Generically Determining the Prescence of Virtual Machines

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Generically Determining the Prescence of Virtual Machines
From: valsmith@xxxxxxxxxxxxxx
Date: 17 Mar 2006 21:19:22 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

At OffensiveComputing we were looking at ways to detect virtual machines and 
had found and discarded many unsophisticated methods such as looking for VMWare 
Tools running as a service or VMWare related registy keys, etc. Then we 
discovered Joanna Rutkowska's very interesting "Redpill" method. This was an 
eye opening work for us. After spending a little time playing with it we 
realized it wasn't fool proof on multiprocessor systems and so we decided to 
research the problems and possible ways to improve on the method. We discovered 
and implemented an improved method which is presented in the this paper.

http://www.offensivecomputing.net/papers/vm.pdf

thanks, 

V.

Follow-Ups:
- RE: Generically Determining the Prescence of Virtual Machines
  - From: Burton Strauss
- Re: Generically Determining the Prescence of Virtual Machines
  - From: Jeff Epler

Prev by Date: Re: Remote overflow in MSIE script action handlers (mshtml.dll)
Next by Date: Symantec Security Advisory SYM06-004
Previous by thread: XCon2006 Call For Paper
Next by thread: Re: Generically Determining the Prescence of Virtual Machines
Index(es):
- Date
- Thread