On Fri, Dec 15, 2000 at 12:23:08PM -0500, Kevin Lawton wrote:
> Running guest ring0 code at ring0 open memory access to PTE.P==1 pages,
> which includes the monitor interrupt handlers, and monitor data
> structures. Thus, all memory access instructions would be dangerous.
Hm, would it be possible to run ring0 code on ring1? I'm assuming all the
memory we're trying to protect has a DPL of 0.
> Once you modify the instructions in a page by extending the size
> of an instruction (changing an IO to a call), as opposed to
> inserting an INT3 (always 1 byte),
Would it be possible to replace a 1-byte call with an INT3, and >=5 byte with
a JMP to the nexus? Even better if there's a smaller replacement that still
has a better speed.
-=- James Mastros
--
midendian: She never sleeps.
mousetrout: But I do. I just regret it after I wake up.
AIM: theorbtwo homepage: http://www.rtweb.net/theorb/
ICBM: 40:04:15.100 N, 76:18:53.165 W
