Request for new features - CPUID - RDTSC

Question

Request for new features - CPUID - RDTSC

UnlimitedChild opened this issue 3 years ago · 7 comments

Hi,

some features, CPUID and RDTSC Hooking, are missing in this plugin.

Best regards

Answer 1 · 2021-06-25T10:29:24.000Z

Rdtsc is in my opinion too sensitive to hook so this feature probably won't be implemented. Also what information would you want to hide with cpuid hooking?

Answer 2 · 2021-07-03T13:56:45.000Z

Modern security tools use these methods to detect program debugging. CPUID is used to bind the program execution environment and to perform antidump protection.
hypervisor_example_rdtsc-master.zip

Answer 3 · 2021-07-17T05:54:09.000Z

'CPUID' can detect vm, It will detect the Hypervisor, for this type, it will be treated as a virtual machine environment.

Answer 4 · 2021-07-17T18:45:07.000Z

Detecting VMs using the CPUID instruction - https://github.com/ioncodes/is-vm/blob/master/vm.asm

Answer 5 · 2021-07-17T18:46:09.000Z

'CPUID' can detect vm, It will detect the Hypervisor, for this type, it will be treated as a virtual machine environment.

Does this plugin have nested virtualization support ?!

Answer 6 · 2021-07-18T14:17:27.000Z

'CPUID' can detect vm, It will detect the Hypervisor, for this type, it will be treated as a virtual machine environment.

Does this plugin have nested virtualization support ?!

No, it doesn't have

Answer 7 · 2021-07-19T10:33:24.000Z

Added new feature in HyperHide_2021-07-19 which allow to hide presence of hypervisor (only cpuid, rdtsc/rdtscp still not supported)