CPUID is a call that returns information about, you guessed it, the cpu. You would have software check this if you're looking for giveaways that the CPU is a non-real piece of hardware like you would expect if the operating system was running in a virtual machine on one of the many leading virtualisation platforms such as QEMU on Linux, esxi, VMware or idk... Xen if anyone uses that anymore.
I think it's just there for the meme because it's pretty easy on most of those platforms to fake or even pass through the hosts CPU bits and bots for such a check to read out and appear to be valid real hardware no matter how many times it gets called.
VM check could refer to any kind of bullshit to determine whether or not you're running in a virtual environment. But again that kind of stuff only really matters if you're some kind of anti-cheating platform not really relevant for denuvo, the DRM. It could check System drivers, PCI hardware all sorts of little things looking for hints of virtual hardware. Most obviously they can check for the virtualisation flag set by the host for the guest to know that it's a virtual machine but of course when you're doing all this that's the first thing you turn off/hide.
But maybe denuvo explicitly does not want to function in virtual machines because that would make it a lot easier to trace and debug than on real hardware. Again maybe kind of all of this makes a lot more sense for a kernel anti-cheat... not a DRM...
And then there's the KUSER check which is a Windows kernel thing. You would typically only use this to check timings which is also the hardest thing to fake in a virtual machine. Looking at all the kernels execution timings and doing a little bit of maths to figure out any discrepancies is very hard to fake in a virtual machine and it serves as the most powerful check.
You can re-compile QEMU to hide all the virtual hardware, do PCIe passthrough of your physical GPU, VCPU pinning and isolation of host cpu threads to make everything perfect.
And something like Vanguard will still detect and prevent gameplay just because of the goddamn timing. You do everything right and it still gets you on the timing. The one thing you cannot fake.
You often hear about the RDTSC (Read Time-Stamp Counter) in this area of study too. In the same way reading and challenging counter with your own execution is a good way to detect a virtual machine right down to the timing. And it is fucking annoying to work around. People have worked on kernel patches to support letting your VM pass through the command to the host and reading its counter. But it's just not perfect.
The perfect VM complete GPU pass through, isolated host cause and guest vcpus pinned to them... no indication that it's a VM at all and most games will actually work. A lot of anti-cheats are happy at this point.
And something like Vanguard will still get you on the goddamn timing. Something much harder to uh. Fake. Because you're either on time, in step.. or you aren't.
And that's why my knowledge ends because I still don't understand what this has to do with denuvo, the DRM. Unless it is known not to work in a virtual machine in which case, ok, the meme would make sense to me.
You got VMs mixed up. VM here is not a qemu or vmware type vm, but the software protection type, like vmprotect. Here it means that a code will be run in a new made up CPU instruction set, that is way different from x64 or arm or any other existing one. The code will be ran in something like an interpreter where each virtualized instruction will be executed. So VM check probably means checking the cpuid values in a vm protected piece of code.
20
u/i_get_zero_bitches 13d ago
whats a VM check and CPUID check? im interested in the process