Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Genetic method to detect the presence of anyvirtual machine

From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Date: Thu, 19 Oct 2006 20:29:02 +0100
Bipin Gautam wrote:

Microsoft Virtual Machine & VMWARE information disclosure
Vulnerability

Note: Though not limited to these two products, this trick can be used
as  an genetic method to detect the presence of any virtual machine


  Gene*R*ic.  The word you're looking for is "generic".  Genetic means to do 
with DNA and stuff.  Generic means universal, widespread, non-branded.


(Query Output inside Microsoft Virtual Machine)



Motherboard:
Company Brnad Name: Vmware, Inc VMware

Video Chipset & Video Memory information

System Manufacturer : VMware, Inc
Product Name: VMware Virtual Platform



( Output inside VMWARE )



Company Brnad Name: Microsoft Corporation Virtual Machine



Motherboard Modal: Microsoft Corporation Virtual Machine


  I think you got the two sets of query outputs mixed up as well.


Quering just few of the above mentioned information from inside the
virtual machine can IMMIDIATELY PROVE the presense of virtual machine,
not the actual system.


  True.  Is it possible to change them, short of binary patching the vm 
executable?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: