From 6264d96ca2563c46db866791d712b5555203a2f5 Mon Sep 17 00:00:00 2001 From: Alberto Ortega Date: Wed, 2 Mar 2016 20:27:03 +0100 Subject: [PATCH] Function to read HV vendor information, added to logging --- pafish/cpu.c | 22 ++++++++++++++++++++-- pafish/cpu.h | 1 + pafish/main.c | 16 ++++++++++++---- 3 files changed, 33 insertions(+), 6 deletions(-) diff --git a/pafish/cpu.c b/pafish/cpu.c index dea1614..8ecae79 100644 --- a/pafish/cpu.c +++ b/pafish/cpu.c @@ -31,7 +31,7 @@ static inline unsigned long long rdtsc_diff_vmexit() { } static inline void cpuid_vendor_00(char * vendor) { - int ebx, ecx, edx; + int ebx = 0, ecx = 0, edx = 0; __asm__ volatile("cpuid" \ : "=b"(ebx), \ @@ -44,8 +44,22 @@ static inline void cpuid_vendor_00(char * vendor) { vendor[12] = 0x00; } +static inline void cpuid_hv_vendor_00(char * vendor) { + int ebx = 0, ecx = 0, edx = 0; + + __asm__ volatile("cpuid" \ + : "=b"(ebx), \ + "=c"(ecx), \ + "=d"(edx) \ + : "a"(0x40000000)); + sprintf(vendor , "%c%c%c%c", ebx, (ebx >> 8), (ebx >> 16), (ebx >> 24)); + sprintf(vendor+4, "%c%c%c%c", ecx, (ecx >> 8), (ecx >> 16), (ecx >> 24)); + sprintf(vendor+8, "%c%c%c%c", edx, (edx >> 8), (edx >> 16), (edx >> 24)); + vendor[12] = 0x00; +} + static inline void cpuid_brand(char * brand, uint32_t eax_value) { - int eax, ebx, ecx, edx; + int eax = 0, ebx = 0, ecx = 0, edx = 0; __asm__ volatile("cpuid" \ : "=a"(eax), \ @@ -97,6 +111,10 @@ void cpu_write_vendor(char * vendor) { cpuid_vendor_00(vendor); } +void cpu_write_hv_vendor(char * vendor) { + cpuid_hv_vendor_00(vendor); +} + void cpu_write_brand(char * brand) { int eax; /* Check if Processor Brand String is supported */ diff --git a/pafish/cpu.h b/pafish/cpu.h index 5e36983..fef1317 100644 --- a/pafish/cpu.h +++ b/pafish/cpu.h @@ -9,6 +9,7 @@ int cpu_rdtsc_force_vmexit(); int cpu_hv(); void cpu_write_vendor(char *); +void cpu_write_hv_vendor(char *); void cpu_write_brand(char *); int cpu_known_vm_vendors(); diff --git a/pafish/main.c b/pafish/main.c index 041f811..e2f4e1c 100644 --- a/pafish/main.c +++ b/pafish/main.c @@ -40,7 +40,7 @@ int main(void) { char winverstr[32], aux[1024]; - char cpu_vendor[13], cpu_brand[49]; + char cpu_vendor[13], cpu_hv_vendor[13], cpu_brand[49]; OSVERSIONINFO winver; unsigned short original_colors = 0; @@ -60,15 +60,23 @@ int main(void) /* Get CPU vendor */ cpu_write_vendor(cpu_vendor); + cpu_write_hv_vendor(cpu_hv_vendor); cpu_write_brand(cpu_brand); printf("[*] Windows version: %s\n", winverstr); - printf("[*] CPU: %s %s \n", cpu_vendor, cpu_brand); + printf("[*] CPU: %s\n", cpu_vendor); + if (strlen(cpu_hv_vendor)) + printf(" Hypervisor: %s\n", cpu_hv_vendor); + printf(" CPU brand: %s\n", cpu_brand); snprintf(aux, sizeof(aux) - sizeof(aux[0]), "Windows version: %s", winverstr); write_log(aux); - snprintf(aux, sizeof(aux) - sizeof(aux[0]), "CPU: %s %s", cpu_vendor, - cpu_brand); + if (strlen(cpu_hv_vendor)) + snprintf(aux, sizeof(aux) - sizeof(aux[0]), "CPU: %s (HV: %s) %s", cpu_vendor, + cpu_hv_vendor, cpu_brand); + else + snprintf(aux, sizeof(aux) - sizeof(aux[0]), "CPU: %s %s", cpu_vendor, + cpu_brand); write_log(aux); /* Debuggers detection tricks */