Reaver wrote:I can control from Ring3 if I obfuscate and VM the code/data enough. You cannot do shit from ring0 if you don't even know where to start reading/writing.
You... You can. You can do a lot. For example, let's assume that you're going to use techniques like hook scanning or integrity checks. I could, in order to bypass these protections no matter how hard your module is crypted, simply redirect all your read memory requests from ring0 to a manually allocated page which represents valid data. Result: Your scans would be fine, no detections. On the other side tho, the executing unit would do what I want it to do, run my modified code. This works always, no matter what you do in ring3. So tell me, how are you planning to bypass that?