-
> From: Jeff Epler [mailto:[EMAIL PROTECTED]
> Sent: March 18, 2006 12:01
> To: [EMAIL PROTECTED]
> Cc: bugtraq@securityfocus.com
> Subject: Re: Generically Determining the Prescence of Virtual Machines
>
> I ran the code at the end of 'vm.pdf' inside qemu 0.8.0
>
ining the Prescence of Virtual Machines
At OffensiveComputing we were looking at ways to detect virtual machines and
had found and discarded many unsophisticated methods such as looking for
VMWare Tools running as a service or VMWare related registy keys, etc. Then
we discovered Joanna Rutkowska&#
I ran the code at the end of 'vm.pdf' inside qemu 0.8.0 running a debian
linux system. The host system was a single core amd64 machine running
fedora linux. I believe that 'kqemu' acceleration may be in use, but
I'm not sure.
I modified the source code to use gcc-style inline assembly, e.g.,
At OffensiveComputing we were looking at ways to detect virtual machines and
had found and discarded many unsophisticated methods such as looking for VMWare
Tools running as a service or VMWare related registy keys, etc. Then we
discovered Joanna Rutkowska's very interesting "Redpill" method. Th
