Expand description
Cross-platform CPUID-based VM detection techniques.
Mirrors the cross-platform section of vmaware_core.c: vmid, cpu_brand, hypervisor_bit, hypervisor_str, bochs_cpu, timer, thread_mismatch, cpuid_signature, kgt_signature.
Functions§
- azure
- Check for Azure Hyper-V specific registry / SMBIOS markers.
- bochs_
cpu - Detect Bochs by checking reserved CPUID fields that Bochs sets to 0.
- cpu_
brand - Check for VM-related keywords in the CPU brand string.
- cpuid_
signature - Check for known VM CPUID signatures at leaves 0x1 and 0x40000000.
- devices
- PCI device IDs scan.
- firmware
- Firmware string scan.
- hypervisor_
bit - Check the hypervisor present bit in CPUID leaf 1 ECX (bit 31).
- hypervisor_
str - Check the hypervisor vendor string at leaf 0x40000000 for known brands.
- kgt_
signature - Detect Intel KGT (Trusty) by its CPUID leaf 0x40000001 EAX signature.
- system_
registers - Check system_registers for hypervisor clues (Linux: MSR via file).
- thread_
count - Compare OS-reported thread count with CPUID topology.
- thread_
mismatch - Compare the logical-thread count reported by CPUID with the actual OS thread count. A mismatch can indicate that the hypervisor exposes fewer CPUs than the underlying host.
- timer
- Measure CPU cycle overhead of a CPUID call using RDTSC; unusually high values indicate a hypervisor translating RDTSC.
- vmid
- Check CPUID hypervisor-vendor leaf (0x40000000..0x40000010) against known VM signatures.