ldt_trick invalid detection method same results on 2 VM and 2 bare-metal (win+linux) #259
Description
UCHAR ldtr[5] = "\xef\xbe\xad\xde";
ULONG ldt = 0;
#if defined (ENV32BIT)
_asm sldt ldtr
//asm("sldt %0" : "=g"(ldtr)); //for linux
#endif
ldt = *((unsigned long *)&ldtr[0]);
ldt_base == 0xdead0000 => means bare-metal
kvm/qemu VM and vmware VM and bare-metal-Linux and bare-metal-Windows10(21h2) all return the same results:
vmdetect ldt_trick(32bit)=LDT base: 0xdead0000 //g++ -m32
vmdetect ldt_trick(64bit)=LDT base: 0xdeadbeef
The asm instruction will not be called for 64bit. Changing/Allowing that, returns the same result, as when it's run compiled for 32bit.
Judging from the results, the detection method is invalid.