从应用程序中检测虚拟化操作系统? [英] Detect virtualized OS from an application?

问题描述

我需要检测我的应用程序是否在虚拟化操作系统实例中运行.

I need to detect whether my application is running within a virtualized OS instance or not.

我找到了 一篇文章，其中包含有关该主题的一些有用信息.同一篇文章出现在多个地方，我不确定原始来源.VMware 实现了一个特定的无效 x86 指令来返回关于自身的信息，而 VirtualPC 使用带有 IN 指令的幻数和 I/O 端口.

I've found an article with some useful information on the topic. The same article appears in multiple places, I'm unsure of the original source. VMware implements a particular invalid x86 instruction to return information about itself, while VirtualPC uses a magic number and I/O port with an IN instruction.

这是可行的，但在这两种情况下似乎都是未记录的行为.我想 VMWare 或 VirtualPC 的未来版本可能会改变这种机制.有没有更好的办法?这两种产品是否有支持的机制?

This is workable, but appears to be undocumented behavior in both cases. I suppose a future release of VMWare or VirtualPC might change the mechanism. Is there a better way? Is there a supported mechanism for either product?

同样，有没有办法检测 Xen 或 VirtualBox?

Similarly, is there a way to detect Xen or VirtualBox?

我不担心平台故意隐藏自己的情况.例如，蜜罐使用虚拟化，但有时会掩盖恶意软件用来检测它的机制.我不在乎我的应用会认为它没有在这些蜜罐中虚拟化，我只是在寻找尽力而为"的解决方案.

I'm not concerned about cases where the platform is deliberately trying to hide itself. For example, honeypots use virtualization but sometimes obscure the mechanisms that malware would use to detect it. I don't care that my app would think it is not virtualized in these honeypots, I'm just looking for a "best effort" solution.

该应用程序主要是 Java，但我希望针对此特定功能使用本机代码和 JNI.Windows XP/Vista 支持是最重要的，尽管参考文章中描述的机制是 x86 的通用特性，不依赖于任何特定的操作系统设施.

The application is mostly Java, though I'm expecting to use native code plus JNI for this particular function. Windows XP/Vista support is most important, though the mechanisms described in the referenced article are generic features of x86 and don't rely on any particular OS facility.

推荐答案

您听说过 蓝色药丸，红色药丸?.这是一种用于查看您是否在虚拟机内运行的技术.该术语的起源源于 矩阵电影，其中向 Neo 提供蓝色或红色药丸(留在矩阵内 = 蓝色，或进入真实"世界 = 红色).

Have you heard about blue pill, red pill?. It's a technique used to see if you are running inside a virtual machine or not. The origin of the term stems from the matrix movie where Neo is offered a blue or a red pill (to stay inside the matrix = blue, or to enter the 'real' world = red).

以下是一些代码，可以检测您是否在矩阵"内运行:
(代码借自 本网站还包含一些关于手头主题的很好的信息):

The following is some code that will detect wheter you are running inside 'the matrix' or not:
(code borrowed from this site which also contains some nice information about the topic at hand):

 int swallow_redpill () {
   unsigned char m[2+4], rpill[] = "\x0f\x01\x0d\x00\x00\x00\x00\xc3";
   *((unsigned*)&rpill[3]) = (unsigned)m;
   ((void(*)())&rpill)();
   return (m[5]>0xd0) ? 1 : 0;
 } 

当您在虚拟机中运行时，该函数将返回 1，否则返回 0.

The function will return 1 when you are running inside a virutal machine, and 0 otherwise.

这篇关于从应用程序中检测虚拟化操作系统?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！