Detecting VMWare
Interested in how to detect the presence of VMware / VirtualServer I came across this bit of code to detect whether an application is being run in virtual environment.
int swallow_redpill (){
unsigned char m[2+4], rpill[] = “\x0f\x01\x0d\x00\x00\x00\x00\xc3″;
*((unsigned*)&rpill[3]) = (unsigned)m;
((void(*)())&rpill)();
return (m[5]>0xd0) ? 1 : 0;
}
This works by abusing the SIDT instruction which stores the contents of the [...]