Merge branch 'main' of https://github.com/NotRequiem/VMAware

Author: Requiem

assets/demo.png

@@ -467,6 +467,9 @@ static const char* color(const u8 score) {
         nsjail
         DBVM
         UTM
+        Compaq FX!32
+        Insignia RealPC
+        Connectix Virtual PC
         )";
     std::exit(0);
 }
@@ -647,6 +650,9 @@ static const char* get_vm_description(const std::string& vm_brand) {
         { brands::NSJAIL, "nsjail is a process isolation tool for Linux. It utilizes Linux namespace subsystem, resource limits, and the seccomp-bpf syscall filters of the Linux kernel. It can be used for isolating networking services, CTF challenges, and containing invasive syscall-level OS fuzzers." },
         { brands::DBVM, "DBVM is a ultra-lightweight virtual machine host that makes Windows run in a virtual machine so that Cheat Engine can operate at a higher level than the OS using a device driver. Instead of virtualizing devices it generally passes on interrupts unaltered meaning it has a very small impact on performance." },
         { brands::UTM, "UTM for macOS is a free, open-source virtualization and emulation app that brings full-featured virtual machines to both Intel and Apple Silicon Macs. It employs Apple's Hypervisor virtualization framework to run ARM64 operating systems on Apple Silicon at near native speeds. On other architectures, it employs software emulation through QEMU." },
+        { brands::COMPAQ, "Compaq FX!32 is an emulator that is designed to run Win32 programs for the DEC instruction set architecture. Released in 1996, it was developed by developed by Digital Equipment Corporation (DEC) to support their Alpha microprocessors. It analyzed the way programs worked and, after the program ran, used binary translation to produce dynamic-link library (DLL) files of native Alpha code that the application could execute the next time it ran." },
+        { brands::INSIGNIA, "RealPC was an emulator for the Macintosh line of PCs. It emulated a Pentium-based PC to run Windows NT, Windows 95, and Windows 98 programs. It was discontinued in 2003." },
+        { brands::CONNECTIX, "Connectix VirtualPC was the predecessor to Microsoft's VirtualPC. Originally developed as a Macintosh application for System 7.5 and released by Connectix in June 1997, it supported various OS's such as Linux and old versions of Windows. It was bought by Microsoft in February 2003." },
         { brands::NULL_BRAND, "Indicates no detectable virtualization brand. This result may occur on bare-metal systems, unsupported/obscure hypervisors, or when anti-detection techniques (e.g., VM escaping) are employed by the guest environment." }
     };
 
@@ -1002,10 +1008,6 @@ static void general(
 
     std::printf("\n");
 
-#ifdef __VMAWARE_DEBUG__
-    std::cout << "[DEBUG] theoretical maximum points: " << VM::total_points << "\n";
-#endif
-
     // struct containing the whole overview of the VM data
     VM::vmaware vm(VM::MULTIPLE, high_threshold, all, dynamic);
 

src/cli.cpp

@@ -518,6 +518,9 @@ namespace brands {
     static constexpr const char* NSJAIL = "nsjail";
     static constexpr const char* DBVM = "DBVM";
     static constexpr const char* UTM = "UTM";
+    static constexpr const char* COMPAQ = "Compaq FX!32";
+    static constexpr const char* INSIGNIA = "Insignia RealPC";
+    static constexpr const char* CONNECTIX = "Connectix Virtual PC";
 }
 
 #if (VMA_CPP >= 17)
@@ -659,7 +662,6 @@ struct VM {
     static constexpr u8 settings_count = MULTIPLE - HIGH_THRESHOLD + 1; // get number of settings technique flags
     static constexpr u8 INVALID = 255; // explicit invalid technique macro
     static constexpr u16 base_technique_count = HIGH_THRESHOLD; // original technique count, constant on purpose (can also be used as a base count value if custom techniques are added)
-    static constexpr u16 maximum_points = 5510; // theoretical total points if all VM detections returned true (which is practically impossible)
     static constexpr u16 threshold_score = 150; // standard threshold score
     static constexpr u16 high_threshold_score = 300; // new threshold score from 150 to 300 if VM::HIGH_THRESHOLD flag is enabled
     static constexpr bool SHORTCUT = true; // macro for whether VM::core::run_all() should take a shortcut by skipping the rest of the techniques if the threshold score is already met
@@ -684,6 +686,7 @@ struct VM {
     // this is specifically meant for VM::detected_count() to 
     // get the total number of techniques that detected a VM
     static u8 detected_count_num; 
+    static u16 technique_count; // get total number of techniques
 
     static std::vector<enum_flags> disabled_techniques;
 
