OSDev.org

The Place to Start for Operating System Developers
It is currently Mon Mar 18, 2024 9:33 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: viruses access hard disk directly without need of os
PostPosted: Fri Jan 13, 2023 3:33 am 
Offline

Joined: Fri Jan 13, 2023 3:24 am
Posts: 1
can a virus accesses hard disk directly without need of OS?
copy all instructions in device drivers and interrupts and etc. to skip OS's control.
Or how can an OS stop programs to do this?
I mean, OS will not inspect each instruction in a program before start executing them, right? So can a program gather all the instructions in device drive or something like that, and control hard drive all by itself?

newbie to OS dev, looking for any advice, thanks.


Top
 Profile  
 
 Post subject: Re: viruses access hard disk directly without need of os
PostPosted: Wed Jan 18, 2023 8:58 pm 
Offline
Member
Member

Joined: Mon Mar 25, 2013 7:01 pm
Posts: 5069
Modern OSes use the CPU's hardware privilege separation to stop ordinary programs from accessing the hardware. If you try to access hardware in an ordinary program, the CPU will tell the OS that your program is doing something it's not allowed to do, and the OS will stop your program.


Top
 Profile  
 
 Post subject: Re: viruses access hard disk directly without need of os
PostPosted: Wed Jan 18, 2023 10:14 pm 
Offline
Member
Member
User avatar

Joined: Fri Sep 03, 2021 5:20 pm
Posts: 91
Octocontrabass wrote:
Modern OSes use the CPU's hardware privilege separation to stop ordinary programs from accessing the hardware. If you try to access hardware in an ordinary program, the CPU will tell the OS that your program is doing something it's not allowed to do, and the OS will stop your program.


Although some very advanced viruses may be able to jailbreak/do privilege escalation and skip a critical set of OS protections, by exploiting either OS or hardware attack vectors.

_________________
Writing a bootloader in under 15 minutes: https://www.youtube.com/watch?v=0E0FKjvTA0M


Top
 Profile  
 
 Post subject: Re: viruses access hard disk directly without need of os
PostPosted: Thu Jan 19, 2023 2:25 am 
Offline
Member
Member
User avatar

Joined: Sat Mar 31, 2012 3:07 am
Posts: 4591
Location: Chichester, UK
If you are a newbie to OS development then you have a lot of years of learning before you need to worry too much about virus prevention in your OS. The truth is that until your OS is in widespread use no hacker is going to devote resources towards it.

It's difficult to go into too much detail answering your question as any useful information could be used by malicious actors.


Top
 Profile  
 
 Post subject: Re: viruses access hard disk directly without need of os
PostPosted: Thu Jan 19, 2023 3:32 am 
Offline
Member
Member

Joined: Wed Oct 01, 2008 1:55 pm
Posts: 3180
I don't think an ordinary virus can do it, but malicious hardware certainly can. Hardware basically can do anything with PCIe bus mastering.


Top
 Profile  
 
 Post subject: Re: viruses access hard disk directly without need of os
PostPosted: Thu Jan 19, 2023 8:58 am 
Offline
Member
Member

Joined: Wed Aug 30, 2017 8:24 am
Posts: 1590
rdos wrote:
I don't think an ordinary virus can do it, but malicious hardware certainly can. Hardware basically can do anything with PCIe bus mastering.
That's what IOMMUs are for. But not every PC has those and the ones that do exist are not necessarily easy to use.

BTW, it doesn't even have to be malicious hardware. If an OS can be tricked into submitting bad requests, even perfectly ordinary hardware can read and write arbitrary memory.

_________________
Carpe diem!


Top
 Profile  
 
 Post subject: Re: viruses access hard disk directly without need of os
PostPosted: Fri Jan 27, 2023 2:53 pm 
Offline

Joined: Thu Jul 14, 2022 10:46 am
Posts: 24
Location: Canada
How does malicious software "trick" the OS? Can I have an example to study? Could that happen, say, on Windows 11 or any other modern main-stream OS?


Top
 Profile  
 
 Post subject: Re: viruses access hard disk directly without need of os
PostPosted: Fri Jan 27, 2023 2:57 pm 
Offline
Member
Member
User avatar

Joined: Fri Sep 03, 2021 5:20 pm
Posts: 91
jaihsonk wrote:
How does malicious software "trick" the OS? Can I have an example to study? Could that happen, say, on Windows 11 or any other modern main-stream OS?

I don't have specific examples, but if you pay close attention to the major tech news sites like The Register and Slashdot, you'll see that almost weekly (roughly speaking) a new vulnerability pops up in one of the major OSs. Privilege escalation vulnerabilities are the typically the ones that allow for that.

_________________
Writing a bootloader in under 15 minutes: https://www.youtube.com/watch?v=0E0FKjvTA0M


Top
 Profile  
 
 Post subject: Re: viruses access hard disk directly without need of os
PostPosted: Wed Apr 12, 2023 9:12 am 
Offline
Member
Member
User avatar

Joined: Sun Feb 20, 2011 2:01 pm
Posts: 110
Classic attack vectors apply to operating system kernels.

Don't validate the size of a buffer and strcpy() it? Now you've got malicious code in kernel space.

There's a reason a lot of modern OSes use Address Space Layout Randomisation, it makes it much harder to hit a target.

Various levels of rootkit exist - user mode privilege escalation is the most common. That's injection into a process running with a higher user privilege level - so e.g. a webserver running as root. The attack surface is minimised by not running servers as root, and giving them access to only the requisite resources.

Kernel mode rootkits - the attack surface is smaller than an arbitrary number of user processes, as this has to cross the syscall interface. But, if malicious code is run in kernel mode, it can call into drivers directly and bypass OS protections.

Bootkits - Infecting the bootloader. The virus is running before your OS is, and probably has its own drivers.

Hypervisor - The virus is running your OS in a virtual machine.

Firmware - viruses can infect the system firmware, they could even be ACPI routines in a modified DSDT.

There's even a proof of concept for infecting the Intel Management Engine (Ring -3).

_________________
Whoever said you can't do OS development on Windows?
https://github.com/ChaiSoft/ChaiOS


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Majestic-12 [Bot] and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group