Chapter 3. The Hardware Connection

 < Day Day Up > 

One Ring to rule them all, One Ring to find them, One Ring to bring them all and in the darkness bind them.

THE FELLOWSHIP OF THE RING,J. R. R. TOLKIEN

Software and hardware go together. Without software, hardware would be lifeless silicon. Without hardware, software cannot exist. Software ultimately controls a computer, but under the hood, it's the hardware that implements the software code.

Furthermore, hardware is the ultimate enforcer of software security. Without hardware support, software would be totally insecure. Many texts cover software development without ever addressing the underlying hardware. This might work for the developers of enterprise applications, but it won't work for rootkit developers. As a rootkit developer, you will be faced with reverse-engineering problems, hand-coded assembly language, and highly technical attacks against software tools installed on the system. Your understanding of the underlying hardware will empower you to tackle these hard problems. Throughout the rest of this book, you will encounter concepts and code that assume you have some amount of hardware understanding. Therefore, we encourage you to read this chapter before moving on.

Ultimately, all access controls are implemented in hardware. For example, the popular notion of process separation is enforced using "rings" on the Intel x86 hardware. If the Intel CPU had no mechanism for access control, then all software executing on the system would be trusted. This would mean that any program that crashed could bring the whole system down with it. Any program would have the ability to read and write to hardware, access any file, or modify the memory of another process. Sound familiar? Even though the Intel family of processors have had access control capabilities for many years, Microsoft did not take advantage of these until the release of Windows NT.

In this chapter we discuss the hardware mechanisms that work behind the scenes to enforce security and memory access in the Windows operating system. We begin our discussion of hardware mechanisms by taking a look at how the Intel x86 family of microprocessors performs access control. We then discuss how the processor keeps track of matters using lookup tables. We also discuss control registers and, more importantly, how memory pages work.

     < Day Day Up > 


    Rootkits(c) Subverting the Windows Kernel
    Rootkits: Subverting the Windows Kernel
    ISBN: 0321294319
    EAN: 2147483647
    Year: 2006
    Pages: 111

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net