Things been a bit hectic over the last few weeks, things going on left, right and centre. Hopefully things will quiet down a little now otherwise I'll need another holiday (Come ooooon holiday!!).
Had a few seconds to finish up a few projects (that, as always, I'll never actually release). The one I'm happiest with is a small downloader. The loader drops a small ring0 driver (into an ADS), starts the default web browser as found in HKLM\http\shell\open\command, registers the driver as a system service which hides the browser process (and itself) by hooking NtQuerySystemInformation), drops a dll into same file as the driver (using different stream, also hidden by driver,), injects the dll into the hidden browser process and finally the dll downloads and executes a remote executable file. Not bad for 3Kb :)
Now to take a few sleeping pills and have a nice relaxing coma for the next 19 hours.