Operating System Protection Rings

What is it?

[ext] OS Protection rings / Hierarchical protection domains

Microsoft Windows: inspecting protected processes...

... or why not even the system's Win32 APIs can fetch information about some processes, even if calling them from the NT Authority\System account.

A user process example...

# from powershell
Get-WmiObject Win32_Process -Filter "name = 'explorer.exe'" | Select-Object processid,processname,path,commandline

Results in something like:

ProcessId ProcessName  Path                    CommandLine
--------- -----------  ----                    -----------
    10752 explorer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Explorer.EXE

... a kernel/protected process example ...

# from powershell
Get-WmiObject Win32_Process -Filter "name = 'csrss.exe'" | Select-Object processid,processname,path,commandline

Results in:

ProcessId ProcessName Path CommandLine
--------- ----------- ---- -----------
      824 csrss.exe
     1148 csrss.exe

... and The Solution

[ext] Debugging Protected Processes (archived)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

os-protection-rings.md

os-protection-rings.md

Operating System Protection Rings

What is it?

Microsoft Windows: inspecting protected processes...

A user process example...

... a kernel/protected process example ...

... and The Solution

Files

os-protection-rings.md

Latest commit

History

os-protection-rings.md

File metadata and controls

Operating System Protection Rings

What is it?

Microsoft Windows: inspecting protected processes...

A user process example...

... a kernel/protected process example ...

... and The Solution