[vbox-dev] cpuid - anit-vm-detection
Holger Unterbrink (hunterbr)
hunterbr at cisco.com
Thu Jan 5 18:02:16 UTC 2017
Hi,
I am in the process of hardening a VBOX VM against VM-detection. Most thinks are working, but I can't get cpuid to do what I want.
VBoxManage modifyvm "VM" --cpuidset 0 0d 756e6547 6c65746e 49656e69
changed the vendor string, but not the Hypervisor Present Bit (EAX = 0x1 Bit 31) and Intel/AMD software use string (CPUID EAX = 0x40000000) which usually is set to the hypervisor vendor...
mov eax, 0x40000000
cpuid
also still returns the vendor string (vboxboxvbox) in ebx,ecx,edx
Q: how can I disable this behavior in vbox ? Best with a VBoxmanage cmd, but patching the source is also fine for me.
Any help or comments highly welcome !
thx,
holger
P.S. FR: for sandbox setups, a configure option to automatically replace all vbox strings and 0x8088 PCI ids, etc in the src code, would be nice for a future release (done that manually now)
More information about the vbox-dev
mailing list