/**
 * ██╗   ██╗███╗   ███╗ █████╗ ██╗    ██╗ █████╗ ██████╗ ███████╗
 * ██║   ██║████╗ ████║██╔══██╗██║    ██║██╔══██╗██╔══██╗██╔════╝
 * ██║   ██║██╔████╔██║███████║██║ █╗ ██║███████║██████╔╝█████╗  
 * ╚██╗ ██╔╝██║╚██╔╝██║██╔══██║██║███╗██║██╔══██║██╔══██╗██╔══╝  
 *  ╚████╔╝ ██║ ╚═╝ ██║██║  ██║╚███╔███╔╝██║  ██║██║  ██║███████╗
 *   ╚═══╝  ╚═╝     ╚═╝╚═╝  ╚═╝ ╚══╝╚══╝ ╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝
 * 
 *  C++ VM detection library
 * 
 * ===============================================================
 *
 *  This program will scan for IDT values based on the execution
 *  of multiple threads, which allows us to collect IDT information
 *  that could be potentially used for VM detections.
 * 
 * ===============================================================
 * 
 *  - Made by: @Requiem (https://g...content-available-to-author-only...b.com/NotRequiem)
 *  - Repository: https://g...content-available-to-author-only...b.com/kernelwernel/VMAware
 *  - License: GPL 3.0
 */ 
 
#include <iostream>
#include <thread>
#include <vector>
#include <pthread.h>
#include <sched.h>
#include <unistd.h>
 
#ifdef _MSC_VER
#include <intrin.h>
#else
#include <x86intrin.h>
#endif
 
#pragma pack(push, 1)
struct IDTR {
    uint16_t limit;
    uint64_t base;
};
#pragma pack(pop)
 
void print_idt_base() {
    IDTR idtr;
 
#ifdef _MSC_VER
    __sidt(&idtr);
#else
    asm volatile ("sidt %0" : "=m" (idtr));
#endif
 
    uint64_t idt_base = idtr.base;
    std::cout << "Thread ID: " << std::this_thread::get_id() << " | IDT base address: 0x" << std::hex << idt_base << "\n";
}
 
// Function to bind a thread to a specific core on Linux
void set_thread_affinity(unsigned int core_id) {
    cpu_set_t cpuset;
    CPU_ZERO(&cpuset);  // Clear the CPU set
    CPU_SET(core_id, &cpuset);  // Set the desired core
 
    // Get the current thread
    pthread_t current_thread = pthread_self();
 
    // Set thread affinity to the specific core
    if (pthread_setaffinity_np(current_thread, sizeof(cpu_set_t), &cpuset) != 0) {
        std::cerr << "Error setting thread affinity\n";
    }
}
 
// Function to run code on multiple cores
void run_on_multiple_cores(int times) {
    unsigned int num_threads = std::thread::hardware_concurrency();
    std::cout << "Running on " << num_threads << " threads (multiple cores)...\n";
 
    for (int i = 0; i < times; ++i) {
        std::vector<std::thread> threads;
        for (unsigned int j = 0; j < num_threads; ++j) {
            threads.emplace_back([j]() {
                set_thread_affinity(j);  // Bind thread to core j
                print_idt_base();
            });
        }
 
        for (auto& thread : threads) {
            thread.join();
        }
    }
}
 
// Function to run code on a single core
void run_on_single_core(int times) {
    std::cout << "Running on a single core...\n";
    set_thread_affinity(0);  // Bind thread to core 0
 
    for (int i = 0; i < times; ++i) {
        print_idt_base();
    }
}
 
int main() {
    int iterations = 5;
    run_on_multiple_cores(iterations);
    run_on_single_core(iterations);
 
