diff --git a/src/vmaware.hpp b/src/vmaware.hpp index e3828f4f..25dd9fbd 100644 --- a/src/vmaware.hpp +++ b/src/vmaware.hpp @@ -27,14 +27,14 @@ * * * ============================== SECTIONS ================================== - * - enums for publicly accessible techniques => line 551 + * - enums for publicly accessible techniques => line 550 * - struct for internal cpu operations => line 734 - * - struct for internal memoization => line 1206 - * - struct for internal utility functions => line 1330 - * - struct for internal core components => line 9946 - * - start of VM detection technique list => line 2357 - * - start of public VM detection functions => line 10610 - * - start of externally defined variables => line 11549 + * - struct for internal memoization => line 1205 + * - struct for internal utility functions => line 1329 + * - struct for internal core components => line 9948 + * - start of VM detection technique list => line 2356 + * - start of public VM detection functions => line 10612 + * - start of externally defined variables => line 11551 * * * ============================== EXAMPLE =================================== @@ -9379,8 +9379,8 @@ struct VM { constexpr const char* targets[] = { "Parallels Software International", "Parallels(R)", "innotek", - "Oracle", "VirtualBox", "VS2005R2", "VMware, Inc.", - "VMware", "VMWARE", "S3 Corp.", "Virtual Machine", "Qemu", "vbox", + "Oracle", "VirtualBox", "vbox", "VBOX", "VS2005R2", "VMware, Inc.", + "VMware", "VMWARE", "S3 Corp.", "Virtual Machine", "QEMU", "FWCF", "WAET", "BOCHS", "BXPC" }; @@ -9442,7 +9442,8 @@ struct VM { strcmp(target, "VMware") == 0 || strcmp(target, "VMWARE") == 0) brand = brands::VMWARE; - else if (strcmp(target, "Qemu") == 0) + else if (strcmp(target, "QEMU") == 0 || + strcmp(target, "FWCF") == 0) brand = brands::QEMU; else if (strcmp(target, "BOCHS") == 0 || strcmp(target, "BXPC") == 0) @@ -9589,8 +9590,9 @@ struct VM { // Same targets as the Windows branch but without "WAET" constexpr const char* targets[] = { "Parallels Software International", "Parallels(R)", "innotek", - "Oracle", "VirtualBox", "VS2005R2", "VMware, Inc.", - "VMware", "S3 Corp.", "Virtual Machine", "Qemu", "vbox", "BOCHS", "BXPC" + "Oracle", "VirtualBox", "vbox", "VBOX", "VS2005R2", "VMware, Inc.", + "VMware", "VMWARE", "S3 Corp.", "Virtual Machine", "QEMU", "FWCF", + "BOCHS", "BXPC" }; struct dirent* entry; @@ -9658,7 +9660,8 @@ struct VM { strcmp(target, "VMWARE") == 0) { brand = brands::VMWARE; } - else if (strcmp(target, "Qemu") == 0) { + else if (strcmp(target, "QEMU") == 0 || + strcmp(target, "FWCF") == 0) { brand = brands::QEMU; } else if (strcmp(target, "BOCHS") == 0 || diff --git a/src/vmaware_MIT.hpp b/src/vmaware_MIT.hpp index 07f1e526..aabe26b9 100644 --- a/src/vmaware_MIT.hpp +++ b/src/vmaware_MIT.hpp @@ -24,21 +24,21 @@ * - Docs: https://github.com/kernelwernel/VMAware/docs/documentation.md * - Full credits: https://github.com/kernelwernel/VMAware#credits-and-contributors-%EF%B8%8F * - License: MIT - * + * * MIT License - * + * * Copyright (c) 2025 kernelwernel - * + * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: - * + * * The above copyright notice and this permission notice shall be included in all * copies or substantial portions of the Software. - * + * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE @@ -49,34 +49,34 @@ * * * ============================== SECTIONS ================================== - * - enums for publicly accessible techniques => line 573 - * - struct for internal cpu operations => line 750 - * - struct for internal memoization => line 1222 - * - struct for internal utility functions => line 1347 - * - struct for internal core components => line 9752 - * - start of VM detection technique list => line 2376 - * - start of public VM detection functions => line 10427 - * - start of externally defined variables => line 11368 + * - enums for publicly accessible techniques => line 572 + * - struct for internal cpu operations => line 749 + * - struct for internal memoization => line 1220 + * - struct for internal utility functions => line 1344 + * - struct for internal core components => line 9734 + * - start of VM detection technique list => line 2371 + * - start of public VM detection functions => line 10398 + * - start of externally defined variables => line 11330 * * * ============================== EXAMPLE =================================== * #include "vmaware.hpp" * #include - * + * * int main() { * if (VM::detect()) { * std::cout << "Virtual machine detected!" << "\n"; * } else { * std::cout << "Running on baremetal" << "\n"; * } - * + * * std::cout << "VM name: " << VM::brand() << "\n"; * std::cout << "VM type: " << VM::type() << "\n"; * std::cout << "VM certainty: " << (int)VM::percentage() << "%" << "\n"; * } + * * - * - * ========================== CODE DOCUMENTATION ============================= + * ========================== CODE DOCUMENTATION ============================= * * Welcome! This is just a preliminary text to lay the context of how it works, * how it's structured, and guide anybody who's trying to understand the whole code. @@ -486,7 +486,7 @@ MSVC_DISABLE_WARNING(ASSIGNMENT_OPERATOR NO_INLINE_FUNC SPECTRE) * * TL;DR I have wonky fingers :( */ - namespace brands { +namespace brands { static constexpr const char* NULL_BRAND = "Unknown"; static constexpr const char* VBOX = "VirtualBox"; static constexpr const char* VMWARE = "VMware"; @@ -560,11 +560,11 @@ MSVC_DISABLE_WARNING(ASSIGNMENT_OPERATOR NO_INLINE_FUNC SPECTRE) struct VM { private: - using u8 = std::uint8_t; + using u8 = std::uint8_t; using u16 = std::uint16_t; using u32 = std::uint32_t; using u64 = std::uint64_t; - using i8 = std::int8_t; + using i8 = std::int8_t; using i16 = std::int16_t; using i32 = std::int32_t; using i64 = std::int64_t; @@ -703,7 +703,7 @@ struct VM { // this is specifically meant for VM::detected_count() to // get the total number of techniques that detected a VM - static u8 detected_count_num; + static u8 detected_count_num; private: @@ -727,7 +727,7 @@ struct VM { private: // macro for bypassing unused parameter/variable warnings -#define UNUSED(x) ((void)(x)) + #define UNUSED(x) ((void)(x)) // likely and unlikely macros #if (LINUX) @@ -916,11 +916,11 @@ struct VM { constexpr std::size_t buffer_size = sizeof(int32_t) * buffer.size(); std::array charbuffer{}; - constexpr std::array ids = { { + constexpr std::array ids = {{ cpu::leaf::brand1, cpu::leaf::brand2, cpu::leaf::brand3 - } }; + }}; std::string brand = ""; @@ -1018,7 +1018,7 @@ struct VM { steps.model == celeron_model && steps.family == celeron_family && steps.extmodel == celeron_extmodel - ); + ); } @@ -1055,7 +1055,7 @@ struct VM { } return false; - }; + }; bool found = false; bool is_xeon = false; @@ -1066,8 +1066,7 @@ struct VM { if (match(intel_i_series_regex)) { found = true; is_i_series = true; - } - else if (match(intel_xeon_series_regex)) { + } else if (match(intel_xeon_series_regex)) { found = true; is_xeon = true; } @@ -1216,7 +1215,7 @@ struct VM { return false; } - }; + }; // memoization struct memo { @@ -1266,11 +1265,10 @@ struct VM { static bool all_present() { if (cache_table.size() == technique_count) { return true; - } - else if (cache_table.size() == static_cast(technique_count) - 3) { + } else if (cache_table.size() == static_cast(technique_count) - 3) { return ( !cache_keys.test(VMWARE_DMESG) - ); + ); } return false; @@ -1357,8 +1355,7 @@ struct VM { if (home) { path = std::string(home) + raw_path_str.substr(1); } - } - else { + } else { path = raw_path; } @@ -1458,7 +1455,7 @@ struct VM { return ( (uid != euid) || (euid == 0) - ); + ); #elif (WINDOWS) BOOL is_admin = FALSE; HANDLE