flat assembler
Message board for the users of flat assembler.

Index > Windows > A whole in the Windows 9x/ME HAL?

Author
Thread Post new topic Reply to topic
MCD



Joined: 21 Aug 2004
Posts: 604
Location: Germany
MCD
Shocked Sure, the HAL (Hardware Abstraction Layer) on Windows 9X/ME is far from beeing perfect, but I recently discovered a very strange and dangerous whole in it:

The keyboard command port A (on PS/2 only) at address 92h is not blocked/limited/restricted in anyway. Thus, one can accidentially or not COLD boot the machine with NO DRIVE CACHES FLUSHED!!!:
Code:
org 100h
 mov al,1
 out 92h,al
 hlt
 int 20h
    


This works for the DOS emulation and also usual Win32 programs!

Is this whole already known? Shocked Shocked

_________________
MCD - the inevitable return of the Mad Computer Doggy

-||__/
.|+-~
.|| ||
Post 02 Feb 2005, 15:05
View user's profile Send private message Reply with quote
scientica
Retired moderator


Joined: 16 Jun 2003
Posts: 689
Location: Linköping, Sweden
scientica
check the MS KB (Knowledge Base), and (if theuy got such) bug/exploits lists - if it's not there, and you want to do MS and their users (if MS takes their time to bother with it) - send thier develeoppers an email with this...

btw, wait a sec. Win9X/Me? does it even have a HAL? (thought only NT versions did)
Post 02 Feb 2005, 15:41
View user's profile Send private message Visit poster's website Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2141
Location: Estonia
Madis731
Maybe its named differently - it must have some sort of abrstaction for the hardware Wink
Post 02 Feb 2005, 16:12
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
HarryTuttle



Joined: 26 Sep 2003
Posts: 211
Location: Poland
HarryTuttle
in the other hands there must be some layers in MS to get more profit and of coz money for patching many kinds of critical or not so cricital bugs.

_________________
Microsoft: brings power of yesterday to computers of today.
Post 25 Feb 2005, 19:08
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
9x wasn't written for security, it was written to have very good compatibility with dos apps and badly-written win3.x shit. The cold boot isn't really any more critical than the old and wellknown "cli + jmp $" trick...
Post 26 Feb 2005, 06:49
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.