Scripts used to disguise QEMU / KVM virtual machines from malware (or anticheats). These scripts are particularly useful for developers working with virtualization technologies who want to obfuscate the presence of virtual environments.
This script searches for common VM or hypervisor references in the specified source directory.
Usage:
./find_trace_strings.sh [SOURCE_DIRECTORY]If no source directory is provided, it defaults to the current directory.
Search Patterns:
- QEMU
- Bochs
- KVMKVMKVM
- KVM
- BXPC
- GenuineIntel
- AuthenticAMD
- QEMU HARDDISK
- QEMU DVD-ROM
- QEMU MICRODRIVE
- Bochs Pseudo
This script replaces references to QEMU, Bochs, and related markers with custom strings. It's intended to be run in the QEMU source directory.
Usage:
./remove-qemu-traces.shReplacement Patterns:
- Replace CPU identifiers with custom CPU names
- Replace QEMU HARDDISK with custom hard disk names
- Replace QEMU DVD-ROM with custom DVD-ROM names
- Replace Bochs CPU identifiers with custom names
- Replace dates and manufacturer strings
Feel free to submit issues or pull requests if you have suggestions or improvements.