[coreboot] How Coreboot can help in malware reverse engineering ?

Jean-Francois Agneessens jeanfrancois.agneessens at gmail.com
Thu Oct 30 17:10:09 CET 2008


SMM/SMI seem to be a possible solution. If it is "undetectable" by the OS, I
am wondering why OSes can still detect it : "Windows/Linux define an SMI
Timeout within which SMM Handlers should complete their job and return
control back to OS normal operations. Otherwise the OS will crash. "

I will contact Darmawan when I will finish to read his book :-)

Jean-François Agneessens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20081030/44805572/attachment.html>

More information about the coreboot mailing list