tags:

views:

319

answers:

3
+4  Q: 

How do I detect programmatically in which ring (-1, 0, 1, 2, 3) I am running?

How do I detect programmatically in which ring (-1, 0, 1, 2, 3) I am running?

+1  A: 

Unless you're a device driver, you'll always be running in Ring 3 (for systems that have "rings", per se).

John Saunders  2009-07-06 12:36:03
Is that so? What about deamons and programs running as root?
Andrew J. Brehm  2009-07-06 13:03:15
What if I am a device driver of an operating system running a hosted hypervisor? Wouldn't I be running in ring -1 together with the host system and the hypervisor?
Andrew J. Brehm  2009-07-06 13:07:45
deamons are user mode programs running under another account. root is another account too. 'real' drivers run in kernel mode (mostly ring 0 because ring1 + ring2 are rarely used today.
Christopher  2009-07-06 13:08:00
@Andrew: rude, rude. Yes, that's so.
John Saunders  2009-07-06 13:14:24
+8  A: 

The easiest way is, to just run the (x86) command and catch the corresponding error.

E.g. (SEH, Windows, kernel mode)

bool ring_lower_0 = false;
__try
{
    __asm { <cmd> };
    ring_lower_0 = true;
}
__except( GetExceptionCode() == EXCEPTION_PRIV_INSTRUCTION )
{
    ring_lower_0 = false;
}

Notes:

cmd, is an assembler command. See the Intel Architecture Reference Manuals for a list of commands and their respective Ring levels.

Linux has a slightly different concept.

But remember that VMs residing on a lower level may mask the result by emulating the call.

(NB: The Job of the VM is to translate the invalid instruction into an meaningful call)

If you really want to check if your a virtualized and want to stop execution because of this, you should read what has been written about 'Red pill'.

Christopher  2009-07-06 13:06:23
Thanks. That's a very good solution. I can work from here. Mask the result: I know. I just needed some point to begin.
Andrew J. Brehm  2009-07-06 13:37:26
+2  A: 

Normally i would write that you should read about "protected mode programming". There is an article about how to intertact with ring 0 using windows XP SP2. Note that it will change for others windows versions and for sure others operational systems.

http://www.codeproject.com/KB/threads/MinimalisticRingZero.aspx

If you just want to detect if you are running inside of a virtual machine, to avoid that people debug your application, for example, you can check here:

http://www.codeproject.com/KB/system/VmDetect.aspx

VP  2009-07-06 13:11:57

related questions

MAMP/LAMP native or virtual (Virtualbox/VMware)?
Best VM software for Mac OS X?
Considerations for developing for a VM deployment
What is the fastest virtual machine design for x86?
Reasons to Use a VM For Development
Are there any Java VMs which can save their state to a file and then reload that state?
What are the primitive Forth operators?
Execution speed of references vs pointers
Migrate Software Deployed on Linux VM?
Virtual machine management
VMWare(Windows) Hardware Recommendations
Why Virtualize the mobile ??
Web Application Infrastructure
What can I do if a Java VM crashes repeatedly?
Is transforming internal DSL to external DSL anti-pattern?
Test a site in Mac Firefox
Is .NET memory management faster in managed code than in native code?
Pros and Cons of Developing on a VM on a PC
Sharing Files between VM and Host using Virtual PC 2007
What exactly is Parrot?
Configuring RAID on a VM Host for best performance of multiple Virtual Machines
Running JIRA on a VM
Time Synchronization Ubuntu Server Under Parallels
Why do we need other JVM languages
Is there a way I can have a VM gain access to my computer?