|
userland memory to Ring 0 for boothing up linux
Booting Linux from ohter Operating Systems (with out multi/rebooting)
Back around 5 years ago (or more?) they had an OS called BeOS. It ran on nost things, PPC,OldMac,x68,etc,etc... But they had a bigger trick.. it allowed an installation of a BeOS shortcut to OTHER Operating systems. I'm NOT talking about emulation, userland linux or multi boot... eg) in windows, double click and execute this link, and somehow, the program takes over the cpu, along with address of aready loaded drivers, and boots the BeOS, taking total controll over the system...and even using drivers of other OS's... The consept is, you have a application, that starts from userland memory. It gains (through loopholes in the other OS's) enough privilidge to acsess rong 0 of the CPU, and gets address of the BeOS and (probably) loads OS bootloder into memory, and WOW. It loads the BeOS... Thecnicay it is S.I.C.K. but it is possible... The nutty peple(with full compliment) in BeOS team has shown it (It was called BeLoader) Only problem is...It wasn't open sorse at the time... I am currently stuck, where this might be the only way for booting / inplimenting linux... Reverse Engeneering of the full boot sequence code in asm has failed, looks like someone was on CAT while they wrote this spagetty code... Is any one out there to know the technical details of the great work??? Would be an extra trick up the sleeve for Linux if it can be loaded from an shortcut in windows desktop (and taking over windows) hehe. SeeYa! |
There's a program called Loadlin that will boot Linux from DOS, you might want to take a look at it. If I had to guess about this, I would guess that the BeLoader did that by using some of the hooks in Windows that allowed old DOS programs to run ... I could be completely wrong on that, though. It would be interesting to know.
|
Yep, I've aready looked into that...Thanks anyway :)
There is also a patch to allow it be used from windows(9X), but It's done by terminating windows beforehand, so there's nothing new there. Furthermore, I could get the sourse code, but development has halted somewhere around 1998 or 1999 from my memories. and It's unlikely they will bring a update for current OS's. What BeOS did was kind of a 10point trick at the time(94'), we could probably call it torjan/stealth virus kind of thing these days since the program forces it self to higher privilidge. some sites (eg- phrack.org) seems to still manage to publish methods of getting into ring 0 from userland,on the Windows NT(inc Xp/2000) series kernel. (various artics focus on getting back to windows safely, with out getting detected, but none for a positive use YET...) I have not seeen anyone go from there to managing a kernel boot... WindowsM$ dosen't like these articles published, so resourse is scare at the moment. The most important point is, (assuming I can work out the entry and types ) I could load data/drivers from the previous OS. (On PPC(mac), Be managed to operate more devices then from booting up cold... :p) The 2.6 kernel implimented new memory managenent, so it should be worth a shot, dinamically hijacking the windows memory structure. WinXP-start->AllPrograms->HijackToLinux2.6 Wouldn't you want to try It... I would... greets. McDe |
|
Not yet there...yet.
Taken from http://amigolinux.org/docs/killbill.htm
>If you want to boot a linux system where the root file system is on a Linux Native > partition, you'll need to copy the kernel to a FAT partition along with loadlin.exe >and linux.bat. See the linux.bat file and follow the directions in README.1ST >for editing the file Yes, What I have briefly mentioned is going from userland mem to ring 0(where the OS works) <- means internally inWINNT/XP/2000 because, in win9x, they don't give a%#@^& about things like that... With full compliment, your answer is correct, but limited in the type of OS's to 9x series. Remember in the old days, from win9x, you ran debug, and did int to force reading the 0x000000 address, trus (not recommended but) rebooting your PC(Don't pick on me, this is just a lame example, just proof of concept thing) You were able to do that because you (practically) had direct hardware access. Not in the new NT/XP/2000 kernel... But, by allowing various tricks used by virus and Trojan houses, you can gain enough privilege in these new OS's(although not recommended) to allow your USERLAND code (Ring 3) to be run as ring 0 (high privilege, in CPU). From here, you have direct hardware access, so in theory, nutty people (like the guys from BeOS developers team) should be able to write a boot loader, that maps the linux kernel into the memory, and trus boot linux(with added info from previous OS's). And in this approach, you don't need to store your linux kernel into any other partition (theoretically, as long as you somehow get the address where it is stored). while also allowing 'hijacking' other device drivers, that were meant to run on other OS's, it can (and will) be used (provided you make a intercommunication mechanism of windows device driver file structures and the Linux norm way) to run 'Linux Unsupported Devices' from linux. It has been done in PowerPC(The Macs), from BeOS. With the 2.6 kernel, linux could... Loadlin, unfortunately does not do these things... They just invoke(through DOS). So I nEEEEEEd technical papers of BeOS loader, and combine it with the Linux boot loader, AND THEN I can create a application that runs on Windows NT kernel, form userland, that 'Dynamically' loads linux kernel, etc, etc... A long way ahead... That's one of the reasons I am posting here... |
| All times are GMT -5. The time now is 10:48 AM. |