If we assume we have only the binary, we can use windbg to drop into assembly and see what’s going on. Since windows guests run in fully emulated mode, it should be straightforward to trace in the guest.
If we want to trace what is happening in the virtualization layer, i.e. hypervisor, it will be a bit difficult. It depends on what kind of machine we are running on. These days all machines are 64 bit with VMX enabled which allow the hypervisor to intercept guest instructions on the fly, since processor virtualization is implemented in hardware.
Since it is just a trap by which the guest drops into hypervisor it is almost impossible to tell when the guest has entered the hypervisor and when its back. However we probably will not achieve much by tracing any code in the hypervisor.
In a VMX enabled machine only page table write changes and IOPL changes will go to hypervisor. Everything else is handled in the guest itself.
For all practical application debugging windbg should be fine.
Can we Trace the running Process(.exe) & its Instructions at guest OS using WinDbg??
Please help on this...
Im really appreciating your time on this ..
Thank you .. :)
I'm not entirely sure what you're asking, but if you're asking if you can run windbg on a virtualized machine, then yes, it works just like it does on a physical machine.
If you want to attach to the process that is running the virtual machine itself, but look at a process that is inside of the guest os, then the answer is no.
Related
i have several virtual machines running on virtual box on my main Ubuntu OS.
But after the security updates (Spectre and Meltdown) on windows they weirdly stopped working.
I tried looking up the problem on google but it seems like no one else has experienced this problem.
Side Notes:
I have 2 OS-Systems (Windows/Ubuntu) running on a dual boot.
I have VT-X/AMD-v enabled in my BIOS settings and i disabled Hyper-V
on my Windows machine
I dont know how those two OS-Systems are even connect but i noticed
that my time switches about a hour if i first start Ubuntu and then
Windows. Therefore i guess that they are linked in some way
Some of the Virtual Machines require VT-X/AMD-v. I tried starting
those who dont require VT-X/AMD-v without it and they worked fine.
All machines worked perfectly fine before
Not sure if this question is off-topic on this website. If it is i'd be happy if someone can link me to places where this question is suitable.
What you experience is most likely a bug in the Virtualbox. Submit an issue to their bug tracker.
I have VT-X/AMD-v enabled in my BIOS settings and i disabled Hyper-V on my Windows machine
This is fine and is actually required.
my time switches about a hour if i first start Ubuntu and then Windows.
Most likely the timezone settings are different in two OSes, or one OS assumes that the CMOS clock runs in UTC and another thinks it is in local time zone. It has nothing to do with your problem.
Some of the Virtual Machines require VT-X/AMD-v.
Apparently pure application level software works fine, but hardware-accelerated VMMs require kernel modules to be loaded, and those may need adjustments after kernel updates, especially so drastic ones.
Not sure if this question is off-topic on this website.
Yes, it looks like this question is more suitable for ServerFault https://serverfault.com/
I'm trying to install and use VirtualBox in a lab with heterogeneous computers. In one machine (with Intel E5500) it works perfectly. In all others (most wwith E2180) it doesn't work. Why is it happening?
All machines have Windows 7 32 bits.
Log: https://pastebin.com/nfbPYGP7
You might want to try and modify your settings.
In System /// Acceleration panel look for “enable VT-x”. When enabled your VM will take advantage of the hardware VT-x circuits but it might be the problem for your E2180 as it does not implement this Technology.
Processor E2180 vs
Processor E5500
I am trying to find a way to programatically detect that my program runs on a virtual machine, as far as I know there is no common way for parallels to do that.
Windows 8 task manager performance tab displays a "Virtaulization" option, what does it mean? When i run windows 8 in a virtual machine it changes to virtual processors and virtual machine: yes, so some how windows 8 detects that it is running inside a virtual machine, how does windows 8 detect that it is running in a virtual machine? Is it possible to get this information programatically? I tried both on parallels and vm ware and both works fine.
You should take a look at this interesting article Red Pill... or how to detect VMM using (almost) one CPU instruction by Joanna Rutkowska which used to be here but is now dead and can only be viewed with the waybackmachine here and Virtualization: Red Pill or Blue? by Steven McElwee which also used to be here but can now only be viewed here.
Heres the code:
int swallow_redpill()
{
unsigned char m[2+4], rpill[] = "\x0f\x01\x0d\x00\x00\x00\x00\xc3";
*((unsigned*)&rpill[3]) = (unsigned)m;
((void(*)())&rpill)();
return (m[5]>0xd0) ? 1 : 0;
}
It should return 1 if running in a virtual machine and 0 if not.
Edit: It may return false-positives on modern cpus and its apparently better to combine a couple of tests together to make sure the result is real.
On VMware you could check for the CD drive vendor- should be "VMware" or "VMware, Inc." or something like this.
I don't know about VMware workstation but on ESXi your MAC address generally starts with "00:50:56". You could make use of this, too.
Have a look at virt-what. Maybe you can port it to Windows.
And maybe How to detect install is running on a VM? can help you.
i wrote a cuda program and i am testing it on ubuntu as a virtual machine. the reason for this is i have windows 7, i don't want to install ubuntu as a secondary operating system, and i need to use a linux operating system for testing.
my question is: will the virtual machine limit the gpu resources? So will my cuda code be faster if i run it under my primary operating system than running it on a virtual machine?
I faced a similar task once. What I ended up doing was installing Ubuntu on a 8GB thumb drive with persistent mode enabled.
That gave me 4GB to install CUDA and everything else I needed.
Having a bootable USB stick around can be very useful. I recommend reading this.
Also, this link has some very interesting material if you're looking for other distros.
Unfortunately the virtual machine simulates a graphics device and as such you won't have access to the real GPU. This is because of the way the virtualisation handles multiple VMs accessing the same device - it provides a layer in between to share the real device.
It is possible to get true access to the hardware, but only if you have the right combination of software and hardware, see the SLI Multi-OS site for details.
So you're probably out of luck with the virtualisation route - if you really can't run your app in Windows then you're limited to the following:
Unrealistic: Install Linux instead
Unrealistic: Install Linux alongside (not an option)
Boot into a live CD, you could prepare a disk image with CUDA and mount the image each time
Setup (or beg/borrow) a separate box with Linux and access it remotely
I just heard a talk at NVIDIA's GPU technology conference by a researcher named Xiaohui Cui (Oak Ridge National Laboratory). Among other things, he described accessing GPUs from Virtual machines using something called gVirtuS. He did not create gVirtuS, but described it as an opensource "virtual cuda" driver. See following link:
http://osl.uniparthenope.it/projects/gvirtus/
I have not tried gVirtuS, but sounds like it might do what you want.
As of CUDA 3.1 it's virtualization capabilities are not vivid, so the only usable approach is to run CUDA programs directly on the target HW+SW
Use rCUDA to add a virtual GPU to your VM.
I've been hearing a lot about about how the new version of VMWare Fusion can run virtual operating systems in "headless mode".
A Google search makes it clear that other virtualisation products also have similar features, however, I have not been able to find a good description of what this actually means? What is happening when you do this?
Headless mode means that the virtual machine is running in the background without any foreground elements visible (like the Vmware Fusion application)
You would have no screen to see running the front end; i.e. the screen/console would not be visible, even though the operating system is running, and would typically have to access the machine via SSH.
For anyone that is interested, you can activate headless mode in VMWare Fusion by running the following command in Terminal.app
defaults write com.vmware.fusion fluxCapacitor -bool YES