Tuesday, 18. August 2009, 16:41:46
QEMU, VirtualBox, VM detection, Bosch
...
Here it is. The long overdue result of the research for the remaining VM softwares I mentioned a year ago (
here). But first of all, I would like to note that this result is several months old since now I have PC upgraded and use newer software versions. I would also like to apologize and correct the "Red Pill" method variant "Scoopy". In the previous blog, I misspelled its name as "Scooby". My bad... The Scooby Doo's picture in the "On the Cutting Edge: Thwarting Virtual Machine Detection" white paper sure made me do the mistake. The cartoon image shouldn't be there in the first place. The white paper is a serious resource and the picture makes "Scoopy" a triffling matter. Not to mention that those pictures are copyrighted and the paper's author don't mention their copyright notice. Nuff said... Let's go back to the main topic.
OK, after some rather intensive testings, I've finally been able to gather quite amount of information. To make things simple, have a look at the table below. The bright red colored rows of the "VM Software" column indicates that the VM softwares in that configuration do not run at optimum speed or in compatibility mode. Please keep in mind that my standard for VM detection is that it must be runable under Microsoft Windows 9x/2000 and above in USER mode (ring 3) ONLY and does not require any third party software including device driver. Administrator privilege requirement is acceptable, but should be avoided. Safe mode Windows environment is fine with me. DOS based VM detection is acceptable (runnable in a DOS box) but is not the preferred method. Above all, the method should be able to detect at least the release build of the VM software. Detecting only a debug build of VM softwares are not acceptable since debug build are not available to all end-users.
| VM Software |
Backdoor |
Long Opcode |
TF+CF Bug |
I/LDTR Mod. |
IDTR DPL, S, Type |
LDTR Mod. |
| Bochs |
No |
No |
Yes |
No |
N/A |
No |
| Parallels (normal/high accel.) |
Yes |
Yes |
No |
Yes |
0, 1, 1 |
No |
| Parallels (no accel.) |
Yes |
Yes |
Yes |
No |
N/A |
No |
| Qemu (with KQEMU) |
No |
Yes |
No |
Yes |
3, 1, 0 |
Yes |
| Qemu (no KQEMU) |
No |
Yes |
Yes |
No |
N/A |
No |
| VirtualBox |
No |
No |
No |
Yes |
3, 0, 6 |
No |
| Virtual PC |
Yes |
Yes |
No |
Yes |
3, 0, 8 |
Yes |
| VMware (with directexec) |
Yes |
No |
No |
Yes |
3, 1, 15 |
Yes |
| VMware (no directexec) |
Yes |
No |
Yes |
No |
N/A |
No |
VM Software Versions Tested:
1. Bochs x86 2.3.6 (December 24, 2007) and x86-64 2.2.6 (January 29, 2006).
2. Parallels Workstation 2.2 build 2112.
3. Qemu 0.9.1 with and without KQEMU 1.3.0pre11. QVM86 is not tested since it's
obsolete.
4. innotek VirtualBox 1.5.2.
5. Microsoft Virtual PC 2007 6.0.156.0.
Guest Operating Systems Used With Testings:
1. Microsoft Windows 98 SE.
2. Microsoft Windows XP SP2 32-Bit.
Host System Configuration Used With Testings:
1. Iwill P4S with Intel 845 chipset.
2. Intel Pentium 4 1.6GHz Willamette.
3. 512MB of SDRAM.
Read more...
Thursday, 10. July 2008, 10:23:29
cic, converter, image, raw
...
OK, here's the second freeware that I want to made publicly available for anyone who is interested. This time it's my older, 7 years old freeware called CD-ROM Image Converter v1.10 (aka. CiC). It's the third revision as far as I can remember, and it has been discontinued.
The software title should be self explanatory, but I want to make it clear that it can only convert RAW disc images. What I mean by RAW is, plain disc image copy of the physical disc and doesn't contain any additional data from third party software(s). In other words, it can't convert disc images generated by (for example) Nero, CloneCD, BlindWrite, etc. CiC was designed for technical use and not for general use.
Like in my
previously posted freeware, the email address mentioned in the software is no longer active. So, if you have any quiestion, please post it via this blog. If you want to send private message to me, please register yourself to the Opera Community first. Also, even though my softwares are free, they're not open source and I won't make the source code freely available. But some softwares will, though.
Use the below link to download the software. The package is the same as the one 7 years ago.
Enjoy.
Download:
CDImgCvt (166,788 Bytes)
Tuesday, 17. June 2008, 16:34:05
compose, composing, petition, email
...
Recently, a new
thread in usually silent
Opera mail, chat and news forum emerged to gather Opera users in order to make a petition for requesting a HTML email composing feature in Opera which according to a user, should have been implemented in version 8 of Opera.
It's rather sad that Opera doesn't yet able to create HTML emails, where others have done it many years ago (even in their first release) which makes Opera looks like an unmatured internet client suite. Since it's a suite, the lack of email client features can make a scar as a whole - to the Opera. This can decrease the temptation for non Opera users to switch to Opera. That's bad, really bad.
This feature has been in debate for quite a long time. Arguing about HTML email security and its efficiency. But regardless of the outcome of that debate, it's a fact that HTML emails are becoming a requirement in some fields and industries. This "transition" is like telegraph to email, SMS to MMS, and Gopher to WWW.
For those who want this feature and indirectly make your favorite Opera a better internet client suite, can make your vote by registering yourself via this
website.
Showing posts 1 -
3 of 9.
WIDGETIZE