[Full-disclosure] Genetic method to detect the presence of anyvirtual machine
Dave "No, not that one" Korn
davek_throwaway at hotmail.com
Thu Oct 19 20:29:02 BST 2006
Bipin Gautam wrote:
> Microsoft Virtual Machine & VMWARE information disclosure
> Vulnerability
>
> Note: Though not limited to these two products, this trick can be used
> as an genetic method to detect the presence of any virtual machine
Gene*R*ic. The word you're looking for is "generic". Genetic means to do
with DNA and stuff. Generic means universal, widespread, non-branded.
> (Query Output inside Microsoft Virtual Machine)
> Motherboard:
> Company Brnad Name: Vmware, Inc VMware
>
> Video Chipset & Video Memory information
>
> System Manufacturer : VMware, Inc
> Product Name: VMware Virtual Platform
> ( Output inside VMWARE )
> Company Brnad Name: Microsoft Corporation Virtual Machine
> Motherboard Modal: Microsoft Corporation Virtual Machine
I think you got the two sets of query outputs mixed up as well.
> Quering just few of the above mentioned information from inside the
> virtual machine can IMMIDIATELY PROVE the presense of virtual machine,
> not the actual system.
True. Is it possible to change them, short of binary patching the vm
executable?
cheers,
DaveK
--
Can't think of a witty .sigline today....
Full-Disclosure is hosted and sponsored by Secunia.