Full Disclosure mailing list archives
Re: Genetic method to detect the presence of anyvirtual machine
From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Date: Thu, 19 Oct 2006 20:29:02 +0100
Bipin Gautam wrote:
Microsoft Virtual Machine & VMWARE information disclosure Vulnerability Note: Though not limited to these two products, this trick can be used as an genetic method to detect the presence of any virtual machine
Gene*R*ic. The word you're looking for is "generic". Genetic means to do with DNA and stuff. Generic means universal, widespread, non-branded.
(Query Output inside Microsoft Virtual Machine)
Motherboard: Company Brnad Name: Vmware, Inc VMware Video Chipset & Video Memory information System Manufacturer : VMware, Inc Product Name: VMware Virtual Platform
( Output inside VMWARE )
Company Brnad Name: Microsoft Corporation Virtual Machine
Motherboard Modal: Microsoft Corporation Virtual Machine
I think you got the two sets of query outputs mixed up as well.
Quering just few of the above mentioned information from inside the virtual machine can IMMIDIATELY PROVE the presense of virtual machine, not the actual system.
True. Is it possible to change them, short of binary patching the vm executable? cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Genetic method to detect the presence of any virtual machine Bipin Gautam (Oct 19)
- Re: Genetic method to detect the presence of anyvirtual machine Peter Ferrie (Oct 19)
- Re: Genetic method to detect the presence of anyvirtual machine Dave "No, not that one" Korn (Oct 19)
- Re: Genetic method to detect the presence of any virtual machine Bipin Gautam (Oct 19)