Re: [ether-devel] Digest for ether-devel@googlegroups.com - 4 Messages in 1 Topic

[Kenneth Hamlin]

Thanks for the info. I made my Windows.img file on an updated version of Xen and verified that its working correctly. Everything copied over to the Ether box just fine as well and boots/works normally.

I am trying to use ether to unpack a malware sample by mounting the Windows.img and copying the sample to the VM's Desktop folder. I then unmount and start the Windows XP VM. On the host machine I cd to the ether_ctl/ folder and run ./ether 1 unpack_userspace malware.exe ~/home/user/malware.exe. Ether looks happy and is listening for the executable. I then switch to the VM start task manager and then execute the malware.exe file.

Ether gives a bunch of text mostly indicating its successful and found the Possible OEP, Fixing, Dumped image size, but then says Image is not a valid DOS file. Could not parse dumped image and the unpacked version of the file never appears in the designated folder.

Sent from my ASUS Eee Pad

ether...@googlegroups.com wrote:

  Today's Topic Summary

Group: http://groups.google.com/group/ether-devel/topics

• Xen Console Problem [4 Updates]

 Xen Console Problem

Kenneth Hamlin <ham...@gmail.com> May 14 06:33AM -0700  

Thanks for the reply but even with VNC installed and enabled in the
configuration file, when I use xm create -c, it starts the virtual
machine, says VNC=1, then skips a line and just says DSsDSsDSsDSs and
nothing else happens.
 
On May 8, 5:01 pm, Christian Strack <str...@informatik.uni-marburg.de>
wrote:


 

Kenneth Hamlin <ham...@gmail.com> May 14 11:21AM -0700  

I found the problem. VNC has to be ran as a normal user and the VM
only responds on 127.0.0.1, trying to use localhost or the external IP
of the machine causes the same error, or display not available.
 
So now I have a VNC view of the machine, but its hanging on the
Windows Setup blue screen. At the bottom it says Press F6 to choose
additional drivers. However I cannot input anything, and I've let the
system sit for some time and it never seems to progress through the
setup or loading of files. Even switching from an ISO image to the
physical cd drive with the XP SP2 cd in it doesn't make a difference.
 
I read in other posts that XP on this older version of Xen needs you
to press F5 instead of F6 and choose normal desktop in order for
installation to start. But like I said before it doesn't seem like any
input is being registered.
 


 

Artem Dinaburg <ar...@gtisc.gatech.edu> May 14 02:26PM -0400  

For some reason installing WinXP on ether-patched Xen doesn't work. The
recommended workaround is to install Windows on un-patched Xen, and then
run the installed VM on the ether-patched version.
 
Artem
 


 

Christian Strack <str...@informatik.uni-marburg.de> May 14 11:29AM -0700  

Glad to hear that. As root has no active X session this seems to fit.
Perhaps there's no entry for localhost
in your /etc/hosts file? The IP of the machine would make no sense
because the hypervisor is running the vnc server.
 
I had pretty much the same problem. I'm afraid the only thing you can
do is to set up a newer version of Xen
to install XP and copy the image file to your ether machine
afterwards.
 


 

You received this message because you are subscribed to the Google Group ether-devel.
You can post via email.
To unsubscribe from this group, send an empty message.
For more options, visit this group.