Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


VMWare Detection?
.

  • To: <[EMAIL PROTECTED]>
  • Subject: VMWare Detection?
  • From: "Polazzo Justin" <[EMAIL PROTECTED]>
  • Date: Mon, 15 Nov 2004 08:18:17 -0500
  • Thread-index: AcTJ04MKDTrHrUksQkalxLGsix2SMwBQW8Gw
  • Thread-topic: VMWare Detection?
.
 
 2004-11-14 Shortly after Dave posted his Trip Report from Poland, I
started getting emails from people wanted to know "how to detect VMWare
using one instruction"... So, although I'm not the first one who
discovered this trick, I decided to put a short paper about it
accompanied by a simple C code. This trick is able to detect not only
VMWare, but any VMM running on Pentium processor. 

from http://invisiblethings.org/papers/redpill.html:

int swallow_redpill () {
       unsigned char m[2+4], rpill[] =
"\x0f\x01\x0d\x00\x00\x00\x00\xc3";
       *((unsigned*)&rpill[3]) = (unsigned)m;
       ((void(*)())&rpill)();
       return (m[5]>0xd0) ? 1 : 0;


We already knew VMWare was detectable, just not sure if this code made
it to everyone.

-JP
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.