fixed ANY.RUN discrepancy, added correct issue template, fixed bold character encoding

Author: kernelwernel

.github/ISSUE_TEMPLATE.md .github/ISSUE_TEMPLATE/report.md.github/ISSUE_TEMPLATE.md renamed to .github/ISSUE_TEMPLATE/report.md

@@ -1,9 +1,10 @@
-For a report on a false positive, please make sure that you include:
+For a report on a false positive/bug, please make sure that you include:
 - which OS and VM you are using
 - which technique(s) have given a false positive
 - a screenshot or copy pasted message of the CLI's output
+- if necessary, running the [debug binary](https://github.com/kernelwernel/VMAware/releases/download/v2.2.0/vmaware_debug.exe) and copy pasting the output would be immensely useful for us to diagnose your issue.
 
 > [!NOTE]
 > Specific versions or in-depth system info is not required, just the bare basics is what we're looking for.
 
-If your issue is not a false positive, please make sure to write as much information as needed.
+If your issue is not a false positive, please make sure to write the necessary information needed.

docs/documentation.md

@@ -10,6 +10,7 @@
 - [`VM::conclusion()`](#vmconclusion)
 - [`VM::detected_count()`](#vmdetected_count)
 - [`VM::vmaware struct`](#vmaware-struct)
+- [Overall things to avoid](#overall-things-to-avoid)
 - [Flag table](#flag-table)
 - [Brand table](#brand-table)
 - [Setting flags](#setting-flags)
@@ -411,6 +412,12 @@ int main() {
 
 <br>
 
+# Overall things to avoid
+❌ 1. Do NOT rely on the percentage to determine whether you're in a VM. The lib is not designed for this way, and you're potentially increasing false positives. Use VM::detect() instead for that job.
+❌ 2. Do NOT depend your whole program on whether a specific brand was found. VM::brand() will not guarantee it'll give you the result you're looking for even if the environment is in fact that specific VM brand.
+❌ 3. Do NOT use VM::NO_MEMO flag if you're not sure what you're doing, this can potentially hamper the performance significantly.
+
+<br>
 
 # Flag table
 VMAware provides a convenient way to not only check for VMs, but also have the flexibility and freedom for the end-user to choose what techniques are used with complete control over what gets executed or not. This is handled with a flag system.
@@ -524,7 +531,6 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
 | `VM::BAD_POOLS` | Check for system pools allocated by hypervisors | Windows | 80% |  |  |  |  |
 | `VM::AMD_SEV` | Check for AMD-SEV MSR running on the system | Linux and MacOS | 50% | Admin |  |  |  |
 | `VM::AMD_THREAD_MISMATCH` | Check for AMD CPU thread count database if it matches the system's thread count |  | 95% |  |  |  |  |
-| `VM::NATIVE_VHD` | Checks if the OS was booted from a VHD container |  | 100% |  |  |  |  |
 | `VM::NATIVE_VHD` | Check for OS being booted from a VHD container | Windows | 100% |  |  |  |  |
 | `VM::VIRTUAL_REGISTRY` | Check for particular object directory which is present in Sandboxie virtual environment but not in usual host systems | Windows | 65% |  |  |  | Admin only needed for Linux |
 | `VM::FIRMWARE` | Check for VM signatures and patched strings by hardeners in firmware, while ensuring the BIOS serial is valid | Windows and Linux | 75% |  |  |  |  |

src/cli.cpp

@@ -821,36 +821,27 @@ void checker(const VM::enum_flags flag, const char* message) {
 // overload for std::function, this is specific for any.run techniques
 // that are embedded in the CLI because it was removed in the lib as of 2.0
 void checker(const std::function<bool()>& func, const char* message) {
-#if __cplusplus >= 201703L
-    if constexpr (!CLI_WINDOWS) {
-        if (arg_bitset.test(VERBOSE)) {
-            unsupported_count++;
-        }
-        else {
-            supported_count++;
-        }
-    }
-    else {
-        supported_count++;
-    }
-#else
-#if !CLI_WINDOWS
+#if (!CLI_WINDOWS)
     if (arg_bitset.test(VERBOSE)) {
         unsupported_count++;
-    }
-    else {
+    } else {
         supported_count++;
     }
 #else
     supported_count++;
 #endif
-#endif
+
+    const bool result = func();
 
     std::cout <<
-        (func() ? detected : not_detected) <<
+        (result ? detected : not_detected) <<
+        (result ? bold : "") <<
         " Checking " <<
         message <<
-        "...\n";
+        "..." << 
+        (result ? ansi_exit : "") << 
+        "\n";
+
 }
 
 
@@ -1174,11 +1165,20 @@ void general() {
     {
         const char* conclusion_color = color(vm.percentage);
 
+        std::string conclusion = vm.conclusion;
+
+        if (is_anyrun && VM::brand() == brands::NULL_BRAND) {
+            const std::string original = "unknown";
+            const std::string new_brand = "ANY.RUN";
+
+            replace(conclusion, original, new_brand);
+        }
+
         std::cout
             << bold
             << "====== CONCLUSION: "
             << ansi_exit
-            << conclusion_color << vm.conclusion << " " << ansi_exit
+            << conclusion_color << conclusion << " " << ansi_exit
             << bold
             << "======"
             << ansi_exit

src/vmaware.hpp

@@ -11117,8 +11117,6 @@ struct VM {
         // brand is "Azure Hyper-V" instead of just "Hyper-V". So what
         // this section does is "merge" the brands together to form
         // a more accurate idea of the brand(s) involved.
-
-
         merge(TMP_AZURE, TMP_HYPERV,     TMP_AZURE);
         merge(TMP_AZURE, TMP_VPC,        TMP_AZURE);
         merge(TMP_AZURE, TMP_HYPERV_VPC, TMP_AZURE);