[Code-Crunchers] detecting blue pill and BH challege
Sebastian Krahmer
krahmer at suse.de
Mon Jul 2 01:47:19 CDT 2007
On Mon, 2 Jul 2007, Gil Dabah wrote:
> SMM's memory is hidden anyways because it's not mapped on default and
> cannot be accessed unless there's SMI, which is much better than hiding
> in memory, the CPU does the work for you. The disadvantage of SMM is
> that it is CPU/MOBO specific, so you can't install your SMI handler easily..
> Anyways, if your detection method will alert upon transition, then way
> to go :) I just suggest a way for checking once the state of the machine.
Thats what trusted computing is all about, no? :)
The interesting thing is that SMM and virtual machines will not work
together, at least theres a lot to do to emulate it, if its catched
at all.
l8er,
S.
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer at suse.de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
More information about the Code-Crunchers
mailing list