[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28.

  • To: Anton Belousov <blsv.anton@xxxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Mon, 29 Nov 2021 18:30:58 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bh2oLnyUD2hYXm6BLhEb/7ManCAKZM5/xuF/bUALGS4=; b=ndCiKOkB+zg9PRQCR4UAzrdT0FLgdqjFGAxZYlEtx7xwHNiwfQRm0HPSsS/d15ylMgU5+gwmzQR7zV4n7JgxQZ6FeTSR1tvuV7dgjkLz/IElwIo4otEitqKz9zvRz+ZwVssDBtWliCeYugBPgKPBVWHE4p8mkUYcIDmAm9uZx1O0L0TC2Xx093IW5zbXqnkWsNQlRtjsoNJ0cX+XrxO6OEWrAWUwOyk1Zg3rr1nNCEa9Xc1/e4AiW2R6Q4I02i4Z+AKX/5i0mHkAS1/fSslH7C3nzLroA8BUffRRE1IyQqpcIwvKGhImJBiyW4kVxmWUNlWhQ5THCFYg1NCF8fE1eQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZyOcw6io0S10oFYvubONMNhKx9gl2mYA2PGPwR9QWXauF/hKIVtbe2ihRwVjJc3Cdd0A+bQDaLGGpOiMMc/2RqYcVMV6r05NmTxGlDpLAXT6hhSXMwKPfA2+fVPxs0A3kRCru+719iqgSxSWUUOQ/EyBQ069WfedglhViAChnrbZjhkA8Y/MpIddOtSGeqdpxuf7FcVTJPcQzpbYFTa+vyf3hyg+LexmMA3clHIUMloLCgxKbCmJ6Z6X5Y+7/Osl4ilG5yrPNh6u9sqJKNoe/5C91pH0/5hF7niuybRlFyOsOmzdouC9bWX4Eya6I5haFGackhyM9KbIFKdCd6J4ww==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>
  • Delivery-date: Mon, 29 Nov 2021 17:31:43 +0000
  • Ironport-data: A9a23:yjq3fq/iL3G6yRnIbRgFDrUDe3mTJUtcMsCJ2f8bNWPcYEJGY0x3n DBOWziHP/qKZWb1L991aYrn8k1QscPSz9NlGgs5+C48E34SpcT7XtnIdU2Y0wF+jyHgoOCLy +1EN7Es+ehtFie0Si9AttENlFEkvU2ybuOU5NXsZ2YhGmeIdA970Ug6wrdj09Yx6TSEK1jlV e3a8pW31GCNg1aYAkpMg05UgEoy1BhakGpwUm0WPZinjneH/5UmJMt3yZWKB2n5WuFp8tuSH I4v+l0bElTxpH/BAvv9+lryn9ZjrrT6ZWBigVIOM0Sub4QrSoXfHc/XOdJFAXq7hQllkPh92 uwclZqXUzxyfYrlxOc2aSAbFyhHaPguFL/veRBTsOSWxkzCNXDt3+9vHAc9OohwFuRfWD8Us 6ZCcXZUM07F17neLLGTE4GAguw5K8bmJsUHs2xIxjDFF/c2B5vERs0m4PcFjGhg2Z0QRp4yY eIibWQxLwnpPSYMFXdPMKsQsbv212XWJmgwRFW9+vNsvjm7IBZK+KfpGMrYfJqNX8o9tkeHp ErW8mLhGBYYOdeDjz2f/RqEhOXCgCf6U4I6D6Cj+7hhh1j77mYXEwNQXF2npv+RhUu3WtYZI EsRkgI+oK53+EG1Q93VWxyjvGXCrhMaQ8BXEeAx9EeK0KW83uqCLjFaFHgbMoVg7ZJoA2xxv rOUoz/3LTB9iey1T1WHzezXihruOgMvFCwGbBZRGGPp/OLfiI00ixvOSPNqH6i0ksD5FFnM/ tyakMQtr+5N1JBWjs1X6XiC2mvx/caREmbZ8y2OBjr9hj6VcrJJcGBBBbLzyf9bZLiUQVCa1 JTvs5jPtbteZX1hecHkfQnsIF1Lz6vdWNE/qQQ2d3XEy9hK0yT9Fb28GBkkeC9U3j8sIFcFm nP7twJL/4N0N3C3d6JxaI/ZI510lvi5T4i6DKuNPoYmjn1NmOmvpnsGiam4hT6FraTRuftnZ cfznTiEUB729piLPBLpHrxAgNfHNwg1xH/JRICT8vhU+eH2WZJhcp9caAHmRrlgtMus+VyJm /4CZ5ri40gOC4XWP3iImbP/2HhXdBDX87it8JcJHgNCSyI7cFwc5wj5nel8Jtc7xvsNzY8lP BiVAydl9bY2vlWeQS2iYXF/crL/G5F5qHMwJys3Oli0nXMkZO6SAG03LvPbpJErq75uy+BaV f4Ad5nSC/hDUG2fqT8ccYP8vMppcxHy3VCCOC+sYT4eeZ98RlOWpo+4L1W3rCReXDCqscYeo qG70l+JS5Q0WAk/Xt3db+iizg3tsCFFyv5yRUbBPvJaZF7orNpxMyX0g/Jue5MMJBzPyyG0z QGTBRtE9+DBr5VsqIvChLyerpfvGOx7RxIIE27e5LewFC/b4mv8ntMQDLfWJWjQDTqm9r+ja ONZy+DHHMcGxFsa4ZBhF7tLzL4l44e9rbFt0Qk5Tm7AaE6mC+08LyDej9VPrKBE2pRQpRCyB hCU4tBfNLiEZJHlHVoWKFZ3Z+iPz6hJyDzb7PBzK0Tm/i5nurGAVBwKbRWLjSVcKppzMZ8kn rh96JJHtVTnh0p4KMuCgwBV63+Ify4JXKgQv50HBJPm11gwwVZYbJ2AUiL77fljsTmX3pXG9 tNMuJf/ug==
  • Ironport-hdrordr: A9a23:OZhkbKkVVDdO4VvPSWTujuwUjJnpDfPKimdD5ihNYBxZY6Wkfp +V8sjzhCWatN9OYh0dcLC7WJVpQRvnhPhICK0qTMqftWjdyRGVxeRZjLcKrAeQfhEWmtQtsZ uINpIOdOEYbmIK/PoSgjPIa+rIqePvmMvD6Ja8vhUdPT2CKZsQlDuRYjzrbHGeLzM2fKbReq Dsgfau8FGbCAsqh4mAdzM4dtmGg+eOuIPtYBYACRJiwA6SjQmw4Lq/NxSDxB8RXx5G3L9nqA H+4kDEz5Tml8v+5g7X1mfV4ZgTsNz9yuFbDMjJrsQOMD3jhiuheYwkcbyfuzIepv2p9T8R4Z TxiiZlG/42x2Laf2mzrxeo8w780Aw243un8lOciWuLm72xeBsKT+56wa5JeBrQ7EQt+Ptm1r hQ4m6fv51LSTvdgSXU/bHzJlBXv3vxhUBnvf8YjnRZX4dbQqRWt5Yj8ERcF4pFND7m6bogDP JlAKjnlbhrmGuhHjPkV1RUsZ6RtixZJGbCfqFCgL3b79FupgE486NCr/Zv2kvp9/oGOu95Dq r/Q+NVfYp1P70rhJRGdZA8qPuMex/wqC33QRevyHTcZek60iH22tXKCItc3pDfRHVP9up1pK j8
  • Ironport-sdr: ef4gBSJ4CizeDOYr9GbQ1a1r/j8ZZ+7qPY9SQfV265TLvneB8/RuI1BlZOeNMCEPSsshZ9ypU7 W42UAk/n7Yu7EkmVt0uxVSoRNzVGVMUZTRRb6jly+dQ0sNfI8W85OY5vWAa3dQo2LfCdTopK+V YuztxNji1ZV2JFLR+REGbcfpOsyfAq/7HIW1axNhLZk3t0Nm7VVmCK681bV237DjfIv4sUTJ98 givBVHwUf8ZBqRZq7v7oPkgZlSqiA1fy5iCuP9DSJub3Gy69+RtBFPfLg8vbBovoWES+vg9ZZ0 +1I1BGqGZBS0SjK1wy9JmDc1
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Mon, Nov 29, 2021 at 12:59:28PM +0000, Anton Belousov wrote:
> This update is done to improve virtual machine stealth from malware. There 
> are AntiVM techniques that use WMI-queries to detect presence of this SMBIOS 
> tables. Example: 
> "https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/AntiVM/Generic.cpp";

Aren't there many other hints at whether an OS is running inside of a
VM? I could imagine for example the ACPI tables, the list or models of
exposed devices, or the cpuid data?

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.