(C++) SIDT, Red Pill by Unprotect

Created the Tuesday 13 December 2022. Updated 1 year, 4 months ago.

Description:

In this code, we use inline assembly to execute the SIDT instruction, which retrieves the value of the IDTR and stores it in the idtr variable. We then check the value of the idtr variable, and if it is non-zero, we conclude that we are running on a virtual machine. In both cases, we print a message indicating the type of machine we are running on. Note that this code is for demonstration purposes only and may not work on all systems.

Code

            #include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <inttypes.h>

int main()
{
    // Retrieve the value of the IDTR
    uint64_t idtr;
    asm volatile (
        "sidt %0"
        : "=m" (idtr)
    );

    // Check the value of the IDTR
    if (idtr != 0) {
        // We are running on a virtual machine
        printf("We are running on a virtual machine.\n");
    } else {
        // We are running on a physical machine
        printf("We are running on a physical machine.\n");
    }

    return 0;
}

Download Raw