Pages

Monday, November 09, 2009

p0wnage

A little over a month ago, I purchased a Dell Inspiron 1545 from the Dell Refurbished shelf. Most of the systems I've purchased from Dell have been procured through this route, and I've been pretty happy with the systems.

Until now. Tonight, I was p0wned by MS.

See, I'd purchased the laptop to do Windows 7 forensic (and in particular Registry) research. You know, use it like a user would and then see what the system "looks like" from a forensic perspective. Do what a user would do, then do like a forensic nerd would do.

Well, it seems that the laptop I purchased is running an Intel T4200 processor. It has 410 Million transistors, but does not support hardware virtualization.

Okay, my thought was that I was going to get an almost-brand-spanking-new system...no way it wouldn't support hardware virtualization. Well, it doesn't. What this means is that this laptop doesn't support XP Mode. Wow, so much for that rather critical portion of research.

So, the lesson learned here is, don't assume that the latest and greatest box, even one birthed in the past year, is going to have the necessary functionality to support what you want to do. In fact, as far as XP Mode is concerned, if that system you've got your eye on has an Intel processor, assume that it doesn't until proven otherwise. Wonder where I got that? My favorite forensics tool, Cory Altheide, found this at the Parallels site...notice what it says at the bottom of the page about AMD microprocessors.

Addendum: It seems that while the laptop I just purchased does not have a processor that supports hardware virtualization, the Dell Latitude D820 that I purchased in 2006 DOES! All I need to do is enable it in the BIOS...

6 comments:

  1. Jimmy_Weg10:08 PM

    FWIW, the latest version of VMWare works fine with Win 7. It may be even easier to test within a VM. Concerning the system you're working (stuck) with, the issue may be realted to the system being compatible with virtualization, at least 64 bit. Many of the systems that are built on 64-bit architecture allow the virtualization setting to be selected in the BIOS.

    ReplyDelete
  2. Ditto. I picked up a gorgeous Dell Studio 17 with a T5850 processor. I was psyched because it was a great deal on a Core Duo 2 which is 64-bit capable!

    No VT for me either.

    I was planning on creating x64 test machines (like SBS2008) but that clearly isn't going to happen.

    I remember when it was relatively simple to check the capabilities of a processor. Too many details now and they're not called out in a useful manner.

    ReplyDelete
  3. How is this MS P0wnage? MS loves you. We always have.

    ReplyDelete
  4. Jimmy,

    It may be even easier to test within a VM.

    Are you referring to loading Win7 up in a VM and seeing if I can install XP mode there? Interesting. I'll give it a shot...kind of ludicrous but okay...

    ReplyDelete
  5. The catch to virtualization on any laptop setup is twofold:
    1: The manufacturer may or may not have the ability to turn Intel-Vt on or off in the BIOS.
    2: As a rule, Centrino Pro and now Centrino 2 vPro _do_ support Intel-Vt (subject to #1 of course).

    Virtualization, while "supported" by the CPU, needs the underlying chipset to have virtualization capabilities.

    Philip

    ReplyDelete
  6. ecophobia7:14 PM

    Hi Harlan,

    try VMLite. It claims to function without hardware virtualization.

    ReplyDelete