cpuid01 判断是否存在虚拟机

#include<ntifs.h>
#include<ntddk.h>
#include<wdm.h>
#include<intrin.h>

#include "ia32.hpp"

template<typename... types>
void print(types... args)
{
	DbgPrintEx(DPFLTR_DEFAULT_ID, DPFLTR_ERROR_LEVEL, args...);
}

void unload(PDRIVER_OBJECT DriverUnload) {
	return;
}

extern "C" NTSTATUS DriverEntry(PDRIVER_OBJECT drv, PUNICODE_STRING reg) {

	drv->DriverUnload = unload;
	
	cpuid_eax_01 eax;
	__cpuid(reinterpret_cast<int*>(&eax), 1);
	if (eax.cpuid_feature_information_ecx.reserved2) {
		print("[+] 存在虚拟机监控程序\n");

		int t[4];
		__cpuid(t, 0x40000001);		//管理程序接口标识
		print("[+] cpuid 40000001  eax 返回 0x%x\n", t[0]); //0x31237648
	}



	return STATUS_SUCCESS;
}