二进制安全游戏安全C/C++汇编 [20200]BE开始使用xgetbv与xsetbv指令检测虚拟机 ```cpp __int64 __fastcall sub_FFFFF8007E3FBF7A(__int64 a1, __int64 a2, __int64 a3, __int64 a4, __int128 *a5) { int v5; // edx int v6; // ecx int v7; // er8 int v8; // er9 __int64 result; // rax ((void (*)(void))loc_FFFFF8007E378864)(); __asm { xgetbv } ((void (*)(void))loc_FFFFF8007E33F6D6)(); __asm { xsetbv } ((void (*)(void))loc_FFFFF8007E32C136)(); ((void (*)(void))loc_FFFFF8007E31B5A2)(); LODWORD(result) = __indword(v5); return sub_FFFFF8007E3FBFAB(v6, v5, v7, v8, a5); } ``` xgetbv与xsetbv指令被用于类似于之前的检查一样的时间测试. > Seems that there are two others found after more thorough analysis. Using xgetbv/xsetbv in a loop similar to the one in the article. XSETBV is an unconditionally exiting instruction so naturally it fits for the time based attack. 阅读全文 2020-09-06 huoji 0 条评论
