Well,
In a normal world you would use a debugger on the host, but because the malware creators are introducing more and more debugger detection techniques, obfuscation and so on, I was thinking of bypassing some of them but just placing access on the memory at a lower level.
Is it possible to have some devices uniquely accessible by the BIOS ? Is it possible to get a side access to the BIOS while the OS is running (and I know that OSes are not using BIOS anymore)? ACPI was just an example but indeed I might be wrong by thinking of ACPI. David in its earlier post talked about SMM which I never heard about.
If you think of DRM BIOS, like said during the presentation at FOSDEM (found on youtube), they can control the whole system independently of the OS. I kinda have the same goal, but with open source code and not for DRM purposes.
thanks for your comments !
--------------------------------------- Jean-François Agneessens