flat assembler
Message board for the users of flat assembler.
  
|  Index
      > Main > Hypervisors - Challenges in Building Virtualization Software | 
| Author | 
 | 
| vid 05 Sep 2006, 13:41 Quote: and I think FASM can show it's power here mostly agree with that, especially because of it's ability to generate "unstandard" code formats. PS: i'm moving this thread to Main, and linking from important/interesting topics | |||
|  05 Sep 2006, 13:41 | 
 | 
| halyavin 10 Sep 2006, 07:45 But what happens it windows starts to use this technologies itself? You will have again a set of N problematic instructions. | |||
|  10 Sep 2006, 07:45 | 
 | 
| HyperVista 10 Sep 2006, 14:12 halyavin wrote:
 Quote: But what happens it windows starts to use this technologies itself? You will have again a set of N problematic instructions. Microsoft is very busy now writing their own hypervisor for inclusion in Windows (they are about two years away from completing it ... they are very behind schedule). In the absence of VMX and SVM support in the processor, you are correct, these instructions continue to be problematic. The work around solutions developed thus far by VMWare, Microsoft (Virtual PC), and others have resulted in effective, but slow and performace draining results. With VMX and SVM support in the processor, these issues go away because the loaded virtual machines actually run in multiple true ring0 and ring3 configurations. You will note that the common theme of most of the problematic instructions revovle around the VM being able to determine it's not running at ring0. VMX and SVM permit multiple ring0 and ring3 configurations silmultaneously. The result is virtualization software doesn't have to perform dynamic run-time trapping and binary translation of these problematic instructions. Right now, there are very few software products or applications that support VMX and SVM (Xen 3.0 does and so does Parallels). These two products are strictly hypervisors in that they facilitate launching of multiiple OSes. The VMX and SVM processors are relatively new and software hasn't caught up with this new technology just yet. Look at the sensational splash in the IT news recently over the Bluepill project (a hypervisor based rootkit utilizing AMD's SVM). http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html Intel has quite a few processors already on the market that support VMX. http://www.intel.com/products/processor_number/proc_info_table.pdf. I suspect most new processors from Intel and AMD will have support for virtualization from this point foward. Any new computers sold by Dell, Gateway, Toshiba, etc. will likely have virtualization support (VMX or SVM) built-in. Many users won't even know it's there because there are no application suites that take advantage of it .... yet.   If anyone on this board is interested in this new technology and writing FASM applications to demonstrate the power of hypervisor support in the new processors from Intel and AMD, I strongly urge you to do so. A few of us on this board are putting together a project that will showcase FASM's power in this area. More on that soon as we have something to show.   Can you tell this is a passion of mine??  | |||
|  10 Sep 2006, 14:12 | 
 | 
| okasvi 10 Sep 2006, 15:50 HyperVista wrote: Can you tell this is a passion of mine?? I think your nick already does tell us something  _________________ When We Ride On Our Enemies support reverse smileys |: | |||
|  10 Sep 2006, 15:50 | 
 | 
| Borsuc 22 Sep 2006, 15:09 Like I always said -- good old DOS, being simple and no protection, has many more possibilities than Windows.    If I understood correctly, this "virtualization in hardware" is actually needed to bypass the ring3 protection of the OS, no? It's cool, but it's kinda same as going back to DOS (I mean, it's no-protection)... finally people see that "too much protection is bad". Or did I understand something wrong? Sorry if so. Don't underestimate viruses -- they will take advantage of this soon  And Microsoft... they will employ super-ultra-mega protection to make this "multiple ring0" useless... don't tell me how, I know (just kiddin'). Think about it: we (humas) had to develop this virtualization thing just 'cause we (m$) are too greedy to share the source code... crappy capitalism  | |||
|  22 Sep 2006, 15:09 | 
 | 
| f0dder 22 Sep 2006, 15:21 The_Grey_Beast: you got things wrong   . This is not "multiple ring0", it's "multiple faked ring0"... and it is lots of protection, the hypervisor is the dictator in control. And the virtualization has nothing to do with "too greedy to share the source code". | |||
|  22 Sep 2006, 15:21 | 
 | 
| Borsuc 22 Sep 2006, 15:26 f0dder wrote: And the virtualization has nothing to do with "too greedy to share the source code".   What if the hypervisor is a virus? | |||
|  22 Sep 2006, 15:26 | 
 | 
| f0dder 22 Sep 2006, 15:30 Quote: 
 So is the NT kernel. If you're referring to XEN, that's something different. A pretty good idea IMHO, but theoretically it should be even harder to "break out" of a VMx. And, when the technology matures, it should be pretty fast as well (although XEN will probably remain faster, since it doesn't need to virtualize in the same way). Quote: 
 That would be nasty. It would be a major undertaking to make one, though... and there still aren't that many VMx enabled machines there yet. But it's a pretty good reason why any OS ought to either disable VMx (yep, can be done, and can't be turned on without reboot), or include a hypervisor. | |||
|  22 Sep 2006, 15:30 | 
 | 
| HyperVista 22 Sep 2006, 15:31 in a way, you are both right.  a malicious, or virus, hypervisor is a very, very big concern because the hypervisor is the "dictator" of the system..
