Programming, reverse engineering and anything else as well …
A friend of mine pointed me to the following message (”open letter”) of Novell:
http://www.novell.com/linux/microsoft/openletter.html (the related press release is here). I wonder how this partnership will affect other distros, especially non-commercial. My friend says that it will have a big influence on the other commercial distros and non-commercial ones will be ignored. I am not so sure. What do you think? Leave a comment …
// Oliver
Although I had posted this already at the malware research forum and received little feedback, I decided to prepare a brief research paper about this topic and post it here.
The topic is that the Redpill approach by Joanna Rutkowska does not seem to work reliably and the values retrieved in kernel mode inside a virtual machine (VMWare ) differ substantially from the ones retrieved in user mode. While calling SIDT in user mode was the rationale of the whole approach, it would not usually be expected that the results between user mode and kernel mode are different. Also the difference means that the approach is not generally applicable. Last but not least the Redpill approach failed for me on Virtual PC (see the paper).
Continue reading ‘Redpill getting colorless?’