TheDuchy / rdtsc-cpuid-vm-check

PoC that measures how long it takes the CPU to execute the CPUID instruction and reports if it suspects a VM. Works on both Windows and Linux.

Geek Repo

Github PK Tool

tl;dr

The CPUID instruction takes a lot longer to execute in a VM than it does on bare-metal so we can measure it and confidently say if we are running inside of a VM or not. It is possible because a VM will need to call a VMEXIT to let the VMM execute the instruction bare-metal (and that takes time) or in case of emulators, it needs to manually move the data into the virtual registers (and that also takes time).

About

PoC that measures how long it takes the CPU to execute the CPUID instruction and reports if it suspects a VM. Works on both Windows and Linux.

Languages

Language:C 100.0%