4949 *
5050 *
5151 * ============================== SECTIONS ==================================
52- * - enums for publicly accessible techniques => line 578
53- * - struct for internal cpu operations => line 762
54- * - struct for internal memoization => line 1234
55- * - struct for internal utility functions => line 1359
56- * - struct for internal core components => line 9837
57- * - start of VM detection technique list => line 2362
58- * - start of public VM detection functions => line 10512
59- * - start of externally defined variables => line 11462
52+ * - enums for publicly accessible techniques => line 572
53+ * - struct for internal cpu operations => line 756
54+ * - struct for internal memoization => line 1227
55+ * - struct for internal utility functions => line 1351
56+ * - struct for internal core components => line 9817
57+ * - start of VM detection technique list => line 2352
58+ * - start of public VM detection functions => line 10481
59+ * - start of externally defined variables => line 11420
6060 *
6161 *
6262 * ============================== EXAMPLE ===================================
384384#include < psapi.h>
385385#include < shlwapi.h>
386386#include < shlobj_core.h>
387- #include < dshow.h>
388- #include < io.h>
389387#include < winspool.h>
390388#include < powerbase.h>
391389#include < setupapi.h>
392- #include < mmdeviceapi.h>
393- #include < Functiondiscoverykeys_devpkey.h>
394390#include < mmsystem.h>
395- #include < queue>
396391#include < dxgi.h>
397392#include < d3d9.h>
398393
@@ -7328,6 +7323,7 @@ struct VM {
73287323 * @brief Check for specific GPU string signatures related to VMs
73297324 * @category Windows
73307325 * @author Requiem (https://github.com/NotRequiem)
7326+ * @author dmfrpro (https://github.com/dmfrpro) (VDD detection)
73317327 * @note utoshu did this with WMI in a removed technique (VM::GPU_CHIPTYPE)
73327328 * @implements VM::GPU_VM_STRING
73337329 */
@@ -7341,14 +7337,17 @@ struct VM {
73417337 size_t length;
73427338 };
73437339
7344- constexpr std::array<VMGpuInfo, 7 > vm_gpu_names = { {
7340+ constexpr std::array<VMGpuInfo, 10 > vm_gpu_names = { {
73457341 { L" VMware SVGA 3D" 14 },
73467342 { L" VirtualBox Graphics Adapter" 27 },
73477343 { L" QXL GPU" 7 },
73487344 { L" VirGL 3D" 8 },
73497345 { L" Microsoft Hyper-V Video" 23 },
73507346 { L" Parallels Display Adapter (WDDM)" 32 },
7351- { L" Bochs Graphics Adapter" 22 }
7347+ { L" Bochs Graphics Adapter" 22 },
7348+ { L" Bochs Graphics Adapter" 22 },
7349+ { L" Virtual Display Driver" 22 },
7350+ { L" IddSampleDriver Device" 22 }
73527351 } };
73537352
73547353 DISPLAY_DEVICEW dd{};
@@ -7367,8 +7366,11 @@ struct VM {
73677366 const char * brand = entry.brand ;
73687367 const size_t len = entry.length ;
73697368#endif
7370- if (deviceStrLen == len && wcscmp (deviceStr, name) == 0 ) {
7371- return core::add (brand);;
7369+ if (deviceStrLen == len && wcscmp (deviceStr, name) == 0 ) {
7370+ char * castedName = (char *)calloc (len, sizeof (char ));
7371+ size_t ret = wcstombs (castedName, name, len);
7372+ castedName[ret] = ' \0 '
7373+ return core::add (brand);
73727374 }
73737375 }
73747376
@@ -7667,7 +7669,7 @@ struct VM {
76677669 newParam.sched_priority = sched_get_priority_max (SCHED_FIFO);
76687670
76697671 if (sched_setscheduler (0 , SCHED_FIFO, &newParam) == -1 ) {
7670- hasSchedPriority = false ;
7672+ hasSchedPriority = false ;
76717673 }
76727674 }
76737675#endif
@@ -7905,7 +7907,7 @@ struct VM {
79057907 ? (tscCore2 - tscCore1)
79067908 : (tscCore1 - tscCore2);
79077909
7908- if (diff < tscSyncDiffThreshold) {
7910+ if (diff < tscSyncDiffThreshold) {
79097911 tscIssueCount++;
79107912 }
79117913 }
@@ -10732,8 +10734,6 @@ struct VM {
1073210734 // brand is "Azure Hyper-V" instead of just "Hyper-V". So what
1073310735 // this section does is "merge" the brands together to form
1073410736 // a more accurate idea of the brand(s) involved.
10735-
10736-
1073710737 merge (TMP_AZURE, TMP_HYPERV, TMP_AZURE);
1073810738 merge (TMP_AZURE, TMP_VPC, TMP_AZURE);
1073910739 merge (TMP_AZURE, TMP_HYPERV_VPC, TMP_AZURE);
@@ -10994,112 +10994,112 @@ struct VM {
1099410994 */
1099510995 [[nodiscard]] static std::string flag_to_string (const enum_flags flag) {
1099610996 switch (flag) {
10997- case VMID: return " VMID"
10998- case CPU_BRAND: return " CPU_BRAND"
10999- case HYPERVISOR_BIT: return " HYPERVISOR_BIT"
11000- case HYPERVISOR_STR: return " HYPERVISOR_STR"
11001- case TIMER: return " TIMER"
11002- case THREADCOUNT: return " THREADCOUNT"
11003- case MAC: return " MAC"
11004- case TEMPERATURE: return " TEMPERATURE"
11005- case SYSTEMD: return " SYSTEMD"
11006- case CVENDOR: return " CVENDOR"
11007- case CTYPE: return " CTYPE"
11008- case DOCKERENV: return " DOCKERENV"
11009- case DMIDECODE: return " DMIDECODE"
11010- case DMESG: return " DMESG"
11011- case HWMON: return " HWMON"
11012- case SIDT5: return " SIDT5"
11013- case DLL: return " DLL"
11014- case REGISTRY: return " REGISTRY"
11015- case VM_FILES: return " VM_FILES"
11016- case HWMODEL: return " HWMODEL"
11017- case DISK_SIZE: return " DISK_SIZE"
11018- case VBOX_DEFAULT: return " VBOX_DEFAULT"
11019- case VBOX_NETWORK: return " VBOX_NETWORK"
11020- case VM_PROCESSES: return " VM_PROCESSES"
11021- case LINUX_USER_HOST: return " LINUX_USER_HOST"
11022- case GAMARUE: return " GAMARUE"
11023- case BOCHS_CPU: return " BOCHS_CPU"
11024- case MSSMBIOS: return " MSSMBIOS"
11025- case MAC_MEMSIZE: return " MAC_MEMSIZE"
11026- case MAC_IOKIT: return " MAC_IOKIT"
11027- case IOREG_GREP: return " IOREG_GREP"
11028- case MAC_SIP: return " MAC_SIP"
11029- case HKLM_REGISTRIES: return " HKLM_REGISTRIES"
11030- case QEMU_GA: return " QEMU_GA"
11031- case VPC_INVALID: return " VPC_INVALID"
11032- case SIDT: return " SIDT"
11033- case SGDT: return " SGDT"
11034- case SLDT: return " SLDT"
11035- case OFFSEC_SIDT: return " OFFSEC_SIDT"
11036- case OFFSEC_SGDT: return " OFFSEC_SGDT"
11037- case OFFSEC_SLDT: return " OFFSEC_SLDT"
11038- case VPC_SIDT: return " VPC_SIDT"
11039- case VMWARE_IOMEM: return " VMWARE_IOMEM"
11040- case VMWARE_IOPORTS: return " VMWARE_IOPORTS"
11041- case VMWARE_SCSI: return " VMWARE_SCSI"
11042- case VMWARE_DMESG: return " VMWARE_DMESG"
11043- case VMWARE_STR: return " VMWARE_STR"
11044- case VMWARE_BACKDOOR: return " VMWARE_BACKDOOR"
11045- case VMWARE_PORT_MEM: return " VMWARE_PORT_MEM"
11046- case SMSW: return " SMSW"
11047- case MUTEX: return " MUTEX"
11048- case ODD_CPU_THREADS: return " ODD_CPU_THREADS"
