[Code-Crunchers] detecting blue pill and BH challege
Gil Dabah
arkon at ragestorm.net
Tue Jul 3 01:02:53 CDT 2007
Well, I said one way, forcing sleep/hibernation.
You can use chipset specific code to trigger it. But that's less
favorite, since it's not platform independent.
The other way on Intel that was researched by someone else is writing to
port 0xb2 (didn't confirm myself).
For more information you can read the research 'The Quest to Ring0" by
Federico Biancuzzi: http://www.securityfocus.com/columnists/402/1
and his paper:
http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf
Actually I got the SMM idea from his interview...Though he used it to
compromise security, I thought to use it to detect blue pill.. :)
Have a nice day
Peter Ferrie wrote:
>> Oh, that's the all idea, on Intel, you can generate an SMI manually.
>>
>
> Really? SMI is an external interrupt, generated by hardware.
> How do you force one to occur?
>
>
>> And I have no clue what's your way, I was simply talking about
>> how-would-I-do-it...
>>
>
> :-)
> _______________________________________________
> Code-Crunchers mailing list
> Code-Crunchers at whitestar.linuxbox.org
> http://whitestar.linuxbox.org/mailman/listinfo/code-crunchers
>
>
More information about the Code-Crunchers
mailing list