By: _Arthur (_Arthur.delete@this.globetrotter.net), July 22, 2004 10:01 pm
Room: Moderated Discussions
...that I can pick a rarely-used opcode, say the DAA instruction, and redefine it in microcode to bypass all system protections ?
*Cool* !
I could, say, reprogram that opcode to access ES:[SI| without triggering a memory fault when I read memory outside my own memory space ?
Or, just change the protection level to Ring 0, so my program could execute all protected mode instructions without further ado ?
Of course, WRMSR is itself a protected mode instruction. But once I have managed to execute in on the proper AMD chip, the whole computer would then be insecure, because all the OS and CPU built-in safeties could then be bypassed.
One could also microcode new instructions for something useful, like to speed up (slightly) a SETI search or DiVX encoding...
Now, how long before someone hacks the Intel encoding of their processor patches ?
_Arthur
*Cool* !
I could, say, reprogram that opcode to access ES:[SI| without triggering a memory fault when I read memory outside my own memory space ?
Or, just change the protection level to Ring 0, so my program could execute all protected mode instructions without further ado ?
Of course, WRMSR is itself a protected mode instruction. But once I have managed to execute in on the proper AMD chip, the whole computer would then be insecure, because all the OS and CPU built-in safeties could then be bypassed.
One could also microcode new instructions for something useful, like to speed up (slightly) a SETI search or DiVX encoding...
Now, how long before someone hacks the Intel encoding of their processor patches ?
_Arthur