> Could IO MMU and hardware be exploited?
Hmm...
I think that would strongly depend on how your anti-debugging technique ties into the operating system. Without ring 0 access you are limited to no hardware access and only a limited set of opcodes.
So assuming that your protected application is just that, a user space application, other that a Hardware dongle or Server I don't think there is any way.
If your application however comes with a driver than possibly there is a way, although I wouldn't know of hand how this way looks.
But, if you are virtualizing an entire OS with your victim application, why use hardware virtualization and risk the application having a shot at detecting something?
There were virtual machines long before there was Intel VT and AMD Pacifica, I remember Connectix virtual PC later M$ virtual PC, although this was before 64bit became mainstream.
Anyhow I don't see a reason why one couldn't make a new virtual machine software which runs a 64bit OS but does not require hardware support that is runs on the host as a boring user mode process. That is of cause except that fact that its performance would be worse may be much worse of cause. But for debugging that wouldn't matter much I guess.
So ultimately the only way to go would be to try to detect being run in a VM at all and than denying to run.
However if said VM software would be intended to be a Debuging host I think there would be no reliable way to detect being run in it which couldn't be bypassed by some minor update to the VM software.
|