flat assembler
Message board for the users of flat assembler.
Index
> OS Construction > detecting Virtual Machine |
Author |
|
CandyMan 03 Oct 2011, 17:46
What method you know in order to detect virtual machine?
|
|||
03 Oct 2011, 17:46 |
|
DJ Mauretto 03 Oct 2011, 18:51
There are many ways that you can detect virtual machines,
Usually this VM use old Chipset HW, you can scan PCi for this.. Also in SMBios you'll find the string Bochs, Microsoft virtual machine and so on.. Every VM is detectable, open you mind Example: Code: Qemu PCI is: Vendor ID Device ID 8086 1237 82440LX/EX PCI & Memory 8086 7000 82371SB PIIX3 PCI-to-ISA Bridge (Triton II) 8086 7010 82371SB PIIX3 IDE Interface (Triton II) 8086 100E 82540EM Intel Pro 1000/MT 1013 00B8 CL-GD5446 64-bit VisualMedia Accelerator 1274 5000 ES1371 AudioPC Qemu report also CPUID with CPU name = QEMU virtual cpu version ....... _________________ Nil Volentibus Arduum |
|||
03 Oct 2011, 18:51 |
|
edfed 03 Oct 2011, 19:42
maybe one day, everybody will use the way of bochs...
it is something needed i think, it will give work to some standardisation organism, and it will give some reliable way for everybody around virtual/real machines. because if you know you are in a vm, you can think differentlly your applications. as VM can be everywhere, even in firefox if we have a plugin for, it can become very cool, and may let you code in asm, in a web editor, compile using a distant server, or a plugin in firefox...depends on what is to be coded. if there is a shared project, with no source in clients, and only a centralizing server, it will be different than just the editor in firefox, and the compiler in firefox, working on some file, with possibility to save on local, or on server. that's what can be possible with VM detection, and it i forgot a lot of things. it can make man dream CPUID is a good solution, if not the best. |
|||
03 Oct 2011, 19:42 |
|
Goplat 03 Oct 2011, 20:31
There's good reason to make VMs not detectable (or at least make it possible to turn detectability off). It has become common for programs to include both desirable and malicious functionality (for example: any game that installs a kernel-mode driver for copy protection). VMs ideally let you use these programs without letting them screw with your system, but if VMs are easily detectable the programs will be written to just refuse to run in them.
|
|||
03 Oct 2011, 20:31 |
|
cod3b453 04 Oct 2011, 22:17
As others have mentioned, each VM usually has a uniquely identifying device ID or device vendor ID somewhere.
To add to your list, Virtual Box can be spotted from: - The VESA vendor string "...VirtualBox..." - Display controller - PCI vendor 80EE, device BEEF - Memory controller - PCI vendor 80EE, device CAFE - CD vendor string "VBOX CD-ROM" (probably HD too) |
|||
04 Oct 2011, 22:17 |
|
smiddy 07 Oct 2011, 18:07
Coty wrote: Here is some code Smiddy posted on Dex's old forum, it will detect VM, VPC, and Bochs. Whoa! I wrote that ages ago... I have heard, but haven't tested, that things have changed a lot with virtual machines. This is older code, so YMMV (Your mileage may vary). |
|||
07 Oct 2011, 18:07 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.