Skip to content
/ rdtsc-cpuid-vm-check Public

PoC that measures how long it takes the CPU to execute the CPUID instruction and reports if it suspects a VM. Works on both Windows and Linux.

23 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TheDuchy/rdtsc-cpuid-vm-check

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
main.c
main.c
 
 

Repository files navigation

tl;dr

The CPUID instruction takes a lot longer to execute in a VM than it does on bare-metal so we can measure it and confidently say if we are running inside of a VM or not. It is possible because a VM will need to call a VMEXIT to let the VMM execute the instruction bare-metal (and that takes time) or in case of emulators, it needs to manually move the data into the virtual registers (and that also takes time).

About

PoC that measures how long it takes the CPU to execute the CPUID instruction and reports if it suspects a VM. Works on both Windows and Linux.

Resources

Readme
Activity

Stars

23 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages