Bugtraq mailing list archives

Generically Determining the Prescence of Virtual Machines

From: valsmith () metasploit com
Date: 17 Mar 2006 21:19:22 -0000

At OffensiveComputing we were looking at ways to detect virtual machines and had found and discarded many 
unsophisticated methods such as looking for VMWare Tools running as a service or VMWare related registy keys, etc. Then 
we discovered Joanna Rutkowska's very interesting "Redpill" method. This was an eye opening work for us. After spending 
a little time playing with it we realized it wasn't fool proof on multiprocessor systems and so we decided to research 
the problems and possible ways to improve on the method. We discovered and implemented an improved method which is 
presented in the this paper.

http://www.offensivecomputing.net/papers/vm.pdf

thanks, 

V.

Current thread:

Generically Determining the Prescence of Virtual Machines valsmith (Mar 17)
- Re: Generically Determining the Prescence of Virtual Machines Jeff Epler (Mar 20)
- RE: Generically Determining the Prescence of Virtual Machines Burton Strauss (Mar 20)
- <Possible follow-ups>
- RE: Generically Determining the Prescence of Virtual Machines Thomas Guyot-Sionnest (Mar 20)