Re: [Qemu-devel] Have any ideas about how to detect whether a program is

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Have any ideas about how to detect whether a program is

From:	Kevin F. Quinn
Subject:	Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?
Date:	Fri, 7 Jul 2006 01:21:14 +0200

On Thu, 6 Jul 2006 16:46:40 -0400
Daniel Serpell <address@hidden> wrote:

> But there is a way to detect virtual machines under x86, see
> http://invisiblethings.org/papers/redpill.html
> 
> But if you run qemu without direct instruction copying, it won't
> work (and qemu will run slower), because qemu will correctly
> emulate the unprivileged instructions.

Out of interest, sidt returns limit:base 07ff:c0372000 on my
host, and 07ff:f0050000 on a linux guest with kqemu, and 07ff:c04b5000
on the same linux guest without kqemu, which illustrates the point.

I used the following code:

#include <stdio.h>
int main(int argc, char **argv) {
        unsigned char idtr[6];
        __asm__ ("sidt %0" : "=m" (*&idtr));
        fprintf(stdout,
                "IDTR: limit %2.2x%2.2x base %2.2x%2.2x%2.2x%2.2x\n",
                idtr[1],idtr[0],idtr[5],idtr[4],idtr[3],idtr[2]);
}

which doesn't need executable heap (my kernel is PaX-enabled), unlike
the redpill version, but is gcc-specific.

-- 
Kevin F. Quinn

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?, James Lau, 2006/07/06
- Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?, Natalia Portillo, 2006/07/06
- Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?, John R. Hogerhuis, 2006/07/06
  - Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?, James Lau, 2006/07/06
    - Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?, Kevin F. Quinn, 2006/07/06
    - Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?, Jan Marten Simons, 2006/07/06
    - Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?, James Lau, 2006/07/06
    - Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?, Jamie Lokier, 2006/07/06
    - Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?, Daniel Serpell, 2006/07/06
    - Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?, Kevin F. Quinn <=
    - Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?, G Portokalidis, 2006/07/07
    - [Qemu-devel] Re: Have any ideas about how to detect whether a program is running inside QEMU?, Anthony Liguori, 2006/07/07
    - [Qemu-devel] Re: Have any ideas about how to detect whether a program is running inside QEMU?, Anthony Liguori, 2006/07/06

Prev by Date: Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?
Next by Date: [Qemu-devel] Re: Have any ideas about how to detect whether a program is running inside QEMU?
Previous by thread: Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?
Next by thread: Re: [Qemu-devel] Have any ideas about how to detect whether a program is running inside QEMU?
Index(es):
- Date
- Thread