Well,

 

In a normal world you would use a debugger on the host, but because the malware creators are introducing more and more debugger detection techniques, obfuscation and so on, I was thinking of bypassing some of them but just placing access on the memory at a lower level.

 

Is it possible to have some devices uniquely accessible by the BIOS ? Is it possible to get a side access to the BIOS while the OS is running (and I know that OSes are not using BIOS anymore)? ACPI was just an example but indeed I might be wrong by thinking of ACPI. David in its earlier post talked about SMM which I never heard about.

 

If you think of DRM BIOS, like said during the presentation at FOSDEM (found on youtube), they can control the whole system independently of the OS. I kinda have the same goal, but with open source code and not for DRM purposes.

 

thanks for your comments ! 

 

---------------------------------------
Jean-François Agneessens