Honeypots mailing list archives
Re: VirtualPC detection?
From: Maximillian Dornseif <dornseif () informatik rwth-aachen de>
Date: Sat, 19 Feb 2005 17:31:26 +0100
On 2005-02-08 22:02:25 +0100, Maximillian Dornseif <dornseif () informatik rwth-aachen de> said:
Now I wonder if anybody is aware of specialized code for detection full scale processor emulations like VirtualPC for Mac, bochs and qemu. Any pointers?
Thanks for your interesting pointers according the issue. With VirtualPC it turned out, that we have the same issues than with VMware. The devices have names like "VirtualHD" and "VirtualCD". Also the CPUID is "ConnectixCPU" - at least with VirtualPC 6.0 - maybe with 7.0 it is "MicrosoftCPU".
One interesting thing is that with Xen, which is a VMM technology to be included in the Linux mainstream Kernel in near future, also a Xen enabled host machine is considered "in the matrix" according to the RedPill tool (http://invisiblethings.org/papers/redpill.html#).
Thanks again for the interesting pointers. Regards Max -- Maximillian Dornseif, Dipl. Jur. Laboratory for Dependable Distributed Systems, RWTH Aachen University Tel. +49 241 80-21431 - http://md.hudora.de/
Current thread:
- VirtualPC detection? Maximillian Dornseif (Feb 08)
- Re: VirtualPC detection? Dragos Ruiu (Feb 08)
- Re: VirtualPC detection? Frédéric Raynal (Feb 09)
- Re: VirtualPC detection? Dragos Ruiu (Feb 09)
- Re: VirtualPC detection? Frédéric Raynal (Feb 09)
- Re: VirtualPC detection? Maximillian Dornseif (Feb 19)
- Re: VirtualPC detection? Dragos Ruiu (Feb 08)