viruses access hard disk directly without need of os

Discussions on more advanced topics such as monolithic vs micro-kernels, transactional memory models, and paging vs segmentation should go here. Use this forum to expand and improve the wiki!
Post Reply
wljackhero
Posts: 1
Joined: Fri Jan 13, 2023 3:24 am
Libera.chat IRC: wljackhero

viruses access hard disk directly without need of os

Post by wljackhero »

can a virus accesses hard disk directly without need of OS?
copy all instructions in device drivers and interrupts and etc. to skip OS's control.
Or how can an OS stop programs to do this?
I mean, OS will not inspect each instruction in a program before start executing them, right? So can a program gather all the instructions in device drive or something like that, and control hard drive all by itself?

newbie to OS dev, looking for any advice, thanks.
Octocontrabass
Member
Member
Posts: 5501
Joined: Mon Mar 25, 2013 7:01 pm

Re: viruses access hard disk directly without need of os

Post by Octocontrabass »

Modern OSes use the CPU's hardware privilege separation to stop ordinary programs from accessing the hardware. If you try to access hardware in an ordinary program, the CPU will tell the OS that your program is doing something it's not allowed to do, and the OS will stop your program.
User avatar
BigBuda
Member
Member
Posts: 104
Joined: Fri Sep 03, 2021 5:20 pm

Re: viruses access hard disk directly without need of os

Post by BigBuda »

Octocontrabass wrote:Modern OSes use the CPU's hardware privilege separation to stop ordinary programs from accessing the hardware. If you try to access hardware in an ordinary program, the CPU will tell the OS that your program is doing something it's not allowed to do, and the OS will stop your program.
Although some very advanced viruses may be able to jailbreak/do privilege escalation and skip a critical set of OS protections, by exploiting either OS or hardware attack vectors.
Writing a bootloader in under 15 minutes: https://www.youtube.com/watch?v=0E0FKjvTA0M
User avatar
iansjack
Member
Member
Posts: 4683
Joined: Sat Mar 31, 2012 3:07 am
Location: Chichester, UK

Re: viruses access hard disk directly without need of os

Post by iansjack »

If you are a newbie to OS development then you have a lot of years of learning before you need to worry too much about virus prevention in your OS. The truth is that until your OS is in widespread use no hacker is going to devote resources towards it.

It's difficult to go into too much detail answering your question as any useful information could be used by malicious actors.
rdos
Member
Member
Posts: 3268
Joined: Wed Oct 01, 2008 1:55 pm

Re: viruses access hard disk directly without need of os

Post by rdos »

I don't think an ordinary virus can do it, but malicious hardware certainly can. Hardware basically can do anything with PCIe bus mastering.
nullplan
Member
Member
Posts: 1760
Joined: Wed Aug 30, 2017 8:24 am

Re: viruses access hard disk directly without need of os

Post by nullplan »

rdos wrote:I don't think an ordinary virus can do it, but malicious hardware certainly can. Hardware basically can do anything with PCIe bus mastering.
That's what IOMMUs are for. But not every PC has those and the ones that do exist are not necessarily easy to use.

BTW, it doesn't even have to be malicious hardware. If an OS can be tricked into submitting bad requests, even perfectly ordinary hardware can read and write arbitrary memory.
Carpe diem!
jaihsonk
Posts: 24
Joined: Thu Jul 14, 2022 10:46 am
Libera.chat IRC: json
Location: Canada
Contact:

Re: viruses access hard disk directly without need of os

Post by jaihsonk »

How does malicious software "trick" the OS? Can I have an example to study? Could that happen, say, on Windows 11 or any other modern main-stream OS?
User avatar
BigBuda
Member
Member
Posts: 104
Joined: Fri Sep 03, 2021 5:20 pm

Re: viruses access hard disk directly without need of os

Post by BigBuda »

jaihsonk wrote:How does malicious software "trick" the OS? Can I have an example to study? Could that happen, say, on Windows 11 or any other modern main-stream OS?
I don't have specific examples, but if you pay close attention to the major tech news sites like The Register and Slashdot, you'll see that almost weekly (roughly speaking) a new vulnerability pops up in one of the major OSs. Privilege escalation vulnerabilities are the typically the ones that allow for that.
Writing a bootloader in under 15 minutes: https://www.youtube.com/watch?v=0E0FKjvTA0M
User avatar
bellezzasolo
Member
Member
Posts: 110
Joined: Sun Feb 20, 2011 2:01 pm

Re: viruses access hard disk directly without need of os

Post by bellezzasolo »

Classic attack vectors apply to operating system kernels.

Don't validate the size of a buffer and strcpy() it? Now you've got malicious code in kernel space.

There's a reason a lot of modern OSes use Address Space Layout Randomisation, it makes it much harder to hit a target.

Various levels of rootkit exist - user mode privilege escalation is the most common. That's injection into a process running with a higher user privilege level - so e.g. a webserver running as root. The attack surface is minimised by not running servers as root, and giving them access to only the requisite resources.

Kernel mode rootkits - the attack surface is smaller than an arbitrary number of user processes, as this has to cross the syscall interface. But, if malicious code is run in kernel mode, it can call into drivers directly and bypass OS protections.

Bootkits - Infecting the bootloader. The virus is running before your OS is, and probably has its own drivers.

Hypervisor - The virus is running your OS in a virtual machine.

Firmware - viruses can infect the system firmware, they could even be ACPI routines in a modified DSDT.

There's even a proof of concept for infecting the Intel Management Engine (Ring -3).
Whoever said you can't do OS development on Windows?
https://github.com/ChaiSoft/ChaiOS
Post Reply