The output EAX register should be a number between 0x40000001 and 0x400000FF (as all protocol-compliant virtual machines are required to implement at least functions 0x40000000 and 0x40000001).Įven this is slightly bogus, because the real hardware specifications don't explicitly guarantee that on real hardware EAX will be 0x40000000. The proper official detection mechanism is to follow the bit #31 check by executing CPUID with the EAX register set to 0x400000005. As such, Microsoft's "official" detection mechanism is bogus. That includes not counting on the fact of it being zero on real hardware. Intel's specification even explicitly states that one should not count on the value of the bit. Both Intel's2 and AMD's3 CPUID specifications state that bit #31 of the ECX register is reserved. It's also the official detection mechanism for VMWare6.īut here Microsoft and VMWare are incorrectly relying upon an accident of hardware implementation. This is indeed the official Hypervisor detection mechanism. Printf( "MMX - %s \n ", cpuid.EDX() & ( 1 Īccording to Microsoft4, a flag bit in the ECX register (bit #31, "Hypervisor present"), after executing CPUID with the EAX register set to 0x000000001, will be set to 1 in a (Microsoft) virtual machine and set to 0 on real hardware. tests bit 23 of ECX for popcnt instruction support
ECX is set to zero for CPUID function 4Ĭonst uint32_t & EAX() const Void _cpuidex( int CPUInfo, int InfoType, int ECXValue)