-1

When using QEMU/KVM there are certain network adapters that are supported and emulated. If one wanted to emulate the guest OS's original network adapter (e.g - a Broadcom interface that was present on the original machine) as opposed to the supported network adapter provided by QEMU/KVM what would be involved in emulating this process?

I understand that this is a very broad question, but I was wondering mainly if there was a way to use the original RAW image taken from machine 'A' with network adapter 'B', and have it run still seeing/using network adapter B even though it may not be supported through the platform.

Could a dummy driver be implemented within the guest that in turn talked with the QEMU/KVM supported network interface driver, allowing the guest windows system to believe that it is using the same hardware that it was on it's original platform?

Are there any commercial products that offer full hardware emulation given an original host image?

Any thought, tips, or pointers would be greatly appreciated!

Bubo
  • 101
  • 4
  • 1
    What is the use-case of this? Why not just install new drivers for Windows, and use the new (virtual)HW platform? – mulaz Feb 27 '14 at 15:08
  • The idea is that you would be able to take an image of a machine that is infected with a piece of malware, and perhaps the malware has taken note of the hardware installed or the hardware settings. If an exact image could be created and run in QEMU/KVM without the malware noticing the hardware changes, this could be advantageous for further analysis of the infected machine – Bubo Feb 27 '14 at 15:12
  • Most companies don't analyze malware by letting it run... Decompiling might give you the most information about how it works, though some have been run through obfuscators. In any case, if you aren't in the security business you're better off nuking infections from orbit and leaving the task of virus discretion to the people paid to do that stuff. – Chris S Feb 27 '14 at 16:25
  • I was just asking if this had been attempted by any commercial companies or if there were any implementations that people were aware of, thanks for your insight – Bubo Feb 27 '14 at 17:14

1 Answers1

0

If you want the old MAC to be used, you can manually set it in libvirt or the KVM command line (make sure the original NIC with the original MAC is far far away from that network).

You can also try to do pci passthrough if the original NIC is still there and you are simply moving the OS into a VM on the same hardware. This might and might not work, depending on the hardware specs.

In any case, you cannot have all of the physical hardware in a VM, the virtual machine will always have some virtual (emulated or paravirtualized) hardware.

dyasny
  • 18,482
  • 6
  • 48
  • 63
  • Ok, I knew that the MAC could be changed. I was more concerned with user space within the guest. So that the gues thinks that it's using the same hardware albeit a limited version limited by the actual underlying hardware. I imagined that this could be done via some sort of driver manipulation of some sorts only done to essentially trick the quest OS. Not necessarily emulate the actual hardware. – Bubo Feb 27 '14 at 15:25