MBR based file scanning

closed account (G309216C)
Hi,

Before I begin with asking a question, I want to share what I have done so far in order to thin down confusion regarding my question, I have successfully loaded Windows OS by creating a boot-loader in order to load the OS.
It might be suspicious, but I am creating a MBR based persistence module for AV therefore I can prevent Malware from removing the AV from system, that way if the AV is removed the system will boot up simple persisting back to original state again.
The boot-loader really performs no useful function's as for now except hook well known Interrupts, although the actual functionality lies in the Ring0 mode rather than in MBR mode aka Sector 0. As MBR level does not offer much functionality to interact even if so it is way to difficult to think of it. Therefore I am asking for help.

How can I interact with OS such as see if a File Exists on Windows from the boot-loader. I know I can check from Ring0 but if it is possible to do it with MBR it can completely revolutionize my project.
Topic archived. No new replies allowed.