Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Genetic method to detect the presence of anyvirtual machine
From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Date: Thu, 19 Oct 2006 20:29:02 +0100

Bipin Gautam wrote:
Microsoft Virtual Machine & VMWARE information disclosure
Vulnerability

Note: Though not limited to these two products, this trick can be used
as  an genetic method to detect the presence of any virtual machine

  Gene*R*ic.  The word you're looking for is "generic".  Genetic means to do 
with DNA and stuff.  Generic means universal, widespread, non-branded.

(Query Output inside Microsoft Virtual Machine)

Motherboard:
Company Brnad Name: Vmware, Inc VMware

Video Chipset & Video Memory information

System Manufacturer : VMware, Inc
Product Name: VMware Virtual Platform

( Output inside VMWARE )

Company Brnad Name: Microsoft Corporation Virtual Machine

Motherboard Modal: Microsoft Corporation Virtual Machine

  I think you got the two sets of query outputs mixed up as well.

Quering just few of the above mentioned information from inside the
virtual machine can IMMIDIATELY PROVE the presense of virtual machine,
not the actual system.

  True.  Is it possible to change them, short of binary patching the vm 
executable?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]