[vbox-dev] cpuid - anit-vm-detection
Holger Unterbrink (hunterbr)
hunterbr at cisco.com
Fri Jan 6 08:19:27 GMT 2017
oh, I forgot, I should add that I tried to set the other two leafs (EAX= 1 and EAX=0x40000000) via --cpuidset, too, but when I am doing that the VM does not start anymore.
-h
> -----Original Message-----
> From: Holger Unterbrink (hunterbr)
> Sent: Thursday, January 5, 2017 19:02
> To: 'vbox-dev at virtualbox.org' <vbox-dev at virtualbox.org>
> Subject: cpuid - anit-vm-detection
>
> Hi,
>
> I am in the process of hardening a VBOX VM against VM-detection. Most thinks
> are working, but I can't get cpuid to do what I want.
>
> VBoxManage modifyvm "VM" --cpuidset 0 0d 756e6547 6c65746e 49656e69
>
> changed the vendor string, but not the Hypervisor Present Bit (EAX = 0x1 Bit 31)
> and Intel/AMD software use string (CPUID EAX = 0x40000000) which usually is
> set to the hypervisor vendor...
>
> mov eax, 0x40000000
> cpuid
>
> also still returns the vendor string (vboxboxvbox) in ebx,ecx,edx
>
> Q: how can I disable this behavior in vbox ? Best with a VBoxmanage cmd, but
> patching the source is also fine for me.
>
> Any help or comments highly welcome !
>
> thx,
> holger
>
> P.S. FR: for sandbox setups, a configure option to automatically replace all vbox
> strings and 0x8088 PCI ids, etc in the src code, would be nice for a future release
> (done that manually now)
More information about the vbox-dev
mailing list