Using CPUID for detecting VMs

Loki · 07-08-2024, 09:57 AM

Hidden Content

You must register or login to view this content.

On a virtual machine, this returns a hypervisor-specific string across EBX, ECX, and EDX, such as "VMwareVMware," "Microsoft Hv," "VBoxVBoxVBox," or "XenVMMXenVMM.

sinking · 07-26-2024, 12:05 AM

I'll check this against the hiddenvm I posted.

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | https://breachforums.hn/Forum-Ban-Appeals if you feel this is incorrect.

Elrode · 07-28-2024, 05:23 PM

hello than you for that

notagh0st · 07-31-2024, 07:39 PM

This is a neat little trick, but can also be easily thwarted by modifying the VM configuration file to set the CPUID to be whatever you want, such as a legit machine's CPUID. This shouldn't be used by itself, but along with several other anti-vm/anti-detect methods.

Loki · 08-01-2024, 01:31 AM

(07-31-2024, 07:39 PM)notagh0st Wrote: This is a neat little trick, but can also be easily thwarted by modifying the VM configuration file to set the CPUID to be whatever you want, such as a legit machine's CPUID. This shouldn't be used by itself, but along with several other anti-vm/anti-detect methods.

certainly, this is just one of the tricks

laksor · 08-08-2024, 10:20 PM

other than the cpuid if i remember correctly there are environment variables that are set by default by the hypervisor

Nukemaster1113 · 08-13-2024, 03:34 AM

Making a custom protector so thanks

Loki · 08-13-2024, 04:05 AM

(08-13-2024, 03:34 AM)Nukemaster1113 Wrote: Making a custom protector so thanks

that sounds like a cool project!

ricky_bobby · 08-14-2024, 07:38 PM

learning more on vm shit so this is helpful thanks

Nukemaster1113 · 08-17-2024, 05:08 AM

(08-13-2024, 04:05 AM)Loki Wrote:
(08-13-2024, 03:34 AM)Nukemaster1113 Wrote: Making a custom protector so thanks

that sounds like a cool project!

It’s really fun man just takes a ton of time because I’m trying to one up vmp