2011. 11. 29. 14:24, 유용한 지식 자료들/Anti Reversing 기법
This is another method for detecting VMware
영화 메트릭스에서 네오가 먹은 빨간 알약. 가상현실임을 깨닫게 해준 알약 - Red Pill
RedPill is based on checking the Interrupt Descriptor Table (IDT). NoPill uses
a similar technique, but checks another register, the Local Descriptor Table
(IDT). More info on this can be obtained from Joanna’s webpage31, and in [10].
Both techniques are based on the simple fact that any machine, virtual or
not, will need its own instance of some registers. Systems such as VMware will
create dedicated registers for each virtual machine. These registers will have
a different address than the one used by the host system, and by checking the
value of this address, the virtual system’s presence can be detected.
...
영화 메트릭스에서 네오가 먹은 빨간 알약. 가상현실임을 깨닫게 해준 알약 - Red Pill
RedPill is based on checking the Interrupt Descriptor Table (IDT). NoPill uses
a similar technique, but checks another register, the Local Descriptor Table
(IDT). More info on this can be obtained from Joanna’s webpage31, and in [10].
Both techniques are based on the simple fact that any machine, virtual or
not, will need its own instance of some registers. Systems such as VMware will
create dedicated registers for each virtual machine. These registers will have
a different address than the one used by the host system, and by checking the
value of this address, the virtual system’s presence can be detected.
...
'유용한 지식 자료들 > Anti Reversing 기법' 카테고리의 다른 글
| 안티 디버깅(anti-debugging) 기법들 (0) | 2011.11.29 |
|---|---|
| CMPXCHG8B and LOCK (0) | 2011.11.29 |
| OpenRCE Anti Reverse Engineering Techniques Database (0) | 2011.11.29 |
| windows-anti-debug-reference (0) | 2011.11.29 |
| 안티안티모니터링을 위한 API (0) | 2011.11.21 |
Comments, Trackbacks
