Found, a new rootkit

[Tim]

Tim:
>> In the BIOS you get to set the address and IRQ that a serial port will
>> use.  You can also set power wake up options that wake up the PC if a
>> particular IRQ is activated.  If you set it to wake up when the IRQ used

Mike McCarty:
> Some things are getting conflated. First, none of the serial cards I use
> with MSDOS can be configured this way. They all use jumpers. What you
> are talking about is which IRQ will be used *if* an interrupt occurs.

This is a motherboard with built-in serial ports.  It uses the BIOS to
let you set the parameters for the I/O ports, the same as you'd use
jumpers on older cards.

Yes, and it's a case of when the serial port gets some use, it generates
an IRQ to get the CPUs attention.  Once that happens, the CPU interrupts
what it's doing and your (your own, the system, whatever) does something
based on current conditions.

>> by the serial port is activated (i.e. an external modem wake-on-ring
>> type of function), the PC will wake up (serial port activity causing an
>> IRQ signal, waking up the system).

> None of my systems supports any sort of sleep mode, except for a laptop
> which has been retired. So I'm not quite aware of where that boundary
> occurs. I'd think it is in the OS, not the BIOS, for a few reasons.
> Primarily, the OS is what knows what really needs to be saved/restored
> after a sleep mode shutdown.

This is a "wake" as in turn on again, no matter what the system state
was (e.g. could be sleep, or soft off).  And, in this case, it's a
function of the motherboard.  You don't even need any system software,
it's done by BIOS (you could remove the hard drive), and you'd get the
turned off systemboard come to life if your modem (or any other IRQ you
picked upon in your BIOS power management settings) triggered a wake up
event.

NB:  This is different from the ring indicator in the RS-232 line.
That's yet another event that can be used.

You can wake up the motherboard through the BIOS, which will *then* boot
up the system (if it can).  Or, you can have a halted OS that unhalts
when a wake up event happens, so your OS handles it instead of the BIOS.

All in all, that goes back to the idea that if your serial port has an
IRQ associated with it, which they can (*) do.  Any activity on the port
generates an IRQ (regardless of whether you've got software paying
attention to the serial port).  Such IRQs are important events that the
CPU pays attention to.  Now, if you haven't got software configured to
do something with the event, it doesn't go and do anything.  But the CPU
has been interrupted to check whether it should.

Want some IRQ fun?  Give someone a PS/2 mouse with an intermittent break
in the lead.  Nudging the cable sends a mass of IRQs thanks to the PS/2
port, which can bring Win98 to its knees for no obvious reason
(especially if the mouse still appears to work).  ;-)

* On boards like this, you *can* preset IRQs and addresses for a COM
port to use, much the same as jumpers on ye olde systems.  You set them
for plug and play, where the OS will configure them (or not).  Or you
can set them for AUTO, where the motherboard will assign IRQs and
addresses as it sees fit (which causes some older OSs no end of trouble,
if they don't auto-hardware discover each bootup, as interfaces can get
assigned different values each time).

-- 
(Currently running FC4, occasionally trying FC5.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.