- EMU8086 - THE MICROPROCESSOR EMULATOR
http://www.emu8086.com/
A forum for reverse engineering, OS internals and malware analysis
- Parallels Desktop
x86 and x64 http://www.parallels.com/products/desktop/pd4wl/
EP_X0FF wrote:Note: enable this setting in vmx configuration file to bypass VMware identification (VMX backdoor) by some lazy malware.It would be interesting to see what other tricks people use to counter vm detection in vmx config, registry etc and whether it breaks anything.
monitor_control.restrict_backdoor = "TRUE"
isolation.tools.getPtrLocation.disable = "TRUE"(superseded by ScoopyNG)
isolation.tools.setPtrLocation.disable = "TRUE"
isolation.tools.setVersion.disable = "TRUE"
isolation.tools.getVersion.disable = "TRUE"
monitor_control.disable_directexec = "TRUE"
monitor_control.disable_chksimd = "TRUE"
monitor_control.disable_ntreloc = "TRUE"
monitor_control.disable_selfmod = "TRUE"
monitor_control.disable_reloc = "TRUE"
monitor_control.disable_btinout = "TRUE"
monitor_control.disable_btmemspace = "TRUE"
monitor_control.disable_btpriv = "TRUE"
monitor_control.disable_btseg = "TRUE"
Who controls the past controls the future
Who controls the present controls the past
Who controls the present controls the past
Thanks all, first post updated, some direct links added.
Ring0 - the source of inspiration
ETHER: Xen-based VM for code analysis.
http://ether.gtisc.gatech.edu/source.html
http://ether.gtisc.gatech.edu/source.html
Live View
Home http://liveview.sourceforge.net/index.html
Download http://sourceforge.net/projects/liveview/files/
Live View and source code is subject to Gnu Public License
Home http://liveview.sourceforge.net/index.html
Download http://sourceforge.net/projects/liveview/files/
Live View and source code is subject to Gnu Public License
Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to "boot up" the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk. Because all changes made to the disk are written to a separate file, the examiner can instantly revert all of his or her changes back to the original pristine state of the disk. The end result is that one need not create extra "throw away" copies of the disk or image to create the virtual machine.
Who controls the past controls the future
Who controls the present controls the past
Who controls the present controls the past
This topic created for making a collection of links to software virtual machines. It contains posts moved from Virtual Machines sticky topic.
If you have any links not listed in that topic, please post them here, I'll update sticky topic list.
If you have any links not listed in that topic, please post them here, I'll update sticky topic list.
Ring0 - the source of inspiration
List updated, thank you.
Ring0 - the source of inspiration
Last edited by liangtong on Sun Sep 12, 2010 1:13 pm, edited 1 time in total.