Date: Fri, 27 Mar 2009 16:41:34 +0200 From: Andriy Gapon <avg@icyb.net.ua> To: Won De Erick <won.derick@yahoo.com> Cc: freebsd-hackers@freebsd.org Subject: Re: Switching to SMM with FreeBSD 6.2 onwards Message-ID: <49CCE59E.6020606@icyb.net.ua> In-Reply-To: <492862.81876.qm@web45808.mail.sp1.yahoo.com> References: <492862.81876.qm@web45808.mail.sp1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
on 27/03/2009 15:47 Won De Erick said the following: > --- On Fri, 3/27/09, Andriy Gapon <avg@icyb.net.ua> wrote: >> on 27/03/2009 12:35 Ivan Voras said the following: >>> One thing that comes to my mind is this: >>> http://invisiblethingslab.com/resources/misc09/smm_cache_fun.pdf > > I will add that to the ff: > > http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf > > > I've made the Exploit code found at the appendix runnable on FreeBSD 7.1 > replacing some of the unsupported functions, but I'm still finding ways how to > verify whether I've written successfully a data to the intended address or not. > I've replaced '/dev/xf86 with '/dev/mem'. Then opened 'dev/io' instead of using > 'i386_get_ioperm()'. Am I on the right track? I believe yes. I made identical changes to Joanna/Rafal's code that gets a glimpse of what SMI handler does via CPU cache. Interesting read :) -- Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49CCE59E.6020606>