Air14
commented
3 years ago Rdtsc is in my opinion too sensitive to hook so this feature probably won't be implemented. Also what information would you want to hide with cpuid hooking?
Closed UnlimitedChild closed 3 years ago
Air14
commented
3 years ago Rdtsc is in my opinion too sensitive to hook so this feature probably won't be implemented. Also what information would you want to hide with cpuid hooking?
UnlimitedChild
commented
3 years ago Modern security tools use these methods to detect program debugging. CPUID is used to bind the program execution environment and to perform antidump protection. hypervisor_example_rdtsc-master.zip
nblog
commented
3 years ago 'CPUID' can detect vm, It will detect the Hypervisor, for this type, it will be treated as a virtual machine environment.
UnlimitedChild
commented
3 years ago Detecting VMs using the CPUID instruction - https://github.com/ioncodes/is-vm/blob/master/vm.asm
UnlimitedChild
commented
3 years ago 'CPUID' can detect vm, It will detect the Hypervisor, for this type, it will be treated as a virtual machine environment.
Does this plugin have nested virtualization support ?!
Air14
commented
3 years ago 'CPUID' can detect vm, It will detect the Hypervisor, for this type, it will be treated as a virtual machine environment.
Does this plugin have nested virtualization support ?!
No, it doesn't have
Air14
commented
3 years ago Added new feature in HyperHide_2021-07-19 which allow to hide presence of hypervisor (only cpuid, rdtsc/rdtscp still not supported)
Hi,
some features, CPUID and RDTSC Hooking, are missing in this plugin.
Best regards