Libvirt: problem with hidding that a VM is running

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello everyone,


I try to strengthen my virtual machine against malware by trying, as much as I can, to hide the fact that malware is running inside a virtual machine. One possible way to do it is to suppress the string “KVMKVMKVM” and the value 1 of the Qemu variable 'CPUID_EXT_HYPERVISOR', which are both specified in the file in './qemu-2.3.0-rc4/target-i386/kvm.c'.


Step 1) I'm doing the following modifications:


- Original unmodified version of kvm.c includes the following values:

ret |= CPUID_EXT_HYPERVISOR; //line 219 in 'kvm.c'

memcpy(signature, "KVMKVMKVM\0\0\0", 12); //Line 538 in 'kvm.c'


- My objective is to replace those values with the following :

ret |= 0; //line 219 in 'kvm.c'

memcpy(signature, "blablabla\0\0\0", 12); //Line 538 in 'kvm.c'


Step 2) I do “sudo make” and “sudo make install” in the qemu-2.3.0-rc4 directory, and then I replace the original file './usr/bin/qemu-system-x86_64' with the new one.


While everything works fine with qemu-kvm and sdl (following the command line that I'm using) :

sudo qemu-system-x86_64 -enable-kvm -m 4096 img.qcow2 -smp cores=2

With virt-manager I'm not able to start correctly the virtual machine. I have the following problems :


If I'm using a Windows 7 .qcow2, Windows will start but right after windows starts loading, It halts and I get the famous windows blue error screen saying :

*** STOP: 0x000000A5 (0x0001000A, 0x00000000, 0x00000000, 0x00000000).

While it could be an ACPI problem, I tried to uncheck the ACPI option in virt-manager VM configuration but I still get the same error.


If I'm using a WindowsXP .qcow2, I always have the message “We apologize for the inconvenience, but Windows did not start successfully […] Start Windows Normally […] “ and no way to dodge/escape it.


I will be gratefull if someone may help me or have an idea about how to implement these CPU modifications !


Running version:

Ubuntu 14.04

QEMU emulator version 2.2.94

Libvirt 1.2.2


Regards.

_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
[Index of Archives]     [Linux Virtualization]     [KVM Development]     [CentOS Virtualization]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux