Virtual Machine Detection

Virtual Box

Ya I know, there are lots of methods to find out is your PC virtualized.
You can analyze IDT, GDT&LDT base adresses, use RDTSC trick…list continues.
But this is what I found out from my researches.

One day i was looking through Mark’s Blog(i hope you know hows it: Mark Russinovich OS Maestro).I found an interesting Post about Computer SID’s, here’s linkSID(Mark’s Blog).

He wrote a programm called PsGetSid.When I saw it, my left part of brain asked,”Do You SMELL anything”,- the right part answered,”It SMELLs like Virtulization detection”, so I downloaded the programm.I was having VirtualBox on PC.

So I runned the prog,and saved the recieved SID.
After I runned it on VirtualBox & Compared with one I had recieved on real PC,I understood that they were DIFFERENT.
I said,”Ho-Ho one more method for adding to detection list”.
After I shutted down my PC & went for sleep.

I’am not trying to proof that this is the best method, but it works.Actually it’s not such a pretty method,because you must have the real computer’s SID.