hToken = NULL; @@ -1482,7 +1479,7 @@ struct VM { } } - CloseHandle(hToken); + CloseHandle(hToken); return is_admin; #endif @@ -1688,7 +1685,7 @@ struct VM { if (size == 0) return 81; - + return size; // Return disk size in GB } @@ -1722,8 +1719,7 @@ struct VM { if (std::isdigit(c)) { number_str += c; in_number = true; - } - else if (in_number) { + } else if (in_number) { break; } } @@ -1882,7 +1878,7 @@ struct VM { #else return false; #endif - } + } // Returns a list of running process names [[nodiscard]] static std::unordered_set get_running_process_names() { @@ -1976,12 +1972,12 @@ struct VM { /** * On Hyper-V virtual machines, the cpuid function reports an EAX value of 11 * This value is tied to the Hyper-V partition model, where each virtual machine runs as a child partition - * These child partitions have limited privileges and access to hypervisor resources, + * These child partitions have limited privileges and access to hypervisor resources, * which is reflected in the maximum input value for hypervisor CPUID information as 11. * Essentially, it indicates that the hypervisor is managing the VM and that the VM is not running directly on hardware but rather in a virtualized environment */ auto eax = []() -> u32 { - char out[sizeof(int32_t) * 4 + 1] = { 0 }; + char out[sizeof(int32_t) * 4 + 1] = { 0 }; cpu::cpuid((int*)out, cpu::leaf::hypervisor); const u32 eax = static_cast(out[0]); @@ -2370,7 +2366,7 @@ struct VM { } } #endif - }; + }; private: // START OF PRIVATE VM DETECTION TECHNIQUE DEFINITIONS @@ -2387,7 +2383,7 @@ struct VM { cpu::vmid_template(0) || cpu::vmid_template(cpu::leaf::hypervisor) || // 0x40000000 cpu::vmid_template(cpu::leaf::hypervisor + 0x100) // 0x40000100 - ); + ); #endif } @@ -2566,8 +2562,7 @@ struct VM { if (success) { std::memcpy(mac, ifr.ifr_hwaddr.sa_data, 6); - } - else { + } else { debug("MAC: ", "not successful"); } #elif (WINDOWS) @@ -2596,7 +2591,7 @@ struct VM { << static_cast(mac[1]) << ":" << static_cast(mac[2]) << ":XX:XX:XX"; /* removed for privacy reasons, only the first 3 bytes are needed - << static_cast(mac[3]) << ":" + << static_cast(mac[3]) << ":" << static_cast(mac[4]) << ":" << static_cast(mac[5]); */ @@ -2720,8 +2715,7 @@ struct VM { if (util::exists(chassis)) { return (stoi(util::read_file(chassis)) == 1); - } - else { + } else { debug("CTYPE: ", "file doesn't exist"); } @@ -2772,20 +2766,15 @@ struct VM { if (*result == "" || result == nullptr) { debug("DMIDECODE: ", "invalid output"); return false; - } - else if (*result == "QEMU") { + } else if (*result == "QEMU") { return core::add(brands::QEMU); - } - else if (*result == "VirtualBox") { + } else if (*result == "VirtualBox") { return core::add(brands::VBOX); - } - else if (*result == "KVM") { + } else if (*result == "KVM") { return core::add(brands::KVM); - } - else if (std::atoi(result->c_str()) >= 1) { + } else if (std::atoi(result->c_str()) >= 1) { return true; - } - else { + } else { debug("DMIDECODE: ", "output = ", *result); } @@ -2816,17 +2805,13 @@ struct VM { if (*result == "" || result == nullptr) { return false; - } - else if (*result == "KVM") { + } else if (*result == "KVM") { return core::add(brands::KVM); - } - else if (*result == "QEMU") { + } else if (*result == "QEMU") { return core::add(brands::QEMU); - } - else if (std::atoi(result->c_str())) { + } else if (std::atoi(result->c_str())) { return true; - } - else { + } else { debug("DMESG: ", "output = ", *result); } @@ -3390,7 +3375,7 @@ struct VM { return false; } -#if (LINUX) + #if (LINUX) auto get_distro = []() -> std::string { std::ifstream osReleaseFile("/etc/os-release"); std::string line; @@ -3437,7 +3422,7 @@ struct VM { } return false; -#elif (WINDOWS) + #elif (WINDOWS) const u8 version = util::get_windows_version(); if (version < 10) { @@ -3451,7 +3436,7 @@ struct VM { debug("VBOX_DEFAULT: Windows 11 detected"); return ((80 == disk) && (4 == ram)); -#endif + #endif #endif } @@ -3477,6 +3462,8 @@ struct VM { } + + /** * @brief Check for any VM processes that are active * @category Windows @@ -3520,7 +3507,7 @@ struct VM { if (runningProcesses.count("vdagent.exe") || runningProcesses.count("vdservice.exe") || - runningProcesses.count("qemuwmi.exe") || + runningProcesses.count("qemuwmi.exe") || runningProcesses.count("looking-glass-host.exe")) { debug("VM_PROCESSES: Detected QEMU process."); return core::add(brands::QEMU); @@ -3562,7 +3549,7 @@ struct VM { return ( (strcmp(username, "liveuser") == 0) && (strcmp(hostname, "localhost-live") == 0) - ); + ); #endif } @@ -3650,8 +3637,7 @@ struct VM { debug("BOCHS_CPU: technique 1 found"); return core::add(brands::BOCHS); } - } - else if (amd) { + } else if (amd) { // technique 2: "processor" should have a capital P if (brand == "AMD Athlon(tm) processor") { debug("BOCHS_CPU: technique 2 found"); @@ -3680,7 +3666,7 @@ struct VM { } return false; - }; + }; auto is_k8 = [](const u32 eax) -> bool { const u32 family = (eax >> 8) & 0xF; @@ -3693,7 +3679,7 @@ struct VM { } return false; - }; + }; if (!(is_k7(eax) || is_k8(eax))) { return false; @@ -4023,13 +4009,13 @@ struct VM { } return false; - }; + }; return ( check_usb() || check_general() || check_rom() - ); + ); #endif } @@ -4243,9 +4229,9 @@ struct VM { sgdt gdtr } #elif (MSVC) -#pragma pack(push, 1) + #pragma pack(push, 1) struct { unsigned short limit; unsigned long long base; } _gdtr = {}; -#pragma pack(pop) + #pragma pack(pop) _sgdt(&_gdtr); std::memcpy(gdtr, &_gdtr, sizeof(gdtr)); #else @@ -4418,7 +4404,7 @@ struct VM { * @category Windows * @implements VM::VMWARE_STR */ - [[nodiscard]] static bool vmware_str() { + [[nodiscard]] static bool vmware_str() { #if (WINDOWS && x86_32) unsigned short tr = 0; __asm { @@ -4483,11 +4469,11 @@ struct VM { if (is_vm) { switch (b) { - case 1: return core::add(brands::VMWARE_EXPRESS); - case 2: return core::add(brands::VMWARE_ESX); - case 3: return core::add(brands::VMWARE_GSX); - case 4: return core::add(brands::VMWARE_WORKSTATION); - default: return core::add(brands::VMWARE); + case 1: return core::add(brands::VMWARE_EXPRESS); + case 2: return core::add(brands::VMWARE_ESX); + case 3: return core::add(brands::VMWARE_GSX); + case 4: return core::add(brands::VMWARE_WORKSTATION); + default: return core::add(brands::VMWARE); } } @@ -4565,7 +4551,7 @@ struct VM { return ( (((reax >> 24) & 0xFF) == 0xCC) && (((reax >> 16) & 0xFF) == 0xCC) - ); + ); #else return false; #endif @@ -4597,12 +4583,12 @@ struct VM { } return (dwError == ERROR_ALREADY_EXISTS); - }; + }; if ( supMutexExist("Sandboxie_SingleInstanceMutex_Control") || supMutexExist("SBIE_BOXED_ServiceInitComplete_Mutex1") - ) { + ) { return core::add(brands::SANDBOXIE); } @@ -4638,48 +4624,48 @@ struct VM { // check if the microarchitecture was made before 2006, which was around the time multi-core processors were implemented auto old_microarchitecture = [&steps]() -> bool { - constexpr std::array, 32> old_archs = { { - // 80486 - {{ 0x4, 0x0, 0x1 }}, - {{ 0x4, 0x0, 0x2 }}, - {{ 0x4, 0x0, 0x3 }}, - {{ 0x4, 0x0, 0x4 }}, - {{ 0x4, 0x0, 0x5 }}, - {{ 0x4, 0x0, 0x7 }}, - {{ 0x4, 0x0, 0x8 }}, - {{ 0x4, 0x0, 0x9 }}, - - // P5 - {{ 0x5, 0x0, 0x1 }}, - {{ 0x5, 0x0, 0x2 }}, - {{ 0x5, 0x0, 0x4 }}, - {{ 0x5, 0x0, 0x7 }}, - {{ 0x5, 0x0, 0x8 }}, - - // P6 - {{ 0x6, 0x0, 0x1 }}, - {{ 0x6, 0x0, 0x3 }}, - {{ 0x6, 0x0, 0x5 }}, - {{ 0x6, 0x0, 0x6 }}, - {{ 0x6, 0x0, 0x7 }}, - {{ 0x6, 0x0, 0x8 }}, - {{ 0x6, 0x0, 0xA }}, - {{ 0x6, 0x0, 0xB }}, - - // Netburst - {{ 0xF, 0x0, 0x6 }}, - {{ 0xF, 0x0, 0x4 }}, - {{ 0xF, 0x0, 0x3 }}, - {{ 0xF, 0x0, 0x2 }}, - {{ 0xF, 0x0, 0x10 }}, - - {{ 0x6, 0x1, 0x5 }}, // Pentium M (Talopai) - {{ 0x6, 0x1, 0x6 }}, // Core (Client) - {{ 0x6, 0x0, 0x9 }}, // Pentium M - {{ 0x6, 