Windows C++ / SIDT, Red Pill
| Author | Unprotect |
| Platform | Windows |
| Language | C++ |
| Technique | SIDT, Red Pill |
Description:
In this code, we use inline assembly to execute the SIDT instruction, which retrieves the value of the IDTR and stores it in the idtr variable. We then check the value of the idtr variable, and if it is non-zero, we conclude that we are running on a virtual machine. In both cases, we print a message indicating the type of machine we are running on. Note that this code is for demonstration purposes only and may not work on all systems.
Code
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <inttypes.h>
int main()
{
// Retrieve the value of the IDTR
uint64_t idtr;
asm volatile (
"sidt %0"
: "=m" (idtr)
);
// Check the value of the IDTR
if (idtr != 0) {
// We are running on a virtual machine
printf("We are running on a virtual machine.\n");
} else {
// We are running on a physical machine
printf("We are running on a physical machine.\n");
}
return 0;
}Created
December 13, 2022
Last Revised
April 22, 2024