 |
|
|
|
|
|
| |
| |
|
|
From: scott
Subject: Re: Malware is getting nastier and more professional than ever
Date: 13 Mar 2008 03:51:18
Message: <47d8eb06$1@news.povray.org>
|
|
|
| |
| |
|
|
>> I believe what it *actually* does is yell "hey, somebody changed this!"
>
> How does it do that? The bios cannot have sufficient info about the
> graphics card in order to show a message on screen, especially if the
> graphics card is currently in non-vga mode.
I would imagine it goes something like this:
Interrupt 13 handler (file I/O) code inside BIOS:
Check if trying to write to MBR (always on the same place)
If not, write as usual to the drive, return
Change screen mode to 720x480 (or whatever that one is the BIOS uses at
startup) using an interrupt 10 call
Display some text on the sceeen using the same routines as the BIOS setup
screen etc
Wait for keyboard input (note this totally hangs the system)
If user agrees, write the data as normal to the disc
If not, just exit the interrupt handler
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Thu, 13 Mar 2008 09:51:41 +0100, scott wrote:
> I would imagine it goes something like this:
>
> Interrupt 13 handler (file I/O) code inside BIOS:
No modern OS uses 16-bit BIOS interrupts.
I have understood so that the MBR write protection simply
discards any writes addressing the MBR, silently.
--
Joel Yliluoma - http://iki.fi/bisqwit/
Post a reply to this message
|
|
| |
| |
|
|
From: scott
Subject: Re: Malware is getting nastier and more professional than ever
Date: 13 Mar 2008 05:41:23
Message: <47d904d3$1@news.povray.org>
|
|
|
| |
| |
|
|
>> I would imagine it goes something like this:
>>
>> Interrupt 13 handler (file I/O) code inside BIOS:
>
> No modern OS uses 16-bit BIOS interrupts.
Well yeh I doubt it does, but that's how I understood the BIOS MBR
write-protect feature to work that I'd seen in the past on my system.
Post a reply to this message
|
|
| |
| |
|
|
From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 13 Mar 2008 09:42:55
Message: <47d93d6f@news.povray.org>
|
|
|
| |
| |
|
|
Jim Henderson <nos### [at] nospam com> wrote:
> POST = Power On Self Test. I'm really surprised you don't know that,
> it's a very common thing for people who work with computers to know.
I program computers, I don't build them.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
From: Chambers
Subject: Re: Malware is getting nastier and more professional than ever
Date: 14 Mar 2008 02:05:48
Message: <47da23cc@news.povray.org>
|
|
|
| |
| |
|
|
scott wrote:
>>> I believe what it *actually* does is yell "hey, somebody changed this!"
>>
>> How does it do that? The bios cannot have sufficient info about the
>> graphics card in order to show a message on screen, especially if the
>> graphics card is currently in non-vga mode.
>
> I would imagine it goes something like this:
>
> Interrupt 13 handler (file I/O) code inside BIOS:
>
> Check if trying to write to MBR (always on the same place)
> If not, write as usual to the drive, return
> Change screen mode to 720x480 (or whatever that one is the BIOS uses at
> startup) using an interrupt 10 call
You can't call an interrupt from within an interrupt (at least, you
couldn't when I was messing with them, but that was 12 years ago... of
course, I doubt they've changed much since then).
--
...Ben Chambers
www.pacificwebguy.com
Post a reply to this message
|
|
| |
| |
|
|
From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 14 Mar 2008 03:48:45
Message: <47da3bed@news.povray.org>
|
|
|
| |
| |
|
|
scott <sco### [at] laptopcom> wrote:
> Interrupt 13 handler (file I/O) code inside BIOS:
Any current OS will override the default interrupt handlers created
by BIOS. There's just no way BIOS can catch a write attempt to the disk
by simply having an interrupt handler. If it needs to catch it, there
has to be some other way. It probably nees cooperation from the disk
controller logic or something.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
From: Darren New
Subject: Re: Malware is getting nastier and more professional than ever
Date: 14 Mar 2008 10:36:12
Message: <47da9b6c$1@news.povray.org>
|
|
|
| |
| |
|
|
Chambers wrote:
> You can't call an interrupt from within an interrupt (at least, you
> couldn't when I was messing with them, but that was 12 years ago... of
> course, I doubt they've changed much since then).
I think this is what interrupt priority levels are all about. Depends on
the CPU of course.
--
Darren New / San Diego, CA, USA (PST)
"That's pretty. Where's that?"
"It's the Age of Channelwood."
"We should go there on vacation some time."
Post a reply to this message
|
|
| |
| |
|
|
From: Jim Henderson
Subject: Re: Malware is getting nastier and more professional than ever
Date: 14 Mar 2008 11:21:33
Message: <47daa60d$1@news.povray.org>
|
|
|
| |
| |
|
|
On Thu, 13 Mar 2008 09:42:55 -0500, Warp wrote:
> Jim Henderson <nos### [at] nospamcom> wrote:
>> POST = Power On Self Test. I'm really surprised you don't know that,
>> it's a very common thing for people who work with computers to know.
>
> I program computers, I don't build them.
When I was starting out in the computer business, I was programming and
using just IBM PS/2s, not building them. But I knew what it was, and
everyone I knew knew what it was.
It's just so surprising that such a fundamental element of computers is
something you don't know. I thought everyone knew what it was - even my
mother knows what POST stands for, and she is functionally computer-
illiterate....(OK, not really, but you get my point)
Jim
Post a reply to this message
|
|
| |
| |
|
|
From: Warp
Subject: Re: Malware is getting nastier and more professional than ever
Date: 16 Mar 2008 17:25:10
Message: <47dd9e46@news.povray.org>
|
|
|
| |
| |
|
|
Jim Henderson <nos### [at] nospamcom> wrote:
> It's just so surprising that such a fundamental element of computers is
> something you don't know.
I'm feeling like Andrew like now. ;)
Of course I know that the bios makes tests (at least by default) when
booting. I just didn't know what "POST" means.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
From: Invisible
Subject: Re: Malware is getting nastier and more professional than ever
Date: 17 Mar 2008 04:42:37
Message: <47de3d0d$1@news.povray.org>
|
|
|
| |
| |
|
|
Warp wrote:
> Jim Henderson <nos### [at] nospamcom> wrote:
>> It's just so surprising that such a fundamental element of computers is
>> something you don't know.
>
> I'm feeling like Andrew like now. ;)
>
> Of course I know that the bios makes tests (at least by default) when
> booting. I just didn't know what "POST" means.
Mmm, humility? >:-)
Nobody knows *everything*, even about a specific topic. So let's all
just chill, k people? ;-)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
