[vbox-dev] vm detection
Stéphane Charette
stephanecharette at gmail.com
Wed Dec 30 13:31:38 GMT 2009
Spent the night trying various inline assembly to attempt to detect
when my application is running within a VM.
Couple of things to note: the web is full of really bad and really
***WRONG*** example code from people thinking they're being crafty.
Some code is of course geared towards just Windows + VMWare, but there
is a surprisingly large amount of example code calling things like
SIDT and SGDT with just 2 bytes to store the result. I may not be an
assembly programmer, but it doesn't take much Googling at AMD and
Intel's sites to see that even at best-case when running in i386, it
needs at least 6 bytes, while in AMD64 you'd need 10 bytes.
I'm guessing things have progressed in the last few years, where some
of the VM detection example code that made headlines when they were
first discovered no longer applies...or perhaps only ever applied to
VMWare? Things I tried include:
- SIDT (aka "red pill" and "snoopy_doo")
- SGDT (upper byte always 0xff for me, whether native or in VirtualBox)
- SLDT (always returns zero for me, whether native or in VirtualBox)
- STR (always returns 0x0040 whether native or in VirtualBox)
I'm worried the only "solution" (and I use the term lightly) is to do
something crazy like walking the PCI table or the DMI BIOS information
looking for certain strings. Can someone recommend something better?
Thanks in advance,
Stéphane
More information about the vbox-dev
mailing list