[virt-tools-list] Libvirt: problem with hidding that a VM is running
abyssal90 at hotmail.fr
Tue Apr 28 08:31:34 UTC 2015
I try to
strengthen my virtual machine against malware by trying, as much as I
can, to hide the fact that malware is running inside a virtual
machine. One possible way to do it is to suppress the string
“KVMKVMKVM” and the value 1 of the Qemu variable
'CPUID_EXT_HYPERVISOR', which are both specified in the file in
Step 1) I'm doing
the following modifications:
unmodified version of kvm.c includes the following values:
CPUID_EXT_HYPERVISOR; //line 219 in 'kvm.c'
"KVMKVMKVM\0\0\0", 12); //Line 538 in 'kvm.c'
- My objective is
to replace those values with the following :
ret |= 0; //line
219 in 'kvm.c'
"blablabla\0\0\0", 12); //Line 538 in 'kvm.c'
Step 2) I do “sudo
make” and “sudo make install” in the qemu-2.3.0-rc4 directory,
and then I replace the original file './usr/bin/qemu-system-x86_64'
with the new one.
works fine with qemu-kvm and sdl (following the command line that I'm
qemu-system-x86_64 -enable-kvm -m 4096 img.qcow2 -smp cores=2
I'm not able to start correctly the virtual machine. I have the
following problems :
If I'm using a
Windows 7 .qcow2, Windows will start but right after windows starts
loading, It halts and I get the famous windows blue error screen
*** STOP: 0x000000A5
(0x0001000A, 0x00000000, 0x00000000, 0x00000000).
While it could be an
ACPI problem, I tried to uncheck the ACPI option in virt-manager VM
configuration but I still get the same error.
If I'm using a
WindowsXP .qcow2, I always have the message “We apologize for the
inconvenience, but Windows did not start successfully […] Start
Windows Normally […] “ and no way to dodge/escape it.
I will be gratefull
if someone may help me or have an idea about how to implement these
CPU modifications !
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the virt-tools-list