[coreboot] How Coreboot can help in malware reverse engineering ?
FENG Yu Ning
fengyuning1984 at gmail.com
Thu Oct 30 05:55:58 CET 2008
Jean-Francois Agneessens <jeanfrancois.agneessens <at> gmail.com> writes:
> Hello list,I found this project two days ago and I like it.
I like it, too.
> By side access, It could be like redirecting ACPI events to actually dump the
> content of the memory on a harddrive which is only seen by the BIOS for
> instance, or having some sort of console connection straight on the BIOS
> (serial port ?) to allow to freeze the host when a specific part of the memory
> is being accessed (breakpoint on hardware level).
I think you have some wrong assumption(correct me if I were the wrong one).
* You do not need access to BIOS for ACPI event handling. After booting, BIOS is
useless and Windows handles all events.
* You need neither access to BIOS nor redirecting ACPI to freeze the host and do
low level debugging. Since you are using the word "host", I guess you are
familiar with Debugging Tools for Windows?
Coreboot won't do you much help if you are investigating malware, but I hope you
still can get some information from those words above.
More information about the coreboot