This article should be read with the sole purpose of education. No users nor machines must be hurt or damaged. Ethics first. Fun later. Modern x86 Operating Systems, use to execute instructions. In protected mode there are 4 different privilege levels, from 0 to 3. They are also referred to as — , to indicate the level of separation between them. protected mode ring0 ring3 The highest-level (the least privileged) is (ring3) where regular applications run. The lowest-level (the highest privileged) is mode (ring0) where the kernel or the core of the operating system runs (basically the code that own the hardware). userland kernel Whenever an application needs to call the kernel, it uses an to tell to the kernel which system call to execute. This interrupt in Linux x86–32 is instruction and in Linux x86–64 is the instruction . interrupt int $0x80 syscall When the CPU takes the interrupt, it switch from ring3 to ring0 and it calls the . From this regular and seemingly harmless behavior, nice and horrible things can be made, if you know what I mean. is the code that allows to a kernel system call and, well, free your imagination. Happy hacking! system_call Here hook Did you enjoy the reading? Please support us with a . We will really appreciate! small donation Originally published at worldofpiggy.com on September 11, 2015. is how hackers start their afternoons. We’re a part of the family. We are now and happy to opportunities. Hacker Noon @AMI accepting submissions discuss advertising & sponsorship To learn more, , , or simply, read our about page like/message us on Facebook tweet/DM @HackerNoon. If you enjoyed this story, we recommend reading our and . Until next time, don’t take the realities of the world for granted! latest tech stories trending tech stories