Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

Hardware Identifiers > MAC Addresses - Pg. 185

MalwareAnalysis·Chapter6 185 system. Values can be written to the port, and values can be read. Depending on the parameters passed in control registers during these reads and writes different information such as the version of VMware can be obtained. I would suggest that anyone looking for further information on this port visit the following URLs: http://open-vm-tools.sourceforge.net/ http://chitchat.at.infoseek.co.jp/VMware/ I have not yet found a method to deactivate or disguise this port so that it can't be detected. It may be possible to edit the VMware binary, and cause the port to use a different number, but I have no information on how difficult that might be, and what other effects might be caused by this modification. Emulated Hardware Detection The most common method for a process to detect that it's in a virtual environment is for it to look at the hardware on which the machine is running.Virtual machine monitors (such as VMware and Virtual PC) emulate a specific set of hardware (with