On Mon, Nov 29, 2021 at 12:59:28PM +0000, Anton Belousov wrote: > This update is done to improve virtual machine stealth from malware. There > are AntiVM techniques that use WMI-queries to detect presence of this SMBIOS > tables. Example: > "https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/AntiVM/Generic.cpp";
Aren't there many other hints at whether an OS is running inside of a VM? I could imagine for example the ACPI tables, the list or models of exposed devices, or the cpuid data? Thanks, Roger.