 M$ is being greedy here too because they are "para-virtualizing" windows vista to provide support for SVM and VMX and they will "license" what they are calling "Windows Enlightenments" for 3rd party virtualization solution providers like vmware, paralles, (and hypervista).... "enlightenments" my ass!! Last edited by HyperVista on 22 Sep 2006, 15:38; edited 1 time in total | |||
|  22 Sep 2006, 15:31 | 
 | 
| f0dder 22 Sep 2006, 15:37 HyperVista: that does sound pretty nasty :/. In a way it's understandable though (let's forgot the money motive for now). If they let just everybody have the needed info, it might be just as bad as not running a hypervisor at all.
 Of course if "enlightened" modules don't need some crypto certificate, it will just be reverse engineered and only the good guys will suffer. | |||
|  22 Sep 2006, 15:37 | 
 | 
| HyperVista 22 Sep 2006, 15:47 f0dder - your comments are absolutely correct and insightful.  hypervisors do provide an extreme level of security, precisely for the reason you stated; "breaking out" of a VMX environment will be tremendously difficult.  it's the utlimate code and process "sandbox".
 there are quite a few VMX capable processors out there now (at last count, i think there were 15 or so separate Intel products, including their mobile centrino line and a few AMD products that support SVM). more than you imagine. many users do or will have VMX or SVM capable processors and don't even know/realize hypervisor capabilities are there. a malicious hypervisor would definitely be a nasty turn of events. | |||
|  22 Sep 2006, 15:47 | 
 | 
| f0dder 22 Sep 2006, 16:17 I'm quite aware of the number of *models* that support VMX - what I was referring to was the amount of deployed computers, especially end-user wise, that have such a CPU. Remember that the dangerous malware writers target the platforms with broadest availability, which is why we don't see mass-infection of linux and os-x (and why many people running linux servers don't know they've been backdoored   ). But of course there will be some proof-of-concept stuff, and eventually we might see ms-exploit worms utilizing VMX. It's going to take a lot of effort not to be detectable though. And you'll always be able to boot from a cd/dvd to check/clean (I don't see a generic bios flash infector as more than a curiosity). | |||
|  22 Sep 2006, 16:17 | 
 | 
| HyperVista 22 Sep 2006, 16:27 imho, absolutely correct.  i could not agree more!  uefi may change the landscape wrt bios types of attacks, though.
 are you in the software security business?? just curious... | |||
|  22 Sep 2006, 16:27 | 
 | 
| f0dder 22 Sep 2006, 16:31 Hm, haven't looked into uefi - got any links?
 Quote: 
 Nope, but I've been reverse engineering for about 10 years  - at the moment I have an mail-OCR-related job at www.post.dk until I finish some education and find some computer related work. | |||
|  22 Sep 2006, 16:31 | 
 | 
| HyperVista 22 Sep 2006, 16:44 re:  uefi -  this is a good place to start:  http://www.uefi.org/index.php?pg=1
 i find the pre-boot app capabilities very interesting  | |||
|  22 Sep 2006, 16:44 | 
 | 
| < Last Thread | Next Thread > | 
| Forum Rules: 
 | 
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.