Zitat von Olli:

So if the IDT base address is at a higher position than 0xD0000000, she concludes to be inside a virtual machine. This conclusion is wrong, even if we would assume for a moment that her claim about the relocated GDTR/IDTR - see the foreword - are right. But despite that, the problem would already arise on multi-processor machines where a test run could give reasonably high addresses for one processor and "normal" ones for the other. Since the redpill.c does not take this into account the result is per-se unreliable. I have also seen some papers that attempted to call the instruction a number of times under the assumption that the result would show an even distribution between the processors. In my opinion this is also not quite the best approach, given that one can easily set the affinity of the process without special privilege requirements.