From Collaborative RCE Knowledge Library

Jump to: navigation, search

Undocumented trick : Direct access to Physical Memory on AMD K7

Item name: Undocumented trick : Direct access to Physical Memory on AMD K7
Rating: 0.0 (0 votes)
Author: Czernobyl aka Czerno                        
Home URL: http://www.czerno.tk
Last updated:
Version (if appl.):
Direct D/L link: N/A
Description: GenericIA32 Intel architecture does not provide for direct access to *physical* memory addresses in paged, protected mode. On Athlon XP and similar AMD K7 processors, however, the undocumented MSR _C0010115_ opens a read/write window into physical memory, available in all modes at CPL zero.

For more details, please see my blog (URL below).

The Forum has a discussion of whether this trick is a theoretical vulnerability.
Related URLs:
My blog entry with full details:
http://blogs.mail.ru/mail/czernobyl/99E0961664ED43E.html
forum thread where this was announced and security concerns discussed:
http://www.woodmann.com/forum/showthread.php?13945-Fantastic-bypass-segmentation-AND-paging-access-phys-memory


RSS feed Feed containing all updates for this item.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the item above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Tools