Evading ACPI checks in commercial virtualization platforms
Overview Dozens of virtual machine checks are scattered throughout various open-source projects. You’ll see a handful of the same checks in various applications, from commercial to fully fleshed-out malware. The checks typically involve looking for drivers, devices, processes, registry entries, custom vendor information, timing attacks, etc. Most of these methods are easily mitigated by tweaking […]
Day 2: Entering VMX Operation, Explaining Implementation Requirements
Overview Today is the day of heavy details and implementation. There will be a lot of technical explanation and a lot of text. We’ll start off with a section explaining the need for some form of internal logging API because – well, having DbgPrint spammed throughout functions when validating certain control values is disgusting and […]