Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: ileaf!io!titan!prs@EDDIE.MIT.EDU (Paul Schmidt)
Newsgroups: comp.virus
Subject: Re: Stealth viruses (PC)
Message-ID: <0001.9008301719.AA26303@ubu.cert.sei.cmu.edu>
Date: 27 Aug 90 22:30:18 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 16
Approved: krvw@sei.cmu.edu

mweiner@bene.at (Michael Weiner) writes:
> [on the possibility for viruses to alter ROM BIOS code shadowed
>  into RAM on 386 machines]
>
>Still, this write protection is software-based only. As I understand
>it, these memory managers work by placing the machine in protected
>mode and running the PC in Virtual-86 mode.

That's not true for all machines. Nearly all, if not all of the more
recent support chip sets for PCs (both 286 and 386) allow BIOS
shadowing (and Video BIOS shadowing, as well) in _hardware_,
regardless of what mode the CPU is running in. Some of these chip sets
can be manipulated to allow write access to the 0xF0000 area (after
all, the boot-up code needs write access to copy the code over). Some
others, however, have various interlocks that disallow write access
after the initial copy, or from any executing code outside the BIOS.