Jump to content
Tuts 4 You

Detecting the Presence of Virtual Machines Using the Local Data Table

Teddy Rogers

About This File

In this paper we describe a method for determining the presence of virtual machine emulation in a non-privileged operating environment. This attack is useful for triggering anti-virtualization attacks and evading analysis. We then discuss methods for mitigating this risk for malware analysts. This method was demonstrated using the Windows series of operating systems.

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...