[coreboot] How Coreboot can help in malware reverse engineering ?

FENG Yu Ning fengyuning1984 at gmail.com
Thu Oct 30 05:55:58 CET 2008

Jean-Francois Agneessens <jeanfrancois.agneessens <at> gmail.com> writes:

> Hello list,I found this project two days ago and I like it.

I like it, too.

> By side access, It could be like redirecting ACPI events to actually dump the 
> content of the memory on a harddrive which is only seen by the BIOS for 
> instance, or having some sort of console connection straight on the BIOS 
> (serial port ?) to allow to freeze the host when a specific part of the memory 
> is being accessed (breakpoint on hardware level).

I think you have some wrong assumption(correct me if I were the wrong one).
* You do not need access to BIOS for ACPI event handling. After booting, BIOS is
useless and Windows handles all events.
* You need neither access to BIOS nor redirecting ACPI to freeze the host and do
low level debugging. Since you are using the word "host", I guess you are
familiar with Debugging Tools for Windows?

Coreboot won't do you much help if you are investigating malware, but I hope you
still can get some information from those words above.

yu ning

More information about the coreboot mailing list