Lightemerald/windows-user-space-emulator
2
0
Fork 0
mirror of https://github.com/momo5502/emulator.git synced 2026-01-21 04:33:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: spoof rdtsc timings

Browse Source 
Previously, RDTSC in the VM always returned a constant value, which broke any non deterministic timing-based operations, or caused detections in heuristics of malware and ANTI-VM tools.

This patch introduces a spoofed rdtsc_fake counter that tracks and adjusts timing deltas to simulate realistic TSC increments. Can be extended to simulate rdtsc timings based on CPU clock speed.
This commit is contained in:
Soham Nandy
2025-04-10 06:58:01 +05:30
parent 3836f5d381
commit dbc1b4439e
2 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/windows-emulator/windows_emulator.cpp
View File

@@ -448,9 +448,25 @@ void windows_emulator::setup_hooks()
});
this->emu().hook_instruction(x64_hookable_instructions::rdtsc, [&] {
const auto instructions = this->executed_instructions_;
this->emu().reg(x64_register::rax, instructions & 0xFFFFFFFF);
this->emu().reg(x64_register::rdx, (instructions >> 32) & 0xFFFFFFFF);
uint64_t ticks = this->clock_.get()->timestamp_counter();
static uint64_t fake_ticks = ticks;
static uint64_t prev_ticks = 0;
if (prev_ticks != 0)
{
if (ticks > prev_ticks)
{
fake_ticks += (ticks - prev_ticks);
}
}
if (fake_ticks > ticks)
{
fake_ticks = ticks;
}
prev_ticks = ticks;
this->emu().reg(x64_register::rax, fake_ticks & 0xFFFFFFFF);
this->emu().reg(x64_register::rdx, (fake_ticks >> 32) & 0xFFFFFFFF);
return instruction_hook_continuation::skip_instruction;
});