SMM/SMI seem to be a possible solution. If it is "undetectable" by the OS, I am wondering why OSes can still detect it : "Windows/Linux define an SMI Timeout within which SMM Handlers should complete their job and return control back to OS normal operations. Otherwise the OS will crash. " [Wikipedia,http://en.wikipedia.org/wiki/System_Management_Mode]