Crate inside_vm[−][src]

Expand description

inside-vm

Detect if code is running inside a virtual machine.

Only works on x86 and x86-64.

How does it work

Measure average cpu cycles when calling cpuid and compare to a threshold, if the value is high assume code is running inside a VM.

Quick Start

use inside_vm::{inside_vm, inside_vm_custom, cpuid_cycle_count_avg};

let inside = inside_vm();
println!("inside vm: {}", inside);

let inside = inside_vm_custom(5, 100, 5, 1200);
println!("inside vm: {}", inside);

let average_cpu_cyles = cpuid_cycle_count_avg(5, 100, 5);
println!("average __cpuid cpu cycles: {}", average_cpu_cyles);

Credits

https://evasions.checkpoint.com/techniques/timing.html#difference-vm-hosts

Functions

cpuid_cycle_count_avg

Compute cpuid cpu cycles average.

inside_vm

Compute cpuid cpu cycles average and compare to threshold.

inside_vm_custom

Detect if inside vm by computing cpuid cpu cycles average and compare to threshold.