Is there a way to detect if an application is running from within a virtual machine, like one set up with VMWare? Preferably in both Windows and Linux.
Printable View
Is there a way to detect if an application is running from within a virtual machine, like one set up with VMWare? Preferably in both Windows and Linux.
There was a thread a bout this a while back..
http://www.antionline.com/showthread...hreadid=268726
Also points to some example code.
Thanks! The link to http://www.codeproject.com/system/Vm...asp?print=true is very helpful, when I'm using a Windows client. But it is just a Windows example. Am not sure if the same trick can be used from a Linux client.
The redpill information at http://invisiblethings.org/papers/redpill.html is also useful but is it reliable? Thanks for the information.
I think following is something interesting in VMWARE detection.
Quote:
Jerry presents a very reliable method to determine if a current OS is running inside a VMware Virtual Machine (VM) or on a native system. This is accomplished by exploiting an undocumented "feature" of VMware
http://www.trapkit.de/research/vmm/jerry/jerry.htm
http://www.trapkit.de/research/vmm/s...scoopy_doo.htmQuote:
Scoopy doo presents one stupid and one reliable way to determine if a current OS is running inside a VMware Virtual Machine (VM) or on a native system. The next step would be breaking out of a VMOS. Let me know about your hints ;)
Thanks
I once read a paper, which I can't find right now, that has to do with detecting a virtual honeypot.
While you are not looking at detecting honeypots... the techniques may be useful.
http://www.securityfocus.com/infocus/1828 is one that talks a little about it, but I can't find the one I have in mind. I could have sworn it was on securityfocus... maybe sans...
Give these a look.
http://www.securityfocus.com/swsearc...eypots&x=0&y=0