In this post, we give some clues on how to determine hypervisor properties by running commands in the guest operating system, without any special privileges in the host machine running the hypervisor. This can be useful for penetration testing and information gathering, as well as for determining the best software configuration for virtualization-sensitive and virtualization-aware software.
Determining if the Guest OS is running over a VMware hypervisor
There are several methods to determine whether a machine is running as a virtual machine OS inside a VMware hypervisor.
The most popular one is the VMware “backdoor”. This “backdoor” will respond to certain “interrupt calls”, which would crash a user mode application in a physical machine. It provides both an API and a communication layer between a guest OS and the hypervisor. [1] [2]
Even if the backdoor is disabled, you can use any of the hardware “clues” described in [7].
When the VMware guest tools are installed, you can also use them to check whether the machine is running over a VMware hypervisor, using one of the supplied command line utilities. This is a high level option. [3] [4]
The Guest API is another option, we can easily use it inside an application. Some of the VMware Guest Tools use the Guest API. [5] [6]
Image 1: VMware guest tools modules
References
[1] VMware Backdoor I/O Port - https://sites.google.com/site/chitchatvmback/backdoor
[2] VM Back - VMware Command Line Tools (Unofficial tools) - https://sites.google.com/site/chitchatvmback/vmtools
[3] Overview of VMware Tools (340) - https://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=340
[4] Deep VMware™ Guest Tools and Guest-Hypervisor communication, https://www.amazon.com/VMwareTM-Guest-Tools-Guest-Hypervisor-communication-ebook/dp/B07659WN38
[5] vSphere Guest SDK Documentation - https://www.vmware.com/support/developer/guest-sdk/index.html
[6] vSphere Guest and HA Application Monitoring SDK Documentation - http://pubs.vmware.com/vsphere-60/topic/com.vmware.sdk.doc/GUID-14451BD8-6FF5-4265-AC02-CEC7F5A78A3F.html
[7] VMware™ hypervisor fingerprinting, https://www.amazon.com/VMwareTM-hypervisor-fingerprinting-Pedro-Silva-ebook/dp/B06XGFT6BD/ref=asap_bc?ie=UTF8
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
http://www.academia.edu/28534528/VMware_hypervisor_fingerprinting
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit