User:Combuster/notepad

From OSDev.wiki
Jump to navigation Jump to search

These are my notes from experience. PD code, No warranty etc (i mess up things more than once).

Detecting Emulator

perform DIV test: all common flags are maintained. (0000 08D5)

actually, i got the same result on a real 686, but not on AMDs... seems this test only works properly on 486s or before.
PUSHF
POP EAX
; either clear flags for first test, or set flags for second test. pick one:
; AND AX, (0xffff - 0x8D5)
; OR AX, 0x8D5
PUSH EAX
MOV AX, 5
MOV CL, 2
POPF
DIV CL 
PUSHF
POP EAX
AND EAX, 0x8D5
;AX contains signature

in 16-bit mode, use ax instead of eax

Retrieved from "https://osdev.wiki/wiki/User:Combuster/notepad?oldid=11904"