Hyper-V e820 lines from dmesg
https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/320/682/123/418/683/original/97a8aa99e1e67062.png
https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/320/682/123/418/683/original/97a8aa99e1e67062.png
Notices where this attachment appears
-
Embed this notice
Will Dormann (wdormann@infosec.exchange)'s status on Tuesday, 15-Apr-2025 03:46:17 JST 
Will Dormann
Why am I seeing a difference with my heap allocation addresses vs. what Stephen is seeing?
"Easy"
I'm using VMware, and Stephen is using Hyper-V.
Looking at the e820 info when the VM boots, we can see that with a VMware VM, we have a couple of ACPI entries, and then the usable section after that starts at 0xbff00000. With Hyper-V, there is no ACPI section, and the usable section merely starts at 0x00100000. Also looking at the /proc/iomem output, we can see a clear difference between memory layout in a Hyper-V VM vs. a VMware VM.
What are the consequences of this?
An ICS VM that is running on a default VMware configuration will presumably not be exploitable using the Rapid7 technique. However one running on Hyper-V will be. 🤔Edit All of the above is a red herring, as I don't know how computers work.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.