on the aforementioned topic.

thanks :)

First, http://www.kernelmode.info/forum/viewtopic.php?f=8&t=16, #1. No matter what you said, thing you want is only for malicious purpose. We do not create malware here.

Second, instead of googling this bullshit from your link, have a look in official MS driver samples, including network ones -> https://github.com/Microsoft/Windows-driver-samples

Third, no, no ready-to-copy-paste solutions easy to use available here.

What you want is a WSK driver, see

1) https://msdn.microsoft.com/en-us/librar ... s.85).aspx
2) https://code.msdn.microsoft.com/windows ... SourceCode

Spawning user mode process will require some research related either to APC injection or to manual process creation from driver. I would recommend instead of this use client/server mechanism, when you will have service running in user mode and working with a driver.

Closed.