Add support for SMBIOS tables 7,8,9,26,27,28.

[XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28.

Anton Belousov posted 1 patch 2 years, 4 months ago

Download series mbox

Test gitlab-ci failed

Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/cover.1638190663.git.blsv.anton@gmail.com

tools/firmware/hvmloader/smbios.c       | 146 ++++++++++++++++++++++++
tools/firmware/hvmloader/smbios_types.h |  76 ++++++++++++
2 files changed, 222 insertions(+)

Expand all Fold all

[XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28.

Posted by Anton Belousov 2 years, 4 months ago

This update is done to improve virtual machine stealth from malware. There are AntiVM techniques that use WMI-queries to detect presence of this SMBIOS tables. Example: "https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/AntiVM/Generic.cpp"

Anton Belousov (1):
  Add suport for SMBIOS tables 7,8,9,26,27,28 to improve virtual machine
    stealth from malware.

 tools/firmware/hvmloader/smbios.c       | 146 ++++++++++++++++++++++++
 tools/firmware/hvmloader/smbios_types.h |  76 ++++++++++++
 2 files changed, 222 insertions(+)

-- 
2.25.1

Re: [XEN PATCH 0/1] Add support for SMBIOS tables 7,8,9,26,27,28.

Posted by Roger Pau Monné 2 years, 4 months ago

On Mon, Nov 29, 2021 at 12:59:28PM +0000, Anton Belousov wrote:
> This update is done to improve virtual machine stealth from malware. There are AntiVM techniques that use WMI-queries to detect presence of this SMBIOS tables. Example: "https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/AntiVM/Generic.cpp"

Aren't there many other hints at whether an OS is running inside of a
VM? I could imagine for example the ACPI tables, the list or models of
exposed devices, or the cpuid data?

Thanks, Roger.