Allowing arbitrary code to run in ring 0 violates basic OS security principles.

允许任意代码在环 0 中运行违反了基本的操作系统安全原则。

Only the OS kernel and device drivers run in ring 0. If you want to write ring 0 code, write a Windows device driver. Thismay be helpful.

只有操作系统内核和设备驱动程序在环 0 中运行。如果要编写环 0 代码，请编写 Windows 设备驱动程序。这可能会有所帮助。

Certain security holes may allow your code to run in ring 0 also, but this isn't portable because the hole might be fixed in a patch :P

某些安全漏洞也可能允许您的代码在 ring 0 中运行，但这不可移植，因为该漏洞可能已在补丁中修复：P

Technically speaking, all processes have some threads spending some of their time in Kernel-Mode (ring 0). Whenever a user-mode process makes a syscall into the OS, there is a transition where the thread gets into ring 0 via a 'gate'. Whenever a process needs to talk to a device, allocate more process-wide memory, or spawn new threads, a syscall is used to ask the OS to provide this service.

从技术上讲，所有进程都有一些线程在内核模式（ring 0）中花费一些时间。每当用户模式进程对操作系统进行系统调用时，都会有一个转换，线程通过“门”进入环 0。每当进程需要与设备通信、分配更多进程范围内存或产生新线程时，系统调用都会用于要求操作系统提供此服务。

Therefore, if you want to have a process run some code in ring 0, you'll need to write a driver and then communicate with this driver thru some syscalls. The most common syscall for this is called ioctl (stands for I/O Control).

因此，如果你想让一个进程在 ring 0 中运行一些代码，你需要编写一个驱动程序，然后通过一些系统调用与这个驱动程序通信。最常见的系统调用称为 ioctl（代表 I/O 控制）。

Another thing to look at on the Windows platform is the UMDF (User-Mode Driver Framework). This allows you to write, debug, and test a driver in user-mode (running in ring 3) but it is still accessible to other drivers or other processes in the system.

在 Windows 平台上要查看的另一件事是 UMDF（用户模式驱动程序框架）。这允许您在用户模式下（在环 3 中运行）编写、调试和测试驱动程序，但它仍然可以被系统中的其他驱动程序或其他进程访问。

You cannot set kernel mode from a user mode process. That's how security works.

您不能从用户模式进程设置内核模式。这就是安全工作的方式。