0x0, 0xD }}, // Pentium M - {{ 0x6, 0x0, 0xE }}, // Modified Pentium M - {{ 0x6, 0x0, 0xF }} // Core (Client) - } }; + constexpr std::array, 32> old_archs = {{ + // 80486 + {{ 0x4, 0x0, 0x1 }}, + {{ 0x4, 0x0, 0x2 }}, + {{ 0x4, 0x0, 0x3 }}, + {{ 0x4, 0x0, 0x4 }}, + {{ 0x4, 0x0, 0x5 }}, + {{ 0x4, 0x0, 0x7 }}, + {{ 0x4, 0x0, 0x8 }}, + {{ 0x4, 0x0, 0x9 }}, + + // P5 + {{ 0x5, 0x0, 0x1 }}, + {{ 0x5, 0x0, 0x2 }}, + {{ 0x5, 0x0, 0x4 }}, + {{ 0x5, 0x0, 0x7 }}, + {{ 0x5, 0x0, 0x8 }}, + + // P6 + {{ 0x6, 0x0, 0x1 }}, + {{ 0x6, 0x0, 0x3 }}, + {{ 0x6, 0x0, 0x5 }}, + {{ 0x6, 0x0, 0x6 }}, + {{ 0x6, 0x0, 0x7 }}, + {{ 0x6, 0x0, 0x8 }}, + {{ 0x6, 0x0, 0xA }}, + {{ 0x6, 0x0, 0xB }}, + + // Netburst + {{ 0xF, 0x0, 0x6 }}, + {{ 0xF, 0x0, 0x4 }}, + {{ 0xF, 0x0, 0x3 }}, + {{ 0xF, 0x0, 0x2 }}, + {{ 0xF, 0x0, 0x10 }}, + + {{ 0x6, 0x1, 0x5 }}, // Pentium M (Talopai) + {{ 0x6, 0x1, 0x6 }}, // Core (Client) + {{ 0x6, 0x0, 0x9 }}, // Pentium M + {{ 0x6, 0x0, 0xD }}, // Pentium M + {{ 0x6, 0x0, 0xE }}, // Modified Pentium M + {{ 0x6, 0x0, 0xF }} // Core (Client) + }}; constexpr u8 FAMILY = 0; constexpr u8 EXTMODEL = 1; @@ -4696,7 +4682,7 @@ struct VM { } return false; - }; + }; // self-explanatory if (!(cpu::is_intel() || cpu::is_amd())) { @@ -6028,8 +6014,8 @@ struct VM { CM_FULL_RESOURCE_DESCRIPTOR List[1]; } *PCM_RESOURCE_LIST, CM_RESOURCE_LIST; struct map_key { - LPCTSTR KeyPath; - LPCTSTR ValueName; + LPCTSTR KeyPath; + LPCTSTR ValueName; }; #define VBOX_PHYS_LO 0x0000000000001000ULL @@ -6236,9 +6222,9 @@ struct VM { const size_t hyphen_pos = hostname.find('-', 5); - if (hyphen_pos == std::string::npos || - hyphen_pos <= 5 || - hyphen_pos >= len - 1) { + if (hyphen_pos == std::string::npos || + hyphen_pos <= 5 || + hyphen_pos >= len - 1) { return false; } @@ -6270,7 +6256,7 @@ struct VM { auto cmp = [&](const char* str2) -> bool { return (hostname == str2); - }; + }; if ( cmp("Sandbox") || @@ -6278,7 +6264,7 @@ struct VM { cmp("Malware") || cmp("malsand") || cmp("ClonePC") - ) { + ) { return true; } @@ -6314,7 +6300,7 @@ struct VM { (horiz == 1024 && verti == 768) || (horiz == 800 && verti == 600) || (horiz == 640 && verti == 480) - ) { + ) { return true; } @@ -6339,8 +6325,7 @@ struct VM { if (BuildCommDCBAndTimeoutsA("jhl46745fghb", &dcb, &timeouts)) { return true; - } - else { + } else { return false; } #endif @@ -6359,7 +6344,7 @@ struct VM { if ( util::exists("/mnt/windows/BstSharedFolder") || util::exists("/sdcard/windows/BstSharedFolder") - ) { + ) { return core::add(brands::BLUESTACKS); } @@ -6388,7 +6373,7 @@ struct VM { debug("CPUID_SIGNATURE: eax = ", eax); - if (eax == nanovisor) + if (eax == nanovisor) return core::add(brands::NANOVISOR); else if (eax == simplevisor) return core::add(brands::SIMPLEVISOR); @@ -6416,7 +6401,7 @@ struct VM { (ebx == 0x4b4d564b) && (ecx == 0x564b4d56) && (edx == 0x4d) - )) { + )) { return false; } @@ -6426,7 +6411,7 @@ struct VM { (eax & (1 << 8)) && (((eax >> 13) & 0b1111111111) == 0) && ((eax >> 24) == 0) - ) { + ) { return core::add(brands::KVM); } @@ -6476,19 +6461,19 @@ struct VM { if ( util::exists(sys_vendor) && util::exists(modalias) - ) { + ) { const std::string sys_vendor_str = util::read_file(sys_vendor); const std::string modalias_str = util::read_file(modalias); return ( util::find(sys_vendor_str, "QEMU") && util::find(modalias_str, "QEMU") - ); + ); } return false; #endif - } + } /** @@ -6543,9 +6528,9 @@ struct VM { while ((entry = readdir(dir)) != nullptr) { if ( - (entry->d_name[0] == '.' && entry->d_name[1] == '\0') || + (entry->d_name[0] == '.' && entry->d_name[1] == '\0') || (entry->d_name[1] == '.' && entry->d_name[2] == '\0') - ) { + ) { continue; } @@ -6571,7 +6556,7 @@ struct VM { // check if there's a few files in that directory return ((count != 0) && type); #endif - } + } /** @@ -6604,7 +6589,7 @@ struct VM { return false; #endif - } + } /** @@ -6636,15 +6621,12 @@ struct VM { if (bytes_read > 0) { buffer[bytes_read] = '\0'; ss << buffer; - } - else if (bytes_read == 0) { + } else if (bytes_read == 0) { usleep(100000); // Sleep for 100 milliseconds - } - else { + } else { if (errno == EAGAIN) { usleep(100000); // Sleep for 100 milliseconds - } - else { + } else { debug("KMSG: Error reading /dev/kmsg"); break; } @@ -6665,7 +6647,7 @@ struct VM { return (util::find(content, "Hypervisor detected")); #endif - } + } /** @@ -6688,7 +6670,7 @@ struct VM { return false; #endif - } + } /** @@ -6742,7 +6724,7 @@ struct VM { return false; #endif - } + } /** @@ -6761,7 +6743,7 @@ struct VM { return (util::exists("/proc/device-tree/hypervisor/compatible")); #endif - } + } /** @@ -6780,7 +6762,7 @@ struct VM { cat: /sys/class/dmi/id/product_uuid: Permission denied */ - constexpr std::array dmi_array{ + constexpr std::array dmi_array { "/sys/class/dmi/id/bios_vendor", "/sys/class/dmi/id/board_name", "/sys/class/dmi/id/board_vendor", @@ -6790,7 +6772,7 @@ struct VM { "/sys/class/dmi/id/sys_vendor" }; - constexpr std::array, 15> vm_table{ { + constexpr std::array, 15> vm_table {{ { "kvm", brands::KVM }, { "openstack", brands::OPENSTACK }, { "kubevirt", brands::KUBEVIRT }, @@ -6807,9 +6789,9 @@ struct VM { { "hyper-v", brands::HYPERV }, { "apple virtualization", brands::APPLE_VZ }, { "google compute engine", brands::GCE } - } }; + }}; - auto to_lower = [](std::string& str) { + auto to_lower = [](std::string &str) { for (auto& c : str) { if (c == ' ') { continue; @@ -6817,9 +6799,9 @@ struct VM { c = static_cast(tolower(c)); } - }; + }; - for (const auto& vm_string : vm_table) { + for (const auto &vm_string : vm_table) { for (const auto file : dmi_array) { if (!util::exists(file)) { continue; @@ -6835,8 +6817,7 @@ struct VM { if (smbios_vm_bit()) { return core::add(brands::AWS_NITRO); } - } - else { + } else { return core::add(vm_string.second); } } @@ -6845,7 +6826,7 @@ struct VM { return false; #endif - } + } /** @@ -6879,7 +6860,7 @@ struct VM { return (content.at(19) & (1 << 4)); #endif - } + } /** @@ -6917,21 +6898,21 @@ struct VM { if ( util::exists(osrelease) && util::exists(version) - ) { + ) { const std::string osrelease_content = util::read_file(osrelease); const std::string version_content = util::read_file(version); if ( (util::find(osrelease_content, "WSL") || util::find(osrelease_content, "Microsoft")) && (util::find(version, "WSL") || util::find(version, "Microsoft")) - ) { + ) { return core::add(brands::WSL); } } return false; #endif - } + } /** @@ -7001,7 +6982,7 @@ struct VM { if (ntQuerySystemInformation == nullptr || ntAllocateVirtualMemory == nullptr || ntFreeVirtualMemory == nullptr) return false; - + ULONG ulSize = 0; NTSTATUS status = ntQuerySystemInformation(SystemModuleInformation, nullptr, 0, &ulSize); if (status != STATUS_INFO_LENGTH_MISMATCH) return false; @@ -7169,7 +7150,7 @@ struct VM { /** * @brief Check for physical connection ports * @category Windows - * @note original idea of using physical ports to detect VMs was suggested by @unusual-aspect (https://github.com/unusual-aspect). + * @note original idea of using physical ports to detect VMs was suggested by @unusual-aspect (https://github.com/unusual-aspect). * This technique is known to false flag on devices like Surface Pro. * @implements VM::PORT_CONNECTORS */ @@ -7351,7 +7332,7 @@ struct VM { (handle2 != INVALID_HANDLE_VALUE) || (handle3 != INVALID_HANDLE_VALUE) || (handle4 != INVALID_HANDLE_VALUE) - ) { + ) { vbox = true; } @@ -7381,7 +7362,7 @@ struct VM { return false; #endif - } + } /** @@ -7477,18 +7458,18 @@ struct VM { * @implements VM::TIMER */ #if (MSVC) -#pragma optimize("", off) + #pragma optimize("", off) #elif (CLANG) -#pragma clang optimize off + #pragma clang optimize off #elif (GCC) -#pragma GCC push_options -#pragma GCC