Ja, was soll ich sagen ... da hat wohl einer doch nicht meinen ganzen Artikel gelesen. Weil ja Englisch eine schwere Sprache ist, zitiere ich mich hier einfach mal selber auf Englisch:
Zitat von
Olli:
So if the IDT base address is at a higher position than 0xD0000000, she concludes to be inside a virtual machine. This conclusion is wrong, even if we would assume for a moment that her claim about the relocated GDTR/IDTR - see the foreword - are right. But despite that, the problem would already arise on multi-processor machines where a test run could give reasonably high addresses for one processor and "normal" ones for the other. Since the redpill.c does not take this into account the result is per-se unreliable. I have also seen some papers that attempted to call the instruction a number of times under the assumption that the result would show an even distribution between the processors. In my opinion this is also not quite the best approach, given that one can easily set the affinity of the process without special privilege requirements.
http://blog.assarbad.net/wp-content/..._colorless.pdf
Ja, Zacherl, habe mal in dein Programm geschaut und da leider nichts davon gesehen, dass du auf diese Problematik eingehst. Die Ergebnisse hier sind also in etwa so sinnvoll wie Lottozahlen. Neue Variante? Warum gibst du ihnen nicht einfach SIDTcon? Ist kleiner, macht es fuer Kernelmode und Usermode und beachtet die Affinitaet.