11049- case INTEL_THREAD_MISMATCH: return " INTEL_THREAD_MISMATCH"
11050- case XEON_THREAD_MISMATCH: return " XEON_THREAD_MISMATCH"
11051- case NETTITUDE_VM_MEMORY: return " NETTITUDE_VM_MEMORY"
11052- case CUCKOO_DIR: return " CUCKOO_DIR"
11053- case CUCKOO_PIPE: return " CUCKOO_PIPE"
11054- case HYPERV_HOSTNAME: return " HYPERV_HOSTNAME"
11055- case GENERAL_HOSTNAME: return " GENERAL_HOSTNAME"
11056- case SCREEN_RESOLUTION: return " SCREEN_RESOLUTION"
11057- case DEVICE_STRING: return " DEVICE_STRING"
11058- case BLUESTACKS_FOLDERS: return " BLUESTACKS_FOLDERS"
11059- case CPUID_SIGNATURE: return " CPUID_SIGNATURE"
11060- case KVM_BITMASK: return " KVM_BITMASK"
11061- case KGT_SIGNATURE: return " KGT_SIGNATURE"
11062- case QEMU_VIRTUAL_DMI: return " QEMU_VIRTUAL_DMI"
11063- case QEMU_USB: return " QEMU_USB"
11064- case HYPERVISOR_DIR: return " HYPERVISOR_DIR"
11065- case UML_CPU: return " UML_CPU"
11066- case KMSG: return " KMSG"
11067- case VM_PROCS: return " VM_PROCS"
11068- case VBOX_MODULE: return " VBOX_MODULE"
11069- case SYSINFO_PROC: return " SYSINFO_PROC"
11070- case DEVICE_TREE: return " DEVICE_TREE"
11071- case DMI_SCAN: return " DMI_SCAN"
11072- case SMBIOS_VM_BIT: return " SMBIOS_VM_BIT"
11073- case PODMAN_FILE: return " PODMAN_FILE"
11074- case WSL_PROC: return " WSL_PROC"
11075- case DRIVER_NAMES: return " DRIVER_NAMES"
11076- case VM_SIDT: return " VM_SIDT"
11077- case HDD_SERIAL: return " HDD_SERIAL"
11078- case PORT_CONNECTORS: return " PORT_CONNECTORS"
11079- case GPU_VM_STRINGS: return " GPU_STRINGS"
11080- case GPU_CAPABILITIES: return " GPU_CAPABILITIES"
11081- case VM_DEVICES: return " VM_DEVICES"
11082- case PROCESSOR_NUMBER: return " PROCESSOR_NUMBER"
11083- case NUMBER_OF_CORES: return " NUMBER_OF_CORES"
11084- case ACPI_TEMPERATURE: return " ACPI_TEMPERATURE"
11085- case SYS_QEMU: return " SYS_QEMU"
11086- case LSHW_QEMU: return " LSHW_QEMU"
11087- case VIRTUAL_PROCESSORS: return " VIRTUAL_PROCESSORS"
11088- case HYPERV_QUERY: return " HYPERV_QUERY"
11089- case BAD_POOLS: return " BAD_POOLS"
11090- case AMD_SEV: return " AMD_SEV"
11091- case AMD_THREAD_MISMATCH: return " AMD_THREAD_MISMATCH"
11092- case NATIVE_VHD: return " NATIVE_VHD"
11093- case VIRTUAL_REGISTRY: return " VIRTUAL_REGISTRY"
11094- case FIRMWARE: return " FIRMWARE"
11095- case FILE_ACCESS_HISTORY: return " FILE_ACCESS_HISTORY"
11096- case AUDIO: return " AUDIO"
11097- case UNKNOWN_MANUFACTURER: return " UNKNOWN_MANUFACTURER"
11098- case OSXSAVE: return " OSXSAVE"
11099- case NSJAIL_PID: return " NSJAIL_PID"
