RDTSC_VMEXIT test is not accurate #53

fameowner99 · 2024-03-17T18:49:35Z

I have slow windows PC and this test say that I am running VM but it's not true.

line 3271 | return (avg >= 1000 || avg == 0);

wrong because I have avg = ~1500.

kernelwernel · 2024-03-17T23:09:48Z

I'll increase the threshold to 1500 then. Thanks for reporting on this 👍

kernelwernel · 2024-03-17T23:19:44Z

bfc28a2

fameowner99 · 2024-03-18T08:39:14Z

But it is somekind of tradeoff.
You don't know which exact value you need to check so it will be false positive or false negative.
Maybe need to think about changing test logic.

kernelwernel · 2024-03-18T14:26:37Z

But it is somekind of tradeoff. You don't know which exact value you need to check so it will be false positive or false negative. Maybe need to think about changing test logic.

in all fairness, some techniques can have false positives in their design. That's why I added a certainty score of the RDTSC_VMEXIT technique to 35%. I could definitely lower it due to what you said, but I sort of need second opinions on what the new certainty score should be (maybe 15?)

kernelwernel added bug Something isn't working good first issue Good for newcomers labels Mar 17, 2024

kernelwernel closed this as completed Mar 17, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RDTSC_VMEXIT test is not accurate #53

RDTSC_VMEXIT test is not accurate #53

fameowner99 commented Mar 17, 2024

kernelwernel commented Mar 17, 2024

kernelwernel commented Mar 17, 2024

fameowner99 commented Mar 18, 2024 •

edited

Loading

kernelwernel commented Mar 18, 2024

RDTSC_VMEXIT test is not accurate #53

RDTSC_VMEXIT test is not accurate #53

Comments

fameowner99 commented Mar 17, 2024

kernelwernel commented Mar 17, 2024

kernelwernel commented Mar 17, 2024

fameowner99 commented Mar 18, 2024 • edited Loading

kernelwernel commented Mar 18, 2024

fameowner99 commented Mar 18, 2024 •

edited

Loading