@@ -1086,7 +1089,10 @@ struct VM {
                 {"IntelTDX    ", brands::INTEL_TDX},
                 {"LKVMLKVMLKVM", brands::LKVM},
                 {"Neko Project", brands::NEKO_PROJECT},
-                {"NoirVisor ZT", brands::NOIRVISOR}
+                {"NoirVisor ZT", brands::NOIRVISOR},
+                {"Compaq FX!32", brands::COMPAQ},
+                {"Insignia 586", brands::INSIGNIA},
+                {"ConnectixCPU", brands::CONNECTIX}
             };
 
             const auto it = brand_map.find(brand_str);
@@ -4308,6 +4314,11 @@ struct VM {
     #else
         const std::string& brand = cpu::get_brand();
 
+        // easy shortcut for QEMU
+        if (brand.rfind("QEMU Virtual CPU version", 0) == 0) {
+            return core::add(brands::QEMU);
+        }
+
         struct cstrview {
             const char* data;
             std::size_t size;
@@ -12170,10 +12181,6 @@ struct VM {
         // flags above, and get a total score 
         const u16 points = core::run_all(flags, SHORTCUT);
 
-    #if (VMA_CPP >= 23)
-        [[assume(points < maximum_points)]];
-    #endif
-
         u16 threshold = threshold_score;
 
         // if high threshold is set, the bar
@@ -12212,10 +12219,6 @@ struct VM {
         // flags above, and get a total score
         const u16 points = core::run_all(flags, SHORTCUT);
 
-    #if (VMA_CPP >= 23)
-        [[assume(points < maximum_points)]];
-    #endif
-
         u8 percent = 0;
         u16 threshold = threshold_score;
 
@@ -12574,6 +12577,9 @@ struct VM {
             { brands::BOCHS, "Emulator" },
             { brands::BLUESTACKS, "Emulator" },
             { brands::NEKO_PROJECT, "Emulator" },
+            { brands::COMPAQ, "Emulator" },
+            { brands::INSIGNIA, "Emulator" },
+            { brands::CONNECTIX, "Emulator" },
             { brands::QEMU, "Emulator/Hypervisor (type 2)" },
             { brands::JAILHOUSE, "Partitioning Hypervisor" },
             { brands::UNISYS, "Partitioning Hypervisor" },
@@ -12833,12 +12839,6 @@ struct VM {
 
     };
     #pragma pack(pop)
-
-
-    static u16 technique_count; // get total number of techniques
-#ifdef __VMAWARE_DEBUG__
-    static u16 total_points;
-#endif
 };
 
 // ============= EXTERNAL DEFINITIONS =============
@@ -12926,6 +12926,9 @@ std::array<VM::core::brand_entry, VM::core::MAX_BRANDS> VM::core::brand_scoreboa
     insert(brands::NSJAIL);
     insert(brands::DBVM);
     insert(brands::UTM);
+    insert(brands::COMPAQ);
+    insert(brands::INSIGNIA);
+    insert(brands::CONNECTIX);
     insert(brands::NULL_BRAND);
 
     return arr;
@@ -12962,10 +12965,6 @@ std::size_t VM::memo::leaf_cache::next_index = 0;
 const char* VM::core::last_detected_brand = nullptr;
 VM::u8 VM::core::last_detected_score = 0;
 
-#ifdef __VMAWARE_DEBUG__
-VM::u16 VM::total_points = 0;
-#endif
-
 // these are basically the base values for the core::arg_handler function.
 // It's like a bucket that will collect all the bits enabled. If for example 
 // VM::detect(VM::HIGH_THRESHOLD) is passed, the HIGH_THRESHOLD bit will be