You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/documentation.md
+2-3Lines changed: 2 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -480,7 +480,6 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
480
480
|`VM::INTEL_THREAD_MISMATCH`| Check for Intel CPU thread count database if it matches the system's thread count || 95% |||||
481
481
|`VM::XEON_THREAD_MISMATCH`| Same as above, but for Xeon Intel CPUs || 95% |||||
482
482
|`VM::NETTITUDE_VM_MEMORY`| Check for memory regions to detect VM-specific brands | Windows | 100% |||||
483
-
|`VM::CPUID_BITSET`| Check for CPUID technique by checking whether all the bits equate to more than 4000 || 25% |||||
484
483
|`VM::CUCKOO_DIR`| Check for cuckoo directory using crt and WIN API directory functions | Windows | 30% |||||
485
484
|`VM::CUCKOO_PIPE`| Check for Cuckoo specific piping mechanism | Windows | 30% |||||
486
485
|`VM::HYPERV_HOSTNAME`| Check for default Azure hostname format regex (Azure uses Hyper-V as their base VM brand) | Windows, Linux | 30% |||||
@@ -513,14 +512,14 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
513
512
|`VM::GPU_CAPABILITIES`| Check for GPU capabilities related to VMs | Windows | 100% | Admin ||| Admin only needed for some heuristics |
514
513
|`VM::GPU_VM_STRINGS`| Check for specific GPU string signatures related to VMs | Windows | 100% |||||
515
514
|`VM::VM_DEVICES`| Check for VM-specific devices | Windows | 45% |||||
516
-
|`VM::IDT_GDT_MISMATCH`| Check if the IDT and GDT base virtual addresses mismatch between different CPU cores when called from usermode under a root partition| Windows | 50% |||||
515
+
|`VM::IDT_GDT_SCAN`| Check if the IDT and GDT virtual base addresses are equal across different CPU cores when not running under Hyper-V| Windows | 50% |||||
517
516
|`VM::PROCESSOR_NUMBER`| Check for number of processors | Windows | 50% |||||
518
517
|`VM::NUMBER_OF_CORES`| Check for number of cores | Windows | 50% |||||
519
518
|`VM::ACPI_TEMPERATURE`| Check for device's temperature | Windows | 25% |||||
520
519
|`VM::PROCESSOR_ID`| Check if any processor has an empty Processor ID using SMBIOS data | Windows | 25% |||||
521
520
|`VM::SYS_QEMU`| Check for existence of "qemu_fw_cfg" directories within /sys/module and /sys/firmware | Linux | 70% |||||
522
521
|`VM::LSHW_QEMU`| Check for QEMU string instances with lshw command | Linux | 80% |||||
523
-
|`VM::VIRTUAL_PROCESSORS`| Check if the number of maximum virtual processors matches the maximum number of logical processors| Windows | 50% |||||
522
+
|`VM::VIRTUAL_PROCESSORS`| Check if the number of virtual and logical processors are reported correctly by the system| Windows | 50% |||||
524
523
|`VM::HYPERV_QUERY`| Check if a call to NtQuerySystemInformation with the 0x9f leaf fills a _SYSTEM_HYPERVISOR_DETAIL_INFORMATION structure | Windows | 100% |||||
525
524
|`VM::BAD_POOLS`| Check for system pools allocated by hypervisors | Windows | 80% |||||
526
525
|`VM::AMD_SEV`| Check for AMD-SEV MSR running on the system | Linux and MacOS | 50% | Admin ||||
0 commit comments