    return 0;
}

LyoqCiAqIOKWiOKWiOKVlyAgIOKWiOKWiOKVl+KWiOKWiOKWiOKVlyAgIOKWiOKWiOKWiOKVlyDilojilojilojilojilojilZcg4paI4paI4pWXICAgIOKWiOKWiOKVlyDilojilojilojilojilojilZcg4paI4paI4paI4paI4paI4paI4pWXIOKWiOKWiOKWiOKWiOKWiOKWiOKWiOKVlwogKiDilojilojilZEgICDilojilojilZHilojilojilojilojilZcg4paI4paI4paI4paI4pWR4paI4paI4pWU4pWQ4pWQ4paI4paI4pWX4paI4paI4pWRICAgIOKWiOKWiOKVkeKWiOKWiOKVlOKVkOKVkOKWiOKWiOKVl+KWiOKWiOKVlOKVkOKVkOKWiOKWiOKVl+KWiOKWiOKVlOKVkOKVkOKVkOKVkOKVnQogKiDilojilojilZEgICDilojilojilZHilojilojilZTilojilojilojilojilZTilojilojilZHilojilojilojilojilojilojilojilZHilojilojilZEg4paI4pWXIOKWiOKWiOKVkeKWiOKWiOKWiOKWiOKWiOKWiOKWiOKVkeKWiOKWiOKWiOKWiOKWiOKWiOKVlOKVneKWiOKWiOKWiOKWiOKWiOKVlyAgCiAqIOKVmuKWiOKWiOKVlyDilojilojilZTilZ3ilojilojilZHilZrilojilojilZTilZ3ilojilojilZHilojilojilZTilZDilZDilojilojilZHilojilojilZHilojilojilojilZfilojilojilZHilojilojilZTilZDilZDilojilojilZHilojilojilZTilZDilZDilojilojilZfilojilojilZTilZDilZDilZ0gIAogKiAg4pWa4paI4paI4paI4paI4pWU4pWdIOKWiOKWiOKVkSDilZrilZDilZ0g4paI4paI4pWR4paI4paI4pWRICDilojilojilZHilZrilojilojilojilZTilojilojilojilZTilZ3ilojilojilZEgIOKWiOKWiOKVkeKWiOKWiOKVkSAg4paI4paI4pWR4paI4paI4paI4paI4paI4paI4paI4pWXCiAqICAg4pWa4pWQ4pWQ4pWQ4pWdICDilZrilZDilZ0gICAgIOKVmuKVkOKVneKVmuKVkOKVnSAg4pWa4pWQ4pWdIOKVmuKVkOKVkOKVneKVmuKVkOKVkOKVnSDilZrilZDilZ0gIOKVmuKVkOKVneKVmuKVkOKVnSAg4pWa4pWQ4pWd4pWa4pWQ4pWQ4pWQ4pWQ4pWQ4pWQ4pWdCiAqIAogKiAgQysrIFZNIGRldGVjdGlvbiBsaWJyYXJ5CiAqIAogKiA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KICoKICogIFRoaXMgcHJvZ3JhbSB3aWxsIHNjYW4gZm9yIElEVCB2YWx1ZXMgYmFzZWQgb24gdGhlIGV4ZWN1dGlvbgogKiAgb2YgbXVsdGlwbGUgdGhyZWFkcywgd2hpY2ggYWxsb3dzIHVzIHRvIGNvbGxlY3QgSURUIGluZm9ybWF0aW9uCiAqICB0aGF0IGNvdWxkIGJlIHBvdGVudGlhbGx5IHVzZWQgZm9yIFZNIGRldGVjdGlvbnMuCiAqIAogKiA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KICogCiAqICAtIE1hZGUgYnk6IEBSZXF1aWVtIChodHRwczovL2cuLi5jb250ZW50LWF2YWlsYWJsZS10by1hdXRob3Itb25seS4uLmIuY29tL05vdFJlcXVpZW0pCiAqICAtIFJlcG9zaXRvcnk6IGh0dHBzOi8vZy4uLmNvbnRlbnQtYXZhaWxhYmxlLXRvLWF1dGhvci1vbmx5Li4uYi5jb20va2VybmVsd2VybmVsL1ZNQXdhcmUKICogIC0gTGljZW5zZTogR1BMIDMuMAogKi8gCgojaW5jbHVkZSA8aW9zdHJlYW0+CiNpbmNsdWRlIDx0aHJlYWQ+CiNpbmNsdWRlIDx2ZWN0b3I+CiNpbmNsdWRlIDxwdGhyZWFkLmg+CiNpbmNsdWRlIDxzY2hlZC5oPgojaW5jbHVkZSA8dW5pc3RkLmg+CgojaWZkZWYgX01TQ19WRVIKI2luY2x1ZGUgPGludHJpbi5oPgojZWxzZQojaW5jbHVkZSA8eDg2aW50cmluLmg+CiNlbmRpZgoKI3ByYWdtYSBwYWNrKHB1c2gsIDEpCnN0cnVjdCBJRFRSIHsKICAgIHVpbnQxNl90IGxpbWl0OwogICAgdWludDY0X3QgYmFzZTsKfTsKI3ByYWdtYSBwYWNrKHBvcCkKCnZvaWQgcHJpbnRfaWR0X2Jhc2UoKSB7CiAgICBJRFRSIGlkdHI7CgojaWZkZWYgX01TQ19WRVIKICAgIF9fc2lkdCgmaWR0cik7CiNlbHNlCiAgICBhc20gdm9sYXRpbGUgKCJzaWR0ICUwIiA6ICI9bSIgKGlkdHIpKTsKI2VuZGlmCgogICAgdWludDY0X3QgaWR0X2Jhc2UgPSBpZHRyLmJhc2U7CiAgICBzdGQ6OmNvdXQgPDwgIlRocmVhZCBJRDogIiA8PCBzdGQ6OnRoaXNfdGhyZWFkOjpnZXRfaWQoKSA8PCAiIHwgSURUIGJhc2UgYWRkcmVzczogMHgiIDw8IHN0ZDo6aGV4IDw8IGlkdF9iYXNlIDw8ICJcbiI7Cn0KCi8vIEZ1bmN0aW9uIHRvIGJpbmQgYSB0aHJlYWQgdG8gYSBzcGVjaWZpYyBjb3JlIG9uIExpbnV4CnZvaWQgc2V0X3RocmVhZF9hZmZpbml0eSh1bnNpZ25lZCBpbnQgY29yZV9pZCkgewogICAgY3B1X3NldF90IGNwdXNldDsKICAgIENQVV9aRVJPKCZjcHVzZXQpOyAgLy8gQ2xlYXIgdGhlIENQVSBzZXQKICAgIENQVV9TRVQoY29yZV9pZCwgJmNwdXNldCk7ICAvLyBTZXQgdGhlIGRlc2lyZWQgY29yZQoKICAgIC8vIEdldCB0aGUgY3VycmVudCB0aHJlYWQKICAgIHB0aHJlYWRfdCBjdXJyZW50X3RocmVhZCA9IHB0aHJlYWRfc2VsZigpOwoKICAgIC8vIFNldCB0aHJlYWQgYWZmaW5pdHkgdG8gdGhlIHNwZWNpZmljIGNvcmUKICAgIGlmIChwdGhyZWFkX3NldGFmZmluaXR5X25wKGN1cnJlbnRfdGhyZWFkLCBzaXplb2YoY3B1X3NldF90KSwgJmNwdXNldCkgIT0gMCkgewogICAgICAgIHN0ZDo6Y2VyciA8PCAiRXJyb3Igc2V0dGluZyB0aHJlYWQgYWZmaW5pdHlcbiI7CiAgICB9Cn0KCi8vIEZ1bmN0aW9uIHRvIHJ1biBjb2RlIG9uIG11bHRpcGxlIGNvcmVzCnZvaWQgcnVuX29uX211bHRpcGxlX2NvcmVzKGludCB0aW1lcykgewogICAgdW5zaWduZWQgaW50IG51bV90aHJlYWRzID0gc3RkOjp0aHJlYWQ6OmhhcmR3YXJlX2NvbmN1cnJlbmN5KCk7CiAgICBzdGQ6OmNvdXQgPDwgIlJ1bm5pbmcgb24gIiA8PCBudW1fdGhyZWFkcyA8PCAiIHRocmVhZHMgKG11bHRpcGxlIGNvcmVzKS4uLlxuIjsKCiAgICBmb3IgKGludCBpID0gMDsgaSA8IHRpbWVzOyArK2kpIHsKICAgICAgICBzdGQ6OnZlY3RvcjxzdGQ6OnRocmVhZD4gdGhyZWFkczsKICAgICAgICBmb3IgKHVuc2lnbmVkIGludCBqID0gMDsgaiA8IG51bV90aHJlYWRzOyArK2opIHsKICAgICAgICAgICAgdGhyZWFkcy5lbXBsYWNlX2JhY2soW2pdKCkgewogICAgICAgICAgICAgICAgc2V0X3RocmVhZF9hZmZpbml0eShqKTsgIC8vIEJpbmQgdGhyZWFkIHRvIGNvcmUgagogICAgICAgICAgICAgICAgcHJpbnRfaWR0X2Jhc2UoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgfQoKICAgICAgICBmb3IgKGF1dG8mIHRocmVhZCA6IHRocmVhZHMpIHsKICAgICAgICAgICAgdGhyZWFkLmpvaW4oKTsKICAgICAgICB9CiAgICB9Cn0KCi8vIEZ1bmN0aW9uIHRvIHJ1biBjb2RlIG9uIGEgc2luZ2xlIGNvcmUKdm9pZCBydW5fb25fc2luZ2xlX2NvcmUoaW50IHRpbWVzKSB7CiAgICBzdGQ6OmNvdXQgPDwgIlJ1bm5pbmcgb24gYSBzaW5nbGUgY29yZS4uLlxuIjsKICAgIHNldF90aHJlYWRfYWZmaW5pdHkoMCk7ICAvLyBCaW5kIHRocmVhZCB0byBjb3JlIDAKCiAgICBmb3IgKGludCBpID0gMDsgaSA8IHRpbWVzOyArK2kpIHsKICAgICAgICBwcmludF9pZHRfYmFzZSgpOwogICAgfQp9CgppbnQgbWFpbigpIHsKICAgIGludCBpdGVyYXRpb25zID0gNTsKICAgIHJ1bl9vbl9tdWx0aXBsZV9jb3JlcyhpdGVyYXRpb25zKTsKICAgIHJ1bl9vbl9zaW5nbGVfY29yZShpdGVyYXRpb25zKTsKCiAgICByZXR1cm4gMDsKfQ==

Cg==