Merge pull request #69 from kernelwernel/dev

Dev

Author: kernelwernel

.github/workflows/build_run_win_32.bat

@@ -2,7 +2,7 @@ echo on
 cd "%~dp0..\.."
 mkdir build
 cd build
-cmake -G "Visual Studio 17 2022" -A Win32 -S ..
+cmake -DCMAKE_BUILD_TYPE=Debug -G "Visual Studio 17 2022" -A Win32 -S ..
 "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\devenv.com" "VMAware.sln" /Build "Release|Win32" /Project "vmaware" /ProjectConfig "Release|Win32"
 cd Release
 vmaware.exe

.github/workflows/build_run_win_64.bat

@@ -2,7 +2,7 @@ echo on
 cd "%~dp0..\.."
 mkdir build
 cd build
-cmake -G "Visual Studio 17 2022" -A x64 -S ..
+cmake -DCMAKE_BUILD_TYPE=Debug -G "Visual Studio 17 2022" -A x64 -S ..
 "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\devenv.com" "VMAware.sln" /Build "Release|x64" /Project "vmaware" /ProjectConfig "Release|x64"
 cd Release
 vmaware.exe

CMakeLists.txt

@@ -47,7 +47,7 @@ set(TARGET "vmaware")
 if (MSVC)
     if(CMAKE_BUILD_TYPE MATCHES "Debug")
         MESSAGE(STATUS "Build set to debug mode")
-        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /Od /RTC1 /debug")
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /Od /debug")
     elseif(CMAKE_BUILD_TYPE MATCHES "Release")
         MESSAGE(STATUS "Build set to release mode")
         set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /O2")

README.md

@@ -150,7 +150,7 @@ And if you found this project useful, a star would be appreciated :)
 - Tom Liston + Ed Skoudis
 - [Tobias Klein](https://www.trapkit.de/index.html)
 - [(S21sec) Alfredo Omella](https://www.s21sec.com/)
-- [(eEye Digital Security) Derek Soeder]()
+- [hfiref0x](https://github.com/hfiref0x)
 
 <br>
 

TODO.md

@@ -18,10 +18,15 @@
 - [ ] fix memoization
 - [X] add a python script to automatically set the lines of the seperate sections in the header
 - [ ] add C++20 concepts for the VM::add_custom() function
-- [ ] check for valid monitor technique
+- [X] check for valid monitor technique
 - [ ] fix the is_admin code for windows
-- [ ] test it on compiler explorer with windows 32-bit settings
+- [X] test it on compiler explorer with windows 32-bit settings
+- [ ] upload the lib to dnf 
+- [ ] upload the lib to apt 
+- [X] add ARM support
+- [ ] look into what `fv-az663-325` is
+- [ ] implement techniques from [here](https://labs.nettitude.com/blog/vm-detection-tricks-part-3-hyper-v-raw-network-protocol/)
+- [ ] add multiple choice for VM::brand()
 
 # Distant plans
-- add ARM support
 - add the library to conan.io when released

docs/documentation.md

@@ -79,11 +79,18 @@ int main() {
 This will essentially return the VM brand as a `std::string`. The exact possible brand string return values are: 
 - `VMware`
 - `VirtualBox`
+- `VMware`
+- `VMware Express`
+- `VMware ESX`
+- `VMware GSX`
+- `VMware Workstation`
 - `bhyve`
 - `KVM`
 - `QEMU`
 - `QEMU+KVM`
 - `Microsoft Hyper-V`
+- `Virtual PC`
+- `Microsoft Virtual PC/Hyper-V`
 - `Microsoft x86-to-ARM`
 - `Parallels`
 - `Xen HVM`
@@ -94,7 +101,6 @@ This will essentially return the VM brand as a `std::string`. The exact possible
 - `Docker`
 - `Wine`
 - `Virtual Apple`
-- `Virtual PC`
 - `Anubis`
 - `JoeBox`
 - `Thread Expert`
@@ -267,9 +273,9 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
 | `VM::PARALLELS_VM` | Check for indications of Parallels VM | Windows | 50% |  |  |
 | `VM::RDTSC_VMEXIT` | Check for RDTSC technique with VMEXIT | Yes | 50% |  |  |
 | `VM::LOADED_DLLS` | Check for DLLs of multiple VM brands | Windows | 75% |  | GPL |
-| `VM::QEMU_BRAND` | Check for QEMU CPU brand with cpuid | Yes | 100% |  |   |
+| `VM::QEMU_BRAND` | Check for QEMU CPU brand with cpuid | Yes | 100% |  |  |
 | `VM::BOCHS_CPU` | Check for Bochs cpuid emulation oversights | Yes | 95% |  |  |
-| `VM::VPC_BOARD` | Check for VPC specific string in motherboard manufacturer | Windows | 20% |  |   |
+| `VM::VPC_BOARD` | Check for VPC specific string in motherboard manufacturer | Windows | 20% |  |  |
 | `VM::HYPERV_WMI` | Check for Hyper-V wmi output | Windows | 80% |  |  |
 | `VM::HYPERV_REG` | Check for Hyper-V strings in registry | Windows | 80% |  |  |
 | `VM::BIOS_SERIAL` | Check if BIOS serial number is null | Windows | 60% |  |  |

src/cli.cpp

@@ -218,7 +218,7 @@ int main(int argc, char* argv[]) {
         checker(VM::HYPERV_REG, "Hyper-V registry");
         checker(VM::HYPERV_WMI, "Hyper-V WMI output");
         checker(VM::VBOX_FOLDERS, "VirtualBox shared folders");
-        checker(VM::VBOX_MSSMBIOS, "VirtualBox MSSMBIOS");
+        checker(VM::MSSMBIOS, "MSSMBIOS");
         checker(VM::MAC_MEMSIZE, "MacOS hw.memsize");
         checker(VM::MAC_IOKIT, "MacOS registry IO-kit");
         checker(VM::IOREG_GREP, "IO registry grep");
@@ -247,15 +247,15 @@ int main(int argc, char* argv[]) {
         checker(VM::VMWARE_IOPORTS, "/proc/ioports file");
         checker(VM::VMWARE_SCSI, "/proc/scsi/scsi file");
         checker(VM::VMWARE_DMESG, "VMware dmesg");
-        checker(VM::VMWARE_EMULATION, "VMware emulation mode");
         checker(VM::VMWARE_STR, "STR instruction");
         checker(VM::VMWARE_BACKDOOR, "VMware IO port backdoor");
-        checker(VM::SMSW, "SMSW instruction");
         checker(VM::VMWARE_PORT_MEM, "VMware port memory");
+        checker(VM::SMSW, "SMSW instruction");
+        checker(VM::MUTEX, "mutex strings");
 
         std::printf("\n");
 
-        const std::string brand = VM::brand();
+        const std::string brand = VM::brand(VM::MULTIPLE);
 
         std::cout << "VM brand: " << (brand == "Unknown" ? red : green) << brand << ansi_exit << "\n";
 
@@ -309,7 +309,7 @@ int main(int argc, char* argv[]) {
             version();
             return 0;
         } else if (cmp(arg, "-b") || cmp(arg, "--brand")) {
-            std::cout << VM::brand() << "\n";
+            std::cout << VM::brand(VM::MULTIPLE) << "\n";
             return 0;
         } else if (cmp(arg, "-p") || cmp(arg, "--percent")) {
             std::cout << static_cast<std::uint32_t>(VM::percentage()) << "\n";