Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > alt.os.development > #10036
| From | Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> |
|---|---|
| Newsgroups | alt.os.development |
| Subject | Re: FYSOS: The Graphical User Interface |
| Date | 2016-08-28 17:51 -0400 |
| Organization | Aioe.org NNTP Server |
| Message-ID | <20160828175140.715e5c7c@_> (permalink) |
| References | (20 earlier) <nps2lp$pf2$1@dont-email.me> <20160827191211.45045e2c@_> <npua4u$94r$1@dont-email.me> <20160828084648.31b928f0@_> <npv7vl$abs$1@dont-email.me> |
On Sun, 28 Aug 2016 18:45:22 +0100 James Harris <james.harris.1@gmail.com> wrote: > On 28/08/2016 13:46, Rod Pemberton wrote: > > On Sun, 28 Aug 2016 10:16:12 +0100 > > James Harris <james.harris.1@gmail.com> wrote: > >> On 28/08/2016 00:12, Rod Pemberton wrote: > >> I think that the intrusive software would only have to find some > >> memory that the OS does not initially use. That could be between > >> 0x600 and 0x7c00 or it could be in the 0x500 range. It could even > >> be an unused part at the top of the IVT! > > > > You could attempt to blank or wipe or fill as much unused memory as > > is possible. INT3 instruction might be good for the fill value. > > IIRC, we can't be entirely sure of certain memory ranges above or > > near 4GB as being memory, instead being hardware. > > It depends on the goal. Imagine that you had filled accessible memory > (possibly that below 1Mby) with INT3. If you then called BIOS INT > 0x10 and got vectored to an INT3 byte then you would know that > something had intercepted the boot process and revectored INT 0x10. > But what would you do then? All you could do is fail to carry out INT > 0x10 calls. You could not fix the problem by restoring INT 0x10 > functionality. Why couldn't you just restore the original INT 0x10 vector? If calling an INT has triggered INT3 and the vector value has changed, you just need to reset it and reissue the INT. The vector value has changed, but no code has been modified. If calling an INT has triggered INT3 and the vector has the original vector value, then you have a hacked BIOS or BIOS bug. > There is also the problem of some machines permitting RAM in the > 0xC0000..0xDFFFF range. We could not zap that space with INT3s. Save clean copy? ... > That said, it may be a good fallback. The OS could say to the user > that the computer was not clean when the OS booted. I'd probably attempt to clear memory below 1MB+64KB-16 which is writable and not used for BIOS or video. It seems unlikely that a virus or malware would attempt to hide in memory that most likely isn't mapped physically. Most OSes only map memory below 1MB+64KB-16 physically, and use paging for memory above that. If paging is being used, the code for the virus or malware could be scrambled, or inaccessible until it's mapped. Obviously, RAM shadowed ROM code is a problem here. > But what would it do then? Refuse to change video mode? Shut down and > refuse to operate? Attempt a clean reboot? If your goal is to not execute untrusted code under any circumstance, then you don't execute untrusted code. Period. Rebooting is likely going to cause the OS to call the infected interrupt. The best option is to refuse to change video mode, and while the OS is still executing, fix or patch the OS so suspicious code or problematic code is bypassed. This may mean forcing a different video mode by a different method. Another option might be to disable the OS, which would force the user or operator to boot from _other_ trusted media to fix the OS, e.g., cd-rom/dvd or usb stick/drive. A hidden backup partition of the initial install might work too or a special recovery partition. The OS would need to rewrite the active partition flags to change the bootable partition. > I had a thought that we might be able to hook int 0x19 to get control > back but I guess that any reset which rewrites other IVT entries > rewrites that one too. ... Rod Pemberton
Back to alt.os.development | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
FYSOS: The Graphical User Interface "Benjamin David Lunt" <zfysz@fysnet.net> - 2016-07-08 11:52 -0700
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-16 11:00 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-16 11:14 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-16 19:07 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-16 19:42 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-16 21:32 +0200
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-16 23:22 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-17 13:50 +0200
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-18 01:41 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-18 10:47 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-17 08:45 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-17 13:57 +0200
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-18 01:47 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-18 10:59 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-18 11:37 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-18 17:38 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-19 10:03 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-19 22:34 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-22 17:43 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-22 19:04 +0200
Re: FYSOS: The Graphical User Interface "Rick C. Hodgin" <rick.c.hodgin@gmail.com> - 2016-08-16 04:18 -0700
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-16 12:25 +0100
Re: FYSOS: The Graphical User Interface "Rick C. Hodgin" <rick.c.hodgin@gmail.com> - 2016-08-16 04:41 -0700
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-16 19:19 +0200
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-16 19:14 +0200
Re: FYSOS: The Graphical User Interface "Benjamin David Lunt" <zfysz@fysnet.net> - 2016-08-16 19:24 -0700
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-17 12:26 +0200
Re: FYSOS: The Graphical User Interface "Mike Gonta" <mikegonta@gmail.com> - 2016-08-17 10:42 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-18 01:16 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-18 12:17 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-18 19:23 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-19 17:29 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-19 22:55 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-22 17:18 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-22 19:23 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-23 11:46 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-23 23:44 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-24 08:29 +0100
Re: FYSOS: The Graphical User Interface "Alexei A. Frounze" <alexfrunews@gmail.com> - 2016-08-24 02:39 -0700
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-24 17:43 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-24 11:25 +0200
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-23 17:50 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-24 09:14 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-24 12:39 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-25 10:46 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-25 12:40 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-25 12:10 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-25 14:43 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-27 13:56 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-27 15:59 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-27 17:03 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-27 22:43 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-28 09:22 +0100
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-28 11:51 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-28 13:08 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-27 19:12 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-28 10:41 +0200
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-28 08:48 -0400
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-27 19:12 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-28 10:16 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-28 08:46 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-28 18:45 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-28 17:51 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-29 07:55 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-29 06:40 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-31 06:43 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-24 07:00 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-25 11:37 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-25 18:45 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-26 10:00 +0200
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-26 16:16 -0400
Re: FYSOS: The Graphical User Interface "wolfgang kern" <nowhere@never.at> - 2016-08-27 15:10 +0200
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-27 17:59 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-27 19:11 -0400
Re: FYSOS: The Graphical User Interface James Harris <james.harris.1@gmail.com> - 2016-08-28 10:56 +0100
Re: FYSOS: The Graphical User Interface Rod Pemberton <NoHaveNotOne@zxdehrnyya.cam> - 2016-08-28 08:45 -0400
Re: FYSOS: The Graphical User Interface "Benjamin David Lunt" <zfysz@fysnet.net> - 2016-08-17 20:12 -0700
csiph-web