README
¶
VM Detection
This project is a Go implementation of well-known techniques trying to detect if the program is being run in a virtual machine. There are many C programs already doing this, but none written in pure Go.
See this paper for more details.
Usage
First download the package
$ go get github.com/ShellCode33/VM-Detection/vmdetect
Then see main.go to use it in your own project.
This project is compatible for both Linux and Windows, you can use the following command to cross-compile it :
$ GOOS=windows go build main.go
$ file main.exe
Common techniques
- Look for known mac address prefix
- Look for known interface names
- Look at CPU features using cpuid instruction (cpuid)
GNU/Linux techniques
- Look for known strings in the DMI table
/sys/class/dmi/id/* - Look for hints in the kernel ring buffer
/dev/kmsg - Look for known LKM - Loadable Kernel Modules -
/proc/modules - Check existence of known files
Windows techniques
- Check existence of known registry keys
- Look for known strings in some registry key's content
- Check existence of known files
Credits
Thanks to @hippwn for its contribution
Thanks systemd for being that awesome.
Thanks to CheckPoint's researchers for their wonderful website
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.