Dailydave mailing list archives
Re: Generically Determining the Prescence of Virtual Machines
From: Joanna Rutkowska <joanna () invisiblethings org>
Date: Tue, 21 Mar 2006 00:17:38 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 listlurker () doctorunix com wrote:
Quoting valsmith <valsmith () metasploit com>:At OffensiveComputing we were looking at ways to detect virtual machines and had found and discarded many unsophisticated methods such as looking for<snip> I read your paper with interest. At the risk of being obtuse, why not query the list of adapters connected to the PCI bus? They are all fake and are very predictable in how they behave and identify themselves according to each release of VMware. For example, the video card is always set to a mfg id of "vmware" and does not seem to be changeable.
It will work, but is just not as generic and funny as the other techniques IMHO... And it's all about having some fun from life, isn't it? ;) j. -----BEGIN PGP SIGNATURE----- iD8DBQFEHzgRORdkotfEW84RAiTYAJ0es4rQQ21sDv/dNBZQ2VeImqiraACePsNO Rom/Du7osgRIqY4yy6r5d/k= =gNhX -----END PGP SIGNATURE-----
Current thread:
- Generically Determining the Prescence of Virtual Machines valsmith (Mar 16)
- Re: Generically Determining the Prescence of Virtual Machines Pusscat (Mar 17)
- Re: Generically Determining the Prescence of Virtual Machines pageexec (Mar 18)
- Re: Generically Determining the Prescence of Virtual Machines listlurker (Mar 20)
- Re: Generically Determining the Prescence of Virtual Machines Joanna Rutkowska (Mar 20)
- Re: Generically Determining the Prescence of Virtual Machines Arun Koshy (Mar 20)
- Re: Generically Determining the Prescence of Virtual Machines Joanna Rutkowska (Mar 20)
- Re: Generically Determining the Prescence of Virtual Machines Pusscat (Mar 17)