<<< Date Index >>>     <<< Thread Index >>>

Re: EEYE: Windows VDM #UD Local Privilege Escalation



On Wed, 13 Oct 2004 05:45:50 +0100, in local.bugtraq you wrote:

>This vulnerability is located in a portion of the Windows kernel that
>handles some low-level aspects of executing 16-bit code inside a Virtual
>DOS Machine (VDM).  A certain invalid opcode byte sequence is used in
>the 16-bit DOS emulation code to pass requests (referred to as "bops")

AIRC BOP meant "BIOS Operation". It was the mechanism used in SoftPC
to transfer control from the emulated Intel world to the native world
on which the emulator was running. Most of the BIOS in the early
SoftPC versions consisted of very short sequences of Intel code ending
in a BOP. It was originally a different opcode but when we switched
from emulating an 8086 to an 80286 that was no longer an illegal
instruction so we changed it to C4C4.

jim hatfield