11100- case PCI_VM: return " PCI_VM"
11101- // ADD NEW CASE HERE FOR NEW TECHNIQUE
11102- default : return " Unknown flag"
10997+ case VMID: return " VMID"
10998+ case CPU_BRAND: return " CPU_BRAND"
10999+ case HYPERVISOR_BIT: return " HYPERVISOR_BIT"
11000+ case HYPERVISOR_STR: return " HYPERVISOR_STR"
11001+ case TIMER: return " TIMER"
11002+ case THREADCOUNT: return " THREADCOUNT"
11003+ case MAC: return " MAC"
11004+ case TEMPERATURE: return " TEMPERATURE"
11005+ case SYSTEMD: return " SYSTEMD"
11006+ case CVENDOR: return " CVENDOR"
11007+ case CTYPE: return " CTYPE"
11008+ case DOCKERENV: return " DOCKERENV"
11009+ case DMIDECODE: return " DMIDECODE"
11010+ case DMESG: return " DMESG"
11011+ case HWMON: return " HWMON"
11012+ case SIDT5: return " SIDT5"
11013+ case DLL: return " DLL"
11014+ case REGISTRY: return " REGISTRY"
11015+ case VM_FILES: return " VM_FILES"
11016+ case HWMODEL: return " HWMODEL"
11017+ case DISK_SIZE: return " DISK_SIZE"
11018+ case VBOX_DEFAULT: return " VBOX_DEFAULT"
11019+ case VBOX_NETWORK: return " VBOX_NETWORK"
11020+ case VM_PROCESSES: return " VM_PROCESSES"
11021+ case LINUX_USER_HOST: return " LINUX_USER_HOST"
11022+ case GAMARUE: return " GAMARUE"
11023+ case BOCHS_CPU: return " BOCHS_CPU"
11024+ case MSSMBIOS: return " MSSMBIOS"
11025+ case MAC_MEMSIZE: return " MAC_MEMSIZE"
11026+ case MAC_IOKIT: return " MAC_IOKIT"
11027+ case IOREG_GREP: return " IOREG_GREP"
11028+ case MAC_SIP: return " MAC_SIP"
11029+ case HKLM_REGISTRIES: return " HKLM_REGISTRIES"
11030+ case QEMU_GA: return " QEMU_GA"
11031+ case VPC_INVALID: return " VPC_INVALID"
11032+ case SIDT: return " SIDT"
11033+ case SGDT: return " SGDT"
11034+ case SLDT: return " SLDT"
11035+ case OFFSEC_SIDT: return " OFFSEC_SIDT"
11036+ case OFFSEC_SGDT: return " OFFSEC_SGDT"
11037+ case OFFSEC_SLDT: return " OFFSEC_SLDT"
11038+ case VPC_SIDT: return " VPC_SIDT"
11039+ case VMWARE_IOMEM: return " VMWARE_IOMEM"
11040+ case VMWARE_IOPORTS: return " VMWARE_IOPORTS"
11041+ case VMWARE_SCSI: return " VMWARE_SCSI"
11042+ case VMWARE_DMESG: return " VMWARE_DMESG"
11043+ case VMWARE_STR: return " VMWARE_STR"
11044+ case VMWARE_BACKDOOR: return " VMWARE_BACKDOOR"
11045+ case VMWARE_PORT_MEM: return " VMWARE_PORT_MEM"
11046+ case SMSW: return " SMSW"
11047+ case MUTEX: return " MUTEX"
11048+ case ODD_CPU_THREADS: return " ODD_CPU_THREADS"
11049+ case INTEL_THREAD_MISMATCH: return " INTEL_THREAD_MISMATCH"
11050+ case XEON_THREAD_MISMATCH: return " XEON_THREAD_MISMATCH"
11051+ case NETTITUDE_VM_MEMORY: return " NETTITUDE_VM_MEMORY"
11052+ case CUCKOO_DIR: return " CUCKOO_DIR"
11053+ case CUCKOO_PIPE: return " CUCKOO_PIPE"
11054+ case HYPERV_HOSTNAME: return " HYPERV_HOSTNAME"
11055+ case GENERAL_HOSTNAME: return " GENERAL_HOSTNAME"
11056+ case SCREEN_RESOLUTION: return " SCREEN_RESOLUTION"
11057+ case DEVICE_STRING: return " DEVICE_STRING"
11058+ case BLUESTACKS_FOLDERS: return " BLUESTACKS_FOLDERS"
11059+ case CPUID_SIGNATURE: return " CPUID_SIGNATURE"
11060+ case KVM_BITMASK: return " KVM_BITMASK"
11061+ case KGT_SIGNATURE: return " KGT_SIGNATURE"
11062+ case QEMU_VIRTUAL_DMI: return " QEMU_VIRTUAL_DMI"
11063+ case QEMU_USB: return " QEMU_USB"
11064+ case HYPERVISOR_DIR: return " HYPERVISOR_DIR"
11065+ case UML_CPU: return " UML_CPU"
11066+ case KMSG: return " KMSG"
11067+ case VM_PROCS: return " VM_PROCS"
11068+ case VBOX_MODULE: return " VBOX_MODULE"
11069+ case SYSINFO_PROC: return " SYSINFO_PROC"
11070+ case DEVICE_TREE: return " DEVICE_TREE"
11071+ case DMI_SCAN: return " DMI_SCAN"
11072+ case SMBIOS_VM_BIT: return " SMBIOS_VM_BIT"
11073+ case PODMAN_FILE: return " PODMAN_FILE"
11074+ case WSL_PROC: return " WSL_PROC"
11075+ case DRIVER_NAMES: return " DRIVER_NAMES"
11076+ case VM_SIDT: return " VM_SIDT"
11077+ case HDD_SERIAL: return " HDD_SERIAL"
11078+ case PORT_CONNECTORS: return " PORT_CONNECTORS"
11079+ case GPU_VM_STRINGS: return " GPU_STRINGS"
11080+ case GPU_CAPABILITIES: return " GPU_CAPABILITIES"
11081+ case VM_DEVICES: return " VM_DEVICES"
11082+ case PROCESSOR_NUMBER: return " PROCESSOR_NUMBER"
11083+ case NUMBER_OF_CORES: return " NUMBER_OF_CORES"
11084+ case ACPI_TEMPERATURE: return " ACPI_TEMPERATURE"
11085+ case SYS_QEMU: return " SYS_QEMU"
11086+ case LSHW_QEMU: return " LSHW_QEMU"
11087+ case VIRTUAL_PROCESSORS: return " VIRTUAL_PROCESSORS"
11088+ case HYPERV_QUERY: return " HYPERV_QUERY"
11089+ case BAD_POOLS: return " BAD_POOLS"
11090+ case AMD_SEV: return " AMD_SEV"
11091+ case AMD_THREAD_MISMATCH: return " AMD_THREAD_MISMATCH"
11092+ case NATIVE_VHD: return " NATIVE_VHD"
11093+ case VIRTUAL_REGISTRY: return " VIRTUAL_REGISTRY"
11094+ case FIRMWARE: return " FIRMWARE"
11095+ case FILE_ACCESS_HISTORY: return " FILE_ACCESS_HISTORY"
11096+ case AUDIO: return " AUDIO"
11097+ case UNKNOWN_MANUFACTURER: return " UNKNOWN_MANUFACTURER"
11098+ case OSXSAVE: return " OSXSAVE"
11099+ case NSJAIL_PID: return " NSJAIL_PID"
11100+ case PCI_VM: return " PCI_VM"
11101+ // ADD NEW CASE HERE FOR NEW TECHNIQUE
11102+ default : return " Unknown flag"
1110311103 }
1110411104 }
1110511105
0 commit comments