Rafal Wojtczuk (from Bromium, previously Invisible Things Lab) presented DMA attacks against DeepSafe.
The snapshots below from: https://www.youtube.com/watch?v=RM1oBlFX5UQ
How to know where physical address space DeepSafe hypervisor is located in? (from whitepaper)
There are a few interesting technical details regarding the above hypervisor overwrite. First, malware running in OS needs to know where in physical address space Deepsafe hypervisor is located. Dumping all the physical address space via DMA and doing pattern search in it is possible, but troublesome. A more elegant approach was found – it turns out that when EPT fault occurs because OS tried to read from a physical address belonging to the hypervisor, then Deepsafe does not bother to emulate the instruction, it just skips it. Thus, the following function
mov rax, MAGICVALUE
mov rax, [rcx]
Will return MAGICVALUE if memory at rcx belongs to Deepsafe, and something else (real memory content) if not. Deepsafe allocates a contiguous physical memory region of size 0x300000, so it is easy and fast to find it via scanning all the memory.
BlackHat 2014 @US: