Crate inside_vm_arch_support
source ·Expand description
inside-vm
Detect if code is running inside a virtual machine.
Only works on x86 and x86-64.
How does it work
Measure average cpu cycles when calling cpuid
and compare to a threshold, if the value is high assume code is running inside a VM.
Quick Start
use inside_vm_arch_support::{inside_vm, inside_vm_custom, cpuid_cycle_count_avg};
let inside = inside_vm();
println!("inside vm: {}", inside);
let inside = inside_vm_custom(5, 100, 5, 1200);
println!("inside vm: {}", inside);
let average_cpu_cyles = cpuid_cycle_count_avg(5, 100, 5);
println!("average __cpuid cpu cycles: {}", average_cpu_cyles);
Credits
https://evasions.checkpoint.com/techniques/timing.html#difference-vm-hosts
Functions
- Compute cpuid cpu cycles average.
- Compute cpuid cpu cycles average and compare to threshold.
- Detect if inside vm by computing cpuid cpu cycles average and compare to
threshold
.