Detecting the Presence of Virtual Machines Using the Local Data Table – This paper describes a method for determining the presence of virtual machine emulation in a non-privileged operating environment. This attack is useful for triggering anti-virtualization attacks and evading analysis.
You can download it from the following link: https://packetstormsecurity.com/files/download/44823/vm.pdf
Source: https://packetstormsecurity.com/files/44823/vm.pdf.html