[coreboot] How Coreboot can help in malware reverse engineering ?
Jean-Francois Agneessens
jeanfrancois.agneessens at gmail.com
Thu Oct 30 17:10:09 CET 2008
David,
SMM/SMI seem to be a possible solution. If it is "undetectable" by the OS, I
am wondering why OSes can still detect it : "Windows/Linux define an SMI
Timeout within which SMM Handlers should complete their job and return
control back to OS normal operations. Otherwise the OS will crash. "
[Wikipedia,http://en.wikipedia.org/wiki/System_Management_Mode]
I will contact Darmawan when I will finish to read his book :-)
thanks,
---------------------------------------
Jean-François Agneessens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20081030/44805572/attachment.html>
More information about the coreboot
mailing list