|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH 0/3] hvmloader: add new SMBIOS tables (7,8,9,26,27,28)
On 02.07.2025 01:45, Petr Beneš wrote: > From: Petr Beneš <w1benny@xxxxxxxxx> > > Resubmitting patch from Anton Belousov and addressing review comments > from Jan: > https://old-list-archives.xen.org/archives/html/xen-devel/2022-01/msg00725.html In which case shouldn't this submission have a version number, explicitly larger than 1? Jan > Original message: >> SMBIOS tables like 7,8,9,26,27,28 are neccessary to prevent sandbox detection >> by malware using WMI-queries. New tables can be mapped to memory from binary >> file specified in "smbios_firmware" parameter of domain configuration. >> If particular table is absent in binary file, then it will not be mapped to >> memory. This method works for Windows domains as tables 7,8,9,26,27,28 are >> not >> critical for OS boot and runtime. Also if "smbios_firmware" parameter is not >> provided, these tables will be skipped in write_smbios_tables function. > > Further explanation: > Some malware samples are known to check presence of various hardware > components > (like CPU fan, CPU temperature sensor, etc.) by WMI queries. If these > components > are not present, then malware can assume that it is running in a sandbox and > will not execute its payload. > > This patch will allow security researchers to create a custom SMBIOS > firmware binary file that contains these tables. > > Petr Beneš (3): > hvmloader: fix code style violations > hvmloader: fix SMBIOS table length checks > hvmloader: add new SMBIOS tables (7,8,9,26,27,28) > > tools/firmware/hvmloader/smbios.c | 204 ++++++++++++++++++++---- > tools/firmware/hvmloader/smbios_types.h | 83 +++++++++- > 2 files changed, 254 insertions(+), 33 deletions(-) >
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |