BIOS Disassembly Ninjutsu Uncovered (Uncovered series)

BIOS Disassembly Ninjutsu Uncovered (Uncovered series)

Language: English

Pages: 450

ISBN: 1931769605

Format: PDF / Kindle (mobi) / ePub

Explaining security vulnerabilities, possible exploitation scenarios, and prevention in a systematic manner, this guide to BIOS exploitation describes the reverse-engineering techniques used to gather information from BIOS and expansion ROMs. SMBIOS/DMI exploitation techniques—including BIOS rootkits and computer defense—and the exploitation of embedded x86 BIOS are also covered.

Essentials of Error-Control Coding

Intelligent Robotics and Applications: 4th International Conference, ICIRA 2011, Germany, Part I

Wireless Mesh Networks: Architectures and Protocols

Computer Networks (4th Edition) - Problem Solutions














preliminary assessment binary scanlling, i.e., opening up the binary me within a hex editor and examining the content of the binary with it. For an experienced reverse code engineer, sometimes this step is more efficient rather than firing up the disassembler. If the engineer knows intimately the machine architecture where the binary file was running, he or she would be able to recognize key structures within the binary file without firing up a disassembler. This is sometimes encountered when an

tI8IJl ~ <<.,:.' see 0000 696E 92?0 A668 8ADe BOB? 860? 4AEO . . r-I EJ .a.l4J~ 1~1l(,1 II><'U IlINI Jlws.k ~< .~ ... 206C 5020 6309 E?39 9 4 14 7286 OBBB 0815 008 9 6835 010e 2000 eecc 5."-4 1 '\900 B906 67BO 9F I'I' I & 20CO 34 42 002C CJOI 44 85 E?l6 B69A 856C ?998 (Q Y- + J"tii tm . - • / S l' ::c; .(J r,' 4001 0000 0002 0000 4?46 31S0 3S30 2E62 C88 F 787E EB12 S20 E ece4 4 155 5B33 lAIC 29A9 7111 2110 E8El OOAA 7838 C419 C957 607,\ B559 49-'4 018B 5384 E226 81'D1 ElA9

;:;a,:;:,i;:.i[ .... 'no ;e.. .....e-. ""'~ '"-_"'-..,'='==='''-~''''''= Chapter 2: Preliminary Reverse Code Engineering , 41 • IDA Pro internal functions have informative comments in the lOA Pro include files for the scripting facility, as shown in Listing 2.3. Anyway, note that a S12-KB BIOS binary file must be opened in IDA Pro with the loading address set to OOOOh to be able to execute the sample script in Listing 2.2. This loading scheme is the same as explained in the previous

enough; in line I, the current data in the processor's general-purpose registers were saved. Then comes the crucial part, as I said earlier: PCI is a 32-bit bus system; hence, you have 10 use 32-bit addresses to communicate with the system. You do this by sending the PCI chi p a 32-bit address through eax register and using port oxera as the port to send this data. Here's an example of the PCI register (sometimes caned the offset) address format. In the routine in listing 1.1, you see the

configuration address must always be 1000, or 8h (see Fig. 1.10). 24-30 Reserved bits 16-23 PCI bus number. 11-15 PCI device number 8-10 PCI function number. 2-7 Offset address (double word or 32-bit boundary) 0-' Unused, since the addressing must be In the 32-bIt boundary Now. examine the previous value that was sent. !fyou are curious. you'll find that 80000064h means communicating with the device in bus O. device 0, function O. and offset 64. This is the memory controller

Download sample