optimize("O0") + #pragma GCC push_options + #pragma GCC optimize("O0") #endif [[nodiscard]] #if (LINUX) __attribute__((no_sanitize("address", "leak", "thread", "undefined"))) #endif - static bool timer() { + static bool timer() { #if (ARM || !x86) return false; #else @@ -7526,7 +7507,7 @@ struct VM { newParam.sched_priority = sched_get_priority_max(SCHED_FIFO); if (sched_setscheduler(0, SCHED_FIFO, &newParam) == -1) { - hasSchedPriority = false; + hasSchedPriority = false; } } #endif @@ -7537,7 +7518,7 @@ struct VM { #else sched_setscheduler(0, oldPolicy, &oldParam); #endif - }; + }; // --- 1. Classic Timing Check (rdtsc + cpuid + rdtsc) --- #ifdef __VMAWARE_DEBUG__ @@ -7548,9 +7529,9 @@ struct VM { constexpr size_t kBufferSize = static_cast(64 * 1024) * 1024; #if (WINDOWS) -#define COMPILER_BARRIER() _ReadWriteBarrier() + #define COMPILER_BARRIER() _ReadWriteBarrier() #else -#define COMPILER_BARRIER() __asm__ __volatile__("" ::: "memory") + #define COMPILER_BARRIER() __asm__ __volatile__("" ::: "memory") #endif #if (WINDOWS) @@ -7683,7 +7664,7 @@ struct VM { spammerThreadStarted = true; } catch (...) { - + } // --- 3a. Pin Measurement Thread for Consistent Timing --- @@ -7870,92 +7851,92 @@ struct VM { #endif } #if (MSVC) -#pragma optimize("", on) + #pragma optimize("", on) #elif (CLANG) -#pragma clang optimize on + #pragma clang optimize on #elif (GCC) -#pragma GCC pop_options + #pragma GCC pop_options #endif - /** - * @brief Check for existence of qemu_fw_cfg directories within sys/module and /sys/firmware - * @category Linux + /** + * @brief Check for existence of qemu_fw_cfg directories within sys/module and /sys/firmware + * @category Linux * @implements VM::SYS_QEMU - */ - [[nodiscard]] static bool sys_qemu_dir() { + */ + [[nodiscard]] static bool sys_qemu_dir() { #if (!LINUX) - return false; + return false; #else - const std::string module_path = "/sys/module/qemu_fw_cfg/"; - const std::string firmware_path = "/sys/firmware/qemu_fw_cfg/"; - -#if (CPP >= 17) + const std::string module_path = "/sys/module/qemu_fw_cfg/"; + const std::string firmware_path = "/sys/firmware/qemu_fw_cfg/"; + + #if (CPP >= 17) namespace fs = std::filesystem; - return ( - fs::is_directory(module_path) && - fs::is_directory(firmware_path) && - fs::exists(module_path) && - fs::exists(firmware_path) - ); -#else + return ( + fs::is_directory(module_path) && + fs::is_directory(firmware_path) && + fs::exists(module_path) && + fs::exists(firmware_path) + ); + #else - return ( - util::is_directory(module_path.c_str()) && - util::is_directory(firmware_path.c_str()) && - util::exists(module_path.c_str()) && - util::exists(firmware_path.c_str()) - ); -#endif + return ( + util::is_directory(module_path.c_str()) && + util::is_directory(firmware_path.c_str()) && + util::exists(module_path.c_str()) && + util::exists(firmware_path.c_str()) + ); + #endif #endif - } + } - /** - * @brief Check for QEMU string instances with lshw command - * @category Linux + /** + * @brief Check for QEMU string instances with lshw command + * @category Linux * @implements VM::LSHW_QEMU - */ - [[nodiscard]] static bool lshw_qemu() { + */ + [[nodiscard]] static bool lshw_qemu() { #if (!LINUX) - return false; + return false; #else - if (!( - (util::exists("/usr/bin/lshw")) || + if (!( + (util::exists("/usr/bin/lshw")) || (util::exists("/bin/lshw")) || (util::exists("/usr/sbin/lshw")) - )) { - debug("LSHW_QEMU: ", "binary doesn't exist"); - return false; - } - - const std::unique_ptr result = util::sys_result("lshw 2>&1"); - - if (result == nullptr) { - debug("LSHW_QEMU: ", "invalid stdout output from lshw"); - return false; - } - - const std::string full_command = *result; - - u8 score = 0; + )) { + debug("LSHW_QEMU: ", "binary doesn't exist"); + return false; + } + + const std::unique_ptr result = util::sys_result("lshw 2>&1"); + + if (result == nullptr) { + debug("LSHW_QEMU: ", "invalid stdout output from lshw"); + return false; + } + + const std::string full_command = *result; + + u8 score = 0; auto qemu_finder = [&](const char* str) -> void { - if (util::find(full_command, str)) { + if (util::find(full_command, str)) { debug("LSHW_QEMU: found ", str); - score++; + score++; } - }; - - qemu_finder("QEMU PCIe Root port"); - qemu_finder("QEMU XHCI Host Controller"); - qemu_finder("QEMU DVD-ROM"); - qemu_finder("QEMU QEMU USB Tablet"); - - return (score >= 3); // if one of the strings above were detected 3 times, flag as VM + }; + + qemu_finder("QEMU PCIe Root port"); + qemu_finder("QEMU XHCI Host Controller"); + qemu_finder("QEMU DVD-ROM"); + qemu_finder("QEMU QEMU USB Tablet"); + + return (score >= 3); // if one of the strings above were detected 3 times, flag as VM #endif - } + } /** @@ -7971,7 +7952,7 @@ struct VM { if (!cpu::is_leaf_supported(0x40000005)) { return false; } - + struct Registers { int eax = 0; int ebx = 0; @@ -8362,38 +8343,38 @@ struct VM { } - /** - * @brief Check for AMD-SEV MSR running on the system - * @category x86, Linux, MacOS - * @note idea from virt-what + /** + * @brief Check for AMD-SEV MSR running on the system + * @category x86, Linux, MacOS + * @note idea from virt-what * @implements VM::AMD_SEV - */ - [[nodiscard]] static bool amd_sev() { + */ + [[nodiscard]] static bool amd_sev() { #if (x86 && (LINUX || APPLE)) - if (!cpu::is_amd()) { - return false; - } - - if (!util::is_admin()) { - return false; - } - - constexpr u32 encrypted_memory_capability = 0x8000001f; - constexpr u32 msr_index = 0xc0010131; - - if (!cpu::is_leaf_supported(encrypted_memory_capability)) { - return false; - } - - u32 eax, unused = 0; - cpu::cpuid(eax, unused, unused, unused, encrypted_memory_capability); - - if (!(eax & (1 << 1))) { - return false; - } - - u64 result = 0; - + if (!cpu::is_amd()) { + return false; + } + + if (!util::is_admin()) { + return false; + } + + constexpr u32 encrypted_memory_capability = 0x8000001f; + constexpr u32 msr_index = 0xc0010131; + + if (!cpu::is_leaf_supported(encrypted_memory_capability)) { + return false; + } + + u32 eax, unused = 0; + cpu::cpuid(eax, unused, unused, unused, encrypted_memory_capability); + + if (!(eax & (1 << 1))) { + return false; + } + + u64 result = 0; + const std::string msr_device = "/dev/cpu/0/msr"; std::ifstream msr_file(msr_device, std::ios::binary); @@ -8412,24 +8393,24 @@ struct VM { if (result & (static_cast(1) << 2)) { return core::add(brands::AMD_SEV_SNP); } else if (result & (static_cast(1) << 1)) { return core::add(brands::AMD_SEV_ES); } - else if (result & 1) { return core::add(brands::AMD_SEV); } - - return false; + else if (result & 1) { return core::add(brands::AMD_SEV); } + + return false; #else return false; #endif - } + } - /** - * @brief Check for AMD CPU thread count database if it matches the system's thread count - * @link https://www.amd.com/en/products/specifications/processors.html - * @category x86 + /** + * @brief Check for AMD CPU thread count database if it matches the system's thread count + * @link https://www.amd.com/en/products/specifications/processors.html + * @category x86 * @implements VM::AMD_THREAD_MISMATCH - */ - [[nodiscard]] static bool amd_thread_mismatch() { + */ + [[nodiscard]] static bool amd_thread_mismatch() { #if (!x86) - return false; + return false; #else if (!cpu::is_amd()) { return false; @@ -8438,7 +8419,7 @@ struct VM { if (cpu::has_hyperthreading()) { return false; } - + std::string model = cpu::get_brand(); for (char& c : model) { @@ -9022,7 +9003,7 @@ struct VM { return false; #endif - } + } /** @@ -9034,15 +9015,15 @@ struct VM { #if (!WINDOWS) return false; #else -#if (_WIN32_WINNT < _WIN32_WINNT_WIN8) - return false; -#else - BOOL isNativeVhdBoot = 0; - if (IsNativeVhdBoot(&isNativeVhdBoot)) { - return (isNativeVhdBoot == TRUE); - } - return false; -#endif + #if (_WIN32_WINNT < _WIN32_WINNT_WIN8) + return false; + #else + BOOL isNativeVhdBoot = 0; + if (IsNativeVhdBoot(&isNativeVhdBoot)) { + return (isNativeVhdBoot == TRUE); + } + return false; + #endif #endif } @@ -9184,8 +9165,8 @@ struct VM { constexpr const char* targets[] = { "Parallels Software International", "Parallels(R)", "innotek", - "Oracle", "VirtualBox", "VS2005R2", "VMware, Inc.", - "VMware", "VMWARE", "S3 Corp.", "Virtual Machine", "Qemu", "vbox", + "Oracle", "VirtualBox", "vbox", "VBOX", "VS2005R2", "VMware, Inc.", + "VMware", "VMWARE", "S3 Corp.", "Virtual Machine", "QEMU", "FWCF", "WAET", "BOCHS", "BXPC" }; @@ -9247,7 +9228,8 @@ struct VM { strcmp(target, "VMware") == 0 || strcmp(target, "VMWARE") == 0) brand = brands::VMWARE; - else if (strcmp(target, "Qemu") == 0) + else if (strcmp(target, "QEMU") == 0 || + strcmp(target, "FWCF") == 0) brand = brands::QEMU; else if (strcmp(target, "BOCHS") == 0 || strcmp(target, "BXPC") == 0) @@ -9394,8 +9376,9 @@ struct VM { // Same targets as the Windows branch but without "WAET" constexpr const char* targets[] = { "Parallels Software International", "Parallels(R)", "innotek", - "Oracle", "VirtualBox", "VS2005R2", "VMware, Inc.", - "VMware", "S3 Corp.", "Virtual Machine", "Qemu", "vbox", "BOCHS", "BXPC" + "Oracle", "VirtualBox", "vbox", "VBOX", "VS2005R2", "VMware, Inc.", + "VMware", "VMWARE", "S3 Corp.", "Virtual Machine", "QEMU", "FWCF", + "BOCHS", "BXPC" }; struct dirent* entry; @@ -9463,7 +9446,8 @@ struct VM { strcmp(target, "VMWARE") == 0) { brand = brands::VMWARE; } - else if (strcmp(target, "Qemu") == 0) { + else if (strcmp(target, "QEMU") == 0 || + strcmp(target, "FWCF") == 0) { brand = brands::QEMU; } else if (strcmp(target, "BOCHS") == 0 || @@ -9490,36 +9474,36 @@ struct VM { } - /** - * @brief Check if the number of accessed files are too low for a human-managed environment - * @category Linux - * @note idea from https://unprotect.it/technique/xbel-recently-opened-files-check/ - * @implements VM::FILE_ACCESS_HISTORY + /** + * @brief Check if the number of accessed files are too low for a human-managed environment + * @category Linux + * @note idea from https://unprotect.it/technique/xbel-recently-opened-files-check/ + * @implements VM::FILE_ACCESS_HISTORY */ - [[nodiscard]] static bool file_access_history() { + [[nodiscard]] static bool file_access_history() { #if (!LINUX) - return false; + return false; #else - const std::string xbel_file = util::read_file("~/.local/share/recently-used.xbel"); - + const std::string xbel_file = util::read_file("~/.local/share/recently-used.xbel"); + if (xbel_file.empty()) { debug("FILE_ACCESS_HISTORY: file content is empty"); return false; } - + const std::string key = "href"; + + u32 count = 0; + std::size_t pos = 0; + + while ((pos = xbel_file.find(key, pos)) != std::string::npos) { + count++; + pos += key.length(); + } - u32 count = 0; - std::size_t pos = 0; - - while ((pos = xbel_file.find(key, pos)) != std::string::npos) { - count++; - pos += key.length(); - } - - return (count <= 10); + return (count <= 10); #endif - } + } /* @brief Check if any waveform-audio output devices are present in the system @@ -9583,7 +9567,7 @@ struct VM { debug("UNKNOWN_MANUFACTURER: CPU brand '", brand, "' did not match known vendor IDs."); return true; // no known manufacturer matched, likely a VM } - + /* * @brief Check if running xgetbv in the XCR0 extended feature register triggers an exception @@ -9626,68 +9610,68 @@ struct VM { } - /** - * @brief Check if process status matches with nsjail patterns with PID anomalies - * @category Linux + /** + * @brief Check if process status matches with nsjail patterns with PID anomalies + * @category Linux * @implements VM::NSJAIL_PID - */ - [[nodiscard]] static bool nsjail_proc_id() { + */ + [[nodiscard]] static bool nsjail_proc_id() { #if (!LINUX) return false; #else - std::ifstream status_file("/proc/self/status"); - std::string line; - bool pid_match = false; - bool ppid_match = false; - - while (std::getline(status_file, line)) { - if (line.find("Pid:") == 0) { - std::string num_str = ""; - for (char ch : line) { - if (isdigit(ch)) { - num_str += ch; - } - } - - if (num_str.empty()) { - return false; - } - - if (std::stoi(num_str) == 1) { - pid_match = true; - } - } - - if (line.find("PPid:") == 0) { - std::string num_str = ""; - for (char ch : line) { - if (isdigit(ch)) { - num_str += ch; - } - } - - if (num_str.empty()) { - return false; - } - - if (std::stoi(num_str) == 0) { - ppid_match = true; - } - } - } - - if (pid_match && ppid_match) { + std::ifstream status_file("/proc/self/status"); + std::string line; + bool pid_match = false; + bool ppid_match = false; + + while (std::getline(status_file, line)) { + if (line.find("Pid:") == 0) { + std::string num_str = ""; + for (char ch : line) { + if (isdigit(ch)) { + num_str += ch; + } + } + + if (num_str.empty()) { + return false; + } + + if (std::stoi(num_str) == 1) { + pid_match = true; + } + } + + if (line.find("PPid:") == 0) { + std::string num_str = ""; + for (char ch : line) { + if (isdigit(ch)) { + num_str += ch; + } + } + + if (num_str.empty()) { + return false; + } + + if (std::stoi(num_str) == 0) { + ppid_match = true; + } + } + } + + if (pid_match && ppid_match) { return core::add(brands::NSJAIL); } return false; #endif - } + } - /** - * @brief Check for PCIe bridge names for known VM keywords and brands - * @category Linux + /** + * @brief Check for PCIe bridge names for known VM keywords and brands + * @category Linux * @implements VM::PCI_VM */ [[nodiscard]] static bool lspci() { @@ -9695,33 +9679,32 @@ struct VM { return false; #else if (!( - (util::exists("/usr/bin/lspci")) || + (util::exists("/usr/bin/lspci")) || (util::exists("/bin/lspci")) || (util::exists("/usr/sbin/lspci")) - )) { + )) { debug("PCI_VM: ", "binary doesn't exist"); return false; } const std::unique_ptr result = util::sys_result("lspci 2>&1"); - + if (result == nullptr) { debug("PCI_VM: ", "invalid stdout output from lspci"); return false; } - + const std::string full_command = *result; - + auto pci_finder = [&](const char* str) -> bool { - if (util::find(full_command, str)) { + if (util::find(full_command, str)) { debug("PCI_VM: found ", str); return true; - } - else { + } else { return false; } - }; - + }; + if (pci_finder("QEMU PCIe Root port")) { return core::add(brands::QEMU); } if (pci_finder("QEMU XHCI Host Controller")) { return core::add(brands::QEMU); } if (pci_finder("QXL paravirtual graphic card")) { return core::add(brands::QEMU); } @@ -9751,10 +9734,10 @@ struct VM { struct core { MSVC_DISABLE_WARNING(PADDING) - struct technique { + struct technique { u8 points = 0; // this is the certainty score between 0 and 100 std::function run; // this is the technique function itself - + technique() : points(0), run(nullptr) {} technique(u8 points, std::function run) : points(points), run(run) {} @@ -9767,16 +9750,16 @@ struct VM { }; MSVC_ENABLE_WARNING(PADDING) - // initial technique list, this is where all the techniques are stored - static std::pair technique_list[]; - + // initial technique list, this is where all the techniques are stored + static std::pair technique_list[]; + // the actual table, which is derived from the list above and will be // used for most functionalities related to technique interactions static std::map technique_table; // specific to VM::add_custom(), where custom techniques will be stored here static std::vector custom_table; - + // VM scoreboard table specifically for VM::brand() static std::map brand_scoreboard; @@ -9840,7 +9823,7 @@ struct VM { if (flags.test(DEFAULT)) { return; } - + if (flags.test(ALL)) { return; } @@ -9861,10 +9844,9 @@ struct VM { flags.test(DYNAMIC) || flags.test(NULL_ARG) || flags.test(MULTIPLE) - ) { + ) { generate_default(flags); - } - else { + } else { throw std::invalid_argument("Invalid flag option found, aborting"); } } @@ -9876,7 +9858,7 @@ struct VM { const bool memo_enabled = core::is_disabled(flags, NO_MEMO); u16 threshold_points = 150; - + // set it to 300 if high threshold is enabled if (core::is_enabled(flags, HIGH_THRESHOLD)) { threshold_points = high_threshold_score; @@ -9899,7 +9881,7 @@ struct VM { if ( (technique_macro == VM::GPU_CAPABILITIES) || (technique_macro == VM::GPU_VM_STRINGS) - ) { + ) { continue; } @@ -9937,9 +9919,9 @@ struct VM { // (unless the threshold is set to be higher, but it's the // same story here nonetheless, except the threshold is 300) if ( - (shortcut) && + (shortcut) && (points >= threshold_points) - ) { + ) { return points; } } @@ -9971,7 +9953,7 @@ struct VM { if (memo_enabled) { memo::cache_store( technique.id, - result, + result, technique.points ); } @@ -9986,41 +9968,38 @@ struct VM { }; auto merge_scores = [&]( - const enum_flags a, - const enum_flags b, + const enum_flags a, + const enum_flags b, const u8 new_score + ) { + if ( + core::is_disabled(flags, a) || + core::is_disabled(flags, b) ) { - if ( - core::is_disabled(flags, a) || - core::is_disabled(flags, b) - ) { - return; - } + return; + } - const bool result_a = check(a); - const bool result_b = check(b); + const bool result_a = check(a); + const bool result_b = check(b); - if (result_a && result_b) { - points += new_score; - return; - } - else if ((result_a == false) && (result_b == false)) { - return; - } - else { - enum_flags tmp_flag; - - if (result_a == true) { - tmp_flag = a; - } - else { - tmp_flag = b; - } + if (result_a && result_b) { + points += new_score; + return; + } else if ((result_a == false) && (result_b == false)) { + return; + } else { + enum_flags tmp_flag; - const technique tmp = technique_table.at(tmp_flag); - points += tmp.points; + if (result_a == true) { + tmp_flag = a; + } else { + tmp_flag = b; } - }; + + const technique tmp = technique_table.at(tmp_flag); + points += tmp.points; + } + }; merge_scores(GPU_CAPABILITIES, GPU_VM_STRINGS, 100); // instead of 200, it's 100 now @@ -10074,23 +10053,23 @@ struct VM { /** - * basically what this entire recursive variadic template inheritance - * fuckery does is manage the variadic arguments being given through - * the arg_handler function, which could either be a std::bitset, - * a uint8_t, or a combination of both of them. This will handle - * both argument types and implement them depending on what their - * types are. If it's a std::bitset, do the |= operation on - * flag_collector. If it's a uint8_t, simply .set() that into the + * basically what this entire recursive variadic template inheritance + * fuckery does is manage the variadic arguments being given through + * the arg_handler function, which could either be a std::bitset, + * a uint8_t, or a combination of both of them. This will handle + * both argument types and implement them depending on what their + * types are. If it's a std::bitset, do the |= operation on + * flag_collector. If it's a uint8_t, simply .set() that into the * flag_collector. That's the gist of it. * * Also I won't even deny, the majority of this section was 90% generated * by chatgpt. Can't be arsed with this C++ variadic templatisation shit. - * Like is it really my fault that I have a hard time understanging C++'s - * god awful metaprogramming designs? And don't even get me started on SNIFAE. - * + * Like is it really my fault that I have a hard time understanging C++'s + * god awful metaprogramming designs? And don't even get me started on SNIFAE. + * * You don't need an IQ of 3 digits to realise how dogshit this language * is, when you end up in situations where there's a few correct solutions - * to a problem, but with a billion ways you can do the same thing but in + * to a problem, but with a billion ways you can do the same thing but in * the "wrong" way. I genuinely can't wait for Carbon to come out. */ public: @@ -10136,8 +10115,7 @@ struct VM { if (disabled_flag_collector.count() == 0) { return; - } - else { + } else { flags &= disabled_flag_collector; } @@ -10161,17 +10139,15 @@ struct VM { if ( (flag == INVALID) || (flag > enum_size) - ) { + ) { throw std::invalid_argument("Non-flag or invalid flag provided for VM::detect(), aborting"); } if (flag == DEFAULT) { generate_default(flag_collector); - } - else if (flag == ALL) { + } else if (flag == ALL) { generate_all(flag_collector); - } - else { + } else { flag_collector.set(flag); } } @@ -10200,7 +10176,7 @@ struct VM { // Define derived classes for specific type implementations struct TestBitsetHandler : public TestHandler { - using TestHandler::handle; + using TestHandler::handle; void handle(const flagset& flags) override { disable_flagset_manager(flags); @@ -10208,7 +10184,7 @@ struct VM { }; struct TestUint8Handler : public TestHandler { - using TestHandler::handle; + using TestHandler::handle; void handle(const enum_flags flag) override { flag_manager(flag); @@ -10216,7 +10192,7 @@ struct VM { }; struct DisableTestUint8Handler : public DisableTestHandler { - using DisableTestHandler::disable_handle; + using DisableTestHandler::disable_handle; void disable_handle(const enum_flags flag) override { disable_flag_manager(flag); @@ -10259,11 +10235,9 @@ struct VM { if (isType(first)) { dispatch(first, bitsetHandler); - } - else if (isType(first)) { + } else if (isType(first)) { dispatch(first, uint8Handler); - } - else { + } else { const std::string msg = "Arguments must either be a std::bitset<" + std::to_string(static_cast(enum_size + 1)) + @@ -10283,11 +10257,9 @@ struct VM { if (isType(first)) { throw std::invalid_argument("Arguments must not contain VM::DEFAULT or VM::ALL, only technique flags are accepted (view the documentation for a full list)"); - } - else if (isType(first)) { + } else if (isType(first)) { disable_dispatch(first, Disableuint8Handler); - } - else { + } else { throw std::invalid_argument("Arguments must be a technique flag, aborting"); } @@ -10315,7 +10287,7 @@ struct VM { flag_collector.reset(); generate_default(disabled_flag_collector); - if VMAWARE_CONSTEXPR(is_empty()) { + if VMAWARE_CONSTEXPR (is_empty()) { generate_default(flag_collector); return flag_collector; } @@ -10323,7 +10295,7 @@ struct VM { // set the bits in the flag, can take in // either an enum value or a std::bitset handleArgs(std::forward(args)...); - + if (flag_collector.count() == 0) { generate_default(flag_collector); } @@ -10359,7 +10331,7 @@ struct VM { generate_default(disabled_flag_collector); - if VMAWARE_CONSTEXPR(is_empty()) { + if VMAWARE_CONSTEXPR (is_empty()) { throw std::invalid_argument("VM::DISABLE() must contain a flag"); } @@ -10433,7 +10405,7 @@ struct VM { * @link https://github.com/kernelwernel/VMAware/blob/main/docs/documentation.md#vmcheck */ static bool check( - const enum_flags flag_bit, + const enum_flags flag_bit, const enum_flags memo_arg = NULL_ARG // clang doesn't support std::source_location for some reason #if (CPP >= 20 && !CLANG) @@ -10448,7 +10420,7 @@ struct VM { #endif ss << ". Consult the documentation's flag handler for VM::check()"; throw std::invalid_argument(std::string(text) + ss.str()); - }; + }; // check if flag is out of range if (flag_bit > enum_size) { @@ -10461,14 +10433,14 @@ struct VM { (flag_bit == HIGH_THRESHOLD) || (flag_bit == DYNAMIC) || (flag_bit == MULTIPLE) - ) { + ) { throw_error("Flag argument must be a technique flag and not a settings flag"); } if ( - (memo_arg != NO_MEMO) && + (memo_arg != NO_MEMO) && (memo_arg != NULL_ARG) - ) { + ) { throw_error("Flag argument for memoization must be either VM::NO_MEMO or left empty"); } @@ -10541,8 +10513,7 @@ struct VM { core_debug("VM::brand(): returned multi brand from cache"); return memo::multi_brand::fetch(); } - } - else { + } else { if (memo::brand::is_cached()) { core_debug("VM::brand(): returned brand from cache"); return memo::brand::fetch(); @@ -10601,7 +10572,7 @@ struct VM { std::map brands; // add the relevant brands with at least 1 point - for (const auto& element : core::brand_scoreboard) { + for (const auto &element : core::brand_scoreboard) { if (element.second > 0) { brands.insert(std::make_pair(element.first, element.second)); } @@ -10620,7 +10591,7 @@ struct VM { if (brands.size() == 1) { return brands.begin()->first; } - + // remove Hyper-V artifacts if found with other // brands, because that's not a VM. It's added // only for the sake of information cuz of the @@ -10636,12 +10607,12 @@ struct VM { if ( (brands.count(a) > 0) && (brands.count(b) > 0) - ) { + ) { brands.erase(a); brands.erase(b); brands.emplace(std::make_pair(result, 2)); } - }; + }; // same as above, but for 3 auto triple_merge = [&](const char* a, const char* b, const char* c, const char* result) -> void { @@ -10649,13 +10620,13 @@ struct VM { (brands.count(a) > 0) && (brands.count(b) > 0) && (brands.count(c) > 0) - ) { + ) { brands.erase(a); brands.erase(b); brands.erase(c); brands.emplace(std::make_pair(result, 2)); } - }; + }; // some edgecase handling for Hyper-V and VirtualPC since @@ -10663,12 +10634,11 @@ struct VM { if ((brands.count(TMP_HYPERV) > 0) && (brands.count(TMP_VPC) > 0)) { if (brands.count(TMP_HYPERV) == brands.count(TMP_VPC)) { merge(TMP_VPC, TMP_HYPERV, TMP_HYPERV_VPC); - } - else { + } else { brands.erase(TMP_VPC); } } - + // this is the section where brand post-processing will be done. // The reason why this part is necessary is because it will @@ -10681,35 +10651,35 @@ struct VM { // brand is "Azure Hyper-V" instead of just "Hyper-V". So what // this section does is "merge" the brands together to form // a more accurate idea of the brand(s) involved. - merge(TMP_AZURE, TMP_HYPERV, TMP_AZURE); - merge(TMP_AZURE, TMP_VPC, TMP_AZURE); + merge(TMP_AZURE, TMP_HYPERV, TMP_AZURE); + merge(TMP_AZURE, TMP_VPC, TMP_AZURE); merge(TMP_AZURE, TMP_HYPERV_VPC, TMP_AZURE); - merge(TMP_NANOVISOR, TMP_HYPERV, TMP_NANOVISOR); - merge(TMP_NANOVISOR, TMP_VPC, TMP_NANOVISOR); + merge(TMP_NANOVISOR, TMP_HYPERV, TMP_NANOVISOR); + merge(TMP_NANOVISOR, TMP_VPC, TMP_NANOVISOR); merge(TMP_NANOVISOR, TMP_HYPERV_VPC, TMP_NANOVISOR); - - merge(TMP_QEMU, TMP_KVM, TMP_QEMU_KVM); - merge(TMP_KVM, TMP_HYPERV, TMP_KVM_HYPERV); - merge(TMP_QEMU, TMP_HYPERV, TMP_QEMU_KVM_HYPERV); - merge(TMP_QEMU_KVM, TMP_HYPERV, TMP_QEMU_KVM_HYPERV); - merge(TMP_KVM, TMP_KVM_HYPERV, TMP_KVM_HYPERV); - merge(TMP_QEMU, TMP_KVM_HYPERV, TMP_QEMU_KVM_HYPERV); + + merge(TMP_QEMU, TMP_KVM, TMP_QEMU_KVM); + merge(TMP_KVM, TMP_HYPERV, TMP_KVM_HYPERV); + merge(TMP_QEMU, TMP_HYPERV, TMP_QEMU_KVM_HYPERV); + merge(TMP_QEMU_KVM, TMP_HYPERV, TMP_QEMU_KVM_HYPERV); + merge(TMP_KVM, TMP_KVM_HYPERV, TMP_KVM_HYPERV); + merge(TMP_QEMU, TMP_KVM_HYPERV, TMP_QEMU_KVM_HYPERV); merge(TMP_QEMU_KVM, TMP_KVM_HYPERV, TMP_QEMU_KVM_HYPERV); triple_merge(TMP_QEMU, TMP_KVM, TMP_KVM_HYPERV, TMP_QEMU_KVM_HYPERV); - merge(TMP_VMWARE, TMP_FUSION, TMP_FUSION); - merge(TMP_VMWARE, TMP_EXPRESS, TMP_EXPRESS); - merge(TMP_VMWARE, TMP_ESX, TMP_ESX); - merge(TMP_VMWARE, TMP_GSX, TMP_GSX); + merge(TMP_VMWARE, TMP_FUSION, TMP_FUSION); + merge(TMP_VMWARE, TMP_EXPRESS, TMP_EXPRESS); + merge(TMP_VMWARE, TMP_ESX, TMP_ESX); + merge(TMP_VMWARE, TMP_GSX, TMP_GSX); merge(TMP_VMWARE, TMP_WORKSTATION, TMP_WORKSTATION); - merge(TMP_VMWARE_HARD, TMP_VMWARE, TMP_VMWARE_HARD); - merge(TMP_VMWARE_HARD, TMP_FUSION, TMP_VMWARE_HARD); - merge(TMP_VMWARE_HARD, TMP_EXPRESS, TMP_VMWARE_HARD); - merge(TMP_VMWARE_HARD, TMP_ESX, TMP_VMWARE_HARD); - merge(TMP_VMWARE_HARD, TMP_GSX, TMP_VMWARE_HARD); + merge(TMP_VMWARE_HARD, TMP_VMWARE, TMP_VMWARE_HARD); + merge(TMP_VMWARE_HARD, TMP_FUSION, TMP_VMWARE_HARD); + merge(TMP_VMWARE_HARD, TMP_EXPRESS, TMP_VMWARE_HARD); + merge(TMP_VMWARE_HARD, TMP_ESX, TMP_VMWARE_HARD); + merge(TMP_VMWARE_HARD, TMP_GSX, TMP_VMWARE_HARD); merge(TMP_VMWARE_HARD, TMP_WORKSTATION, TMP_VMWARE_HARD); @@ -10741,11 +10711,11 @@ struct VM { // sort the relevant brands vector so that the brands with // the highest score appears first in descending order std::sort(vec.begin(), vec.end(), []( - const brand_element_t& a, - const brand_element_t& b - ) { - return a.second > b.second; - }); + const brand_element_t &a, + const brand_element_t &b + ) { + return a.second > b.second; + }); std::string ret_str = brands::NULL_BRAND; @@ -10758,8 +10728,7 @@ struct VM { // See VM::MULTIPLE flag in docs for more information. if (!is_multiple) { ret_str = vec.front().first; - } - else { + } else { std::stringstream ss; std::size_t i = 1; @@ -10778,13 +10747,12 @@ struct VM { if (is_multiple) { core_debug("VM::brand(): cached multiple brand string"); memo::multi_brand::store(ret_str); - } - else { + } else { core_debug("VM::brand(): cached brand string"); memo::brand::store(ret_str); } } - + // debug stuff to see the brand scoreboard, ignore this #ifdef __VMAWARE_DEBUG__ @@ -10861,11 +10829,9 @@ struct VM { // above 150 to get to 100% if (points >= threshold) { percent = 100; - } - else if (points >= 100) { + } else if (points >= 100) { percent = 99; - } - else { + } else { percent = static_cast(points); } @@ -10895,7 +10861,7 @@ struct VM { #endif ss << ". Consult the documentation's parameters for VM::add_custom()"; throw std::invalid_argument(std::string(text) + ss.str()); - }; + }; if (percent > 100) { throw_error("Percentage parameter must be between 0 and 100"); @@ -10945,105 +10911,105 @@ struct VM { */ [[nodiscard]] static std::string flag_to_string(const enum_flags flag) { switch (flag) { - case VMID: return "VMID"; - case CPU_BRAND: return "CPU_BRAND"; - case HYPERVISOR_BIT: return "HYPERVISOR_BIT"; - case HYPERVISOR_STR: return "HYPERVISOR_STR"; - case TIMER: return "TIMER"; - case THREADCOUNT: return "THREADCOUNT"; - case MAC: return "MAC"; - case TEMPERATURE: return "TEMPERATURE"; - case SYSTEMD: return "SYSTEMD"; - case CVENDOR: return "CVENDOR"; - case CTYPE: return "CTYPE"; - case DOCKERENV: return "DOCKERENV"; - case DMIDECODE: return "DMIDECODE"; - case DMESG: return "DMESG"; - case HWMON: return "HWMON"; - case DLL: return "DLL"; - case REGISTRY: return "REGISTRY"; - case VM_FILES: return "VM_FILES"; - case HWMODEL: return "HWMODEL"; - case DISK_SIZE: return "DISK_SIZE"; - case VBOX_DEFAULT: return "VBOX_DEFAULT"; - case VBOX_NETWORK: return "VBOX_NETWORK"; - case VM_PROCESSES: return "VM_PROCESSES"; - case LINUX_USER_HOST: return "LINUX_USER_HOST"; - case GAMARUE: return "GAMARUE"; - case BOCHS_CPU: return "BOCHS_CPU"; - case MSSMBIOS: return "MSSMBIOS"; - case MAC_MEMSIZE: return "MAC_MEMSIZE"; - case MAC_IOKIT: return "MAC_IOKIT"; - case IOREG_GREP: return "IOREG_GREP"; - case MAC_SIP: return "MAC_SIP"; - case HKLM_REGISTRIES: return "HKLM_REGISTRIES"; - case VPC_INVALID: return "VPC_INVALID"; - case SIDT: return "SIDT"; - case SGDT: return "SGDT"; - case SLDT: return "SLDT"; - case VMWARE_IOMEM: return "VMWARE_IOMEM"; - case VMWARE_IOPORTS: return "VMWARE_IOPORTS"; - case VMWARE_SCSI: return "VMWARE_SCSI"; - case VMWARE_DMESG: return "VMWARE_DMESG"; - case VMWARE_STR: return "VMWARE_STR"; - case VMWARE_BACKDOOR: return "VMWARE_BACKDOOR"; - case VMWARE_PORT_MEM: return "VMWARE_PORT_MEM"; - case SMSW: return "SMSW"; - case MUTEX: return "MUTEX"; - case ODD_CPU_THREADS: return "ODD_CPU_THREADS"; - case INTEL_THREAD_MISMATCH: return "INTEL_THREAD_MISMATCH"; - case XEON_THREAD_MISMATCH: return "XEON_THREAD_MISMATCH"; - case NETTITUDE_VM_MEMORY: return "NETTITUDE_VM_MEMORY"; - case CUCKOO_DIR: return "CUCKOO_DIR"; - case CUCKOO_PIPE: return "CUCKOO_PIPE"; - case HYPERV_HOSTNAME: return "HYPERV_HOSTNAME"; - case GENERAL_HOSTNAME: return "GENERAL_HOSTNAME"; - case SCREEN_RESOLUTION: return "SCREEN_RESOLUTION"; - case DEVICE_STRING: return "DEVICE_STRING"; - case BLUESTACKS_FOLDERS: return "BLUESTACKS_FOLDERS"; - case CPUID_SIGNATURE: return "CPUID_SIGNATURE"; - case KVM_BITMASK: return "KVM_BITMASK"; - case KGT_SIGNATURE: return "KGT_SIGNATURE"; - case QEMU_VIRTUAL_DMI: return "QEMU_VIRTUAL_DMI"; - case QEMU_USB: return "QEMU_USB"; - case HYPERVISOR_DIR: return "HYPERVISOR_DIR"; - case UML_CPU: return "UML_CPU"; - case KMSG: return "KMSG"; - case VM_PROCS: return "VM_PROCS"; - case VBOX_MODULE: return "VBOX_MODULE"; - case SYSINFO_PROC: return "SYSINFO_PROC"; - case DEVICE_TREE: return "DEVICE_TREE"; - case DMI_SCAN: return "DMI_SCAN"; - case SMBIOS_VM_BIT: return "SMBIOS_VM_BIT"; - case PODMAN_FILE: return "PODMAN_FILE"; - case WSL_PROC: return "WSL_PROC"; - case DRIVER_NAMES: return "DRIVER_NAMES"; - case DISK_SERIAL: return "DISK_SERIAL"; - case PORT_CONNECTORS: return "PORT_CONNECTORS"; - case GPU_VM_STRINGS: return "GPU_STRINGS"; - case GPU_CAPABILITIES: return "GPU_CAPABILITIES"; - case VM_DEVICES: return "VM_DEVICES"; - case PROCESSOR_NUMBER: return "PROCESSOR_NUMBER"; - case NUMBER_OF_CORES: return "NUMBER_OF_CORES"; - case ACPI_TEMPERATURE: return "ACPI_TEMPERATURE"; - case SYS_QEMU: return "SYS_QEMU"; - case LSHW_QEMU: return "LSHW_QEMU"; - case VIRTUAL_PROCESSORS: return "VIRTUAL_PROCESSORS"; - case HYPERV_QUERY: return "HYPERV_QUERY"; - case BAD_POOLS: return "BAD_POOLS"; - case AMD_SEV: return "AMD_SEV"; - case AMD_THREAD_MISMATCH: return "AMD_THREAD_MISMATCH"; - case NATIVE_VHD: return "NATIVE_VHD"; - case VIRTUAL_REGISTRY: return "VIRTUAL_REGISTRY"; - case FIRMWARE: return "FIRMWARE"; - case FILE_ACCESS_HISTORY: return "FILE_ACCESS_HISTORY"; - case AUDIO: return "AUDIO"; - case UNKNOWN_MANUFACTURER: return "UNKNOWN_MANUFACTURER"; - case OSXSAVE: return "OSXSAVE"; - case NSJAIL_PID: return "NSJAIL_PID"; - case PCI_VM: return "PCI_VM"; + case VMID: return "VMID"; + case CPU_BRAND: return "CPU_BRAND"; + case HYPERVISOR_BIT: return "HYPERVISOR_BIT"; + case HYPERVISOR_STR: return "HYPERVISOR_STR"; + case TIMER: return "TIMER"; + case THREADCOUNT: return "THREADCOUNT"; + case MAC: return "MAC"; + case TEMPERATURE: return "TEMPERATURE"; + case SYSTEMD: return "SYSTEMD"; + case CVENDOR: return "CVENDOR"; + case CTYPE: return "CTYPE"; + case DOCKERENV: return "DOCKERENV"; + case DMIDECODE: return "DMIDECODE"; + case DMESG: return "DMESG"; + case HWMON: return "HWMON"; + case DLL: return "DLL"; + case REGISTRY: return "REGISTRY"; + case VM_FILES: return "VM_FILES"; + case HWMODEL: return "HWMODEL"; + case DISK_SIZE: return "DISK_SIZE"; + case VBOX_DEFAULT: return "VBOX_DEFAULT"; + case VBOX_NETWORK: return "VBOX_NETWORK"; + case VM_PROCESSES: return "VM_PROCESSES"; + case LINUX_USER_HOST: return "LINUX_USER_HOST"; + case GAMARUE: return "GAMARUE"; + case BOCHS_CPU: return "BOCHS_CPU"; + case MSSMBIOS: return "MSSMBIOS"; + case MAC_MEMSIZE: return "MAC_MEMSIZE"; + case MAC_IOKIT: return "MAC_IOKIT"; + case IOREG_GREP: return "IOREG_GREP"; + case MAC_SIP: return "MAC_SIP"; + case HKLM_REGISTRIES: return "HKLM_REGISTRIES"; + case VPC_INVALID: return "VPC_INVALID"; + case SIDT: return "SIDT"; + case SGDT: return "SGDT"; + case SLDT: return "SLDT"; + case VMWARE_IOMEM: return "VMWARE_IOMEM"; + case VMWARE_IOPORTS: return "VMWARE_IOPORTS"; + case VMWARE_SCSI: return "VMWARE_SCSI"; + case VMWARE_DMESG: return "VMWARE_DMESG"; + case VMWARE_STR: return "VMWARE_STR"; + case VMWARE_BACKDOOR: return "VMWARE_BACKDOOR"; + case VMWARE_PORT_MEM: return "VMWARE_PORT_MEM"; + case SMSW: return "SMSW"; + case MUTEX: return "MUTEX"; + case ODD_CPU_THREADS: return "ODD_CPU_THREADS"; + case INTEL_THREAD_MISMATCH: return "INTEL_THREAD_MISMATCH"; + case XEON_THREAD_MISMATCH: return "XEON_THREAD_MISMATCH"; + case NETTITUDE_VM_MEMORY: return "NETTITUDE_VM_MEMORY"; + case CUCKOO_DIR: return "CUCKOO_DIR"; + case CUCKOO_PIPE: return "CUCKOO_PIPE"; + case HYPERV_HOSTNAME: return "HYPERV_HOSTNAME"; + case GENERAL_HOSTNAME: return "GENERAL_HOSTNAME"; + case SCREEN_RESOLUTION: return "SCREEN_RESOLUTION"; + case DEVICE_STRING: return "DEVICE_STRING"; + case BLUESTACKS_FOLDERS: return "BLUESTACKS_FOLDERS"; + case CPUID_SIGNATURE: return "CPUID_SIGNATURE"; + case KVM_BITMASK: return "KVM_BITMASK"; + case KGT_SIGNATURE: return "KGT_SIGNATURE"; + case QEMU_VIRTUAL_DMI: return "QEMU_VIRTUAL_DMI"; + case QEMU_USB: return "QEMU_USB"; + case HYPERVISOR_DIR: return "HYPERVISOR_DIR"; + case UML_CPU: return "UML_CPU"; + case KMSG: return "KMSG"; + case VM_PROCS: return "VM_PROCS"; + case VBOX_MODULE: return "VBOX_MODULE"; + case SYSINFO_PROC: return "SYSINFO_PROC"; + case DEVICE_TREE: return "DEVICE_TREE"; + case DMI_SCAN: return "DMI_SCAN"; + case SMBIOS_VM_BIT: return "SMBIOS_VM_BIT"; + case PODMAN_FILE: return "PODMAN_FILE"; + case WSL_PROC: return "WSL_PROC"; + case DRIVER_NAMES: return "DRIVER_NAMES"; + case DISK_SERIAL: return "DISK_SERIAL"; + case PORT_CONNECTORS: return "PORT_CONNECTORS"; + case GPU_VM_STRINGS: return "GPU_STRINGS"; + case GPU_CAPABILITIES: return "GPU_CAPABILITIES"; + case VM_DEVICES: return "VM_DEVICES"; + case PROCESSOR_NUMBER: return "PROCESSOR_NUMBER"; + case NUMBER_OF_CORES: return "NUMBER_OF_CORES"; + case ACPI_TEMPERATURE: return "ACPI_TEMPERATURE"; + case SYS_QEMU: return "SYS_QEMU"; + case LSHW_QEMU: return "LSHW_QEMU"; + case VIRTUAL_PROCESSORS: return "VIRTUAL_PROCESSORS"; + case HYPERV_QUERY: return "HYPERV_QUERY"; + case BAD_POOLS: return "BAD_POOLS"; + case AMD_SEV: return "AMD_SEV"; + case AMD_THREAD_MISMATCH: return "AMD_THREAD_MISMATCH"; + case NATIVE_VHD: return "NATIVE_VHD"; + case VIRTUAL_REGISTRY: return "VIRTUAL_REGISTRY"; + case FIRMWARE: return "FIRMWARE"; + case FILE_ACCESS_HISTORY: return "FILE_ACCESS_HISTORY"; + case AUDIO: return "AUDIO"; + case UNKNOWN_MANUFACTURER: return "UNKNOWN_MANUFACTURER"; + case OSXSAVE: return "OSXSAVE"; + case NSJAIL_PID: return "NSJAIL_PID"; + case PCI_VM: return "PCI_VM"; // ADD NEW CASE HERE FOR NEW TECHNIQUE - default: return "Unknown flag"; + default: return "Unknown flag"; } } @@ -11065,7 +11031,7 @@ struct VM { if ( (flags.test(technique_enum)) && (check(static_cast(technique_enum))) - ) { + ) { tmp.push_back(static_cast(technique_enum)); } } @@ -11096,7 +11062,7 @@ struct VM { #endif ss << ". Consult the documentation's parameters for VM::modify_score()"; throw std::invalid_argument(std::string(text) + ss.str()); - }; + }; if (percent > 100) { throw_error("Percentage parameter must be between 0 and 100"); @@ -11111,13 +11077,13 @@ struct VM { throw_error("The flag is not a technique flag"); } - using table_t = std::map; + using table_t = std::map; - auto modify = [](table_t& table, const enum_flags flag, const u8 percent) -> void { - core::technique& tmp = table.at(flag); + auto modify = [](table_t &table, const enum_flags flag, const u8 percent) -> void { + core::technique &tmp = table.at(flag); table[flag].points = percent; table[flag].run = tmp.run; - }; + }; modify(core::technique_table, flag, percent); } @@ -11155,7 +11121,7 @@ struct VM { return "Unknown"; } - const std::map type_table{ + const std::map type_table { // type 1 { brands::XEN, "Hypervisor (type 1)" }, { brands::VMWARE_ESX, "Hypervisor (type 1)" }, @@ -11263,13 +11229,13 @@ struct VM { const std::string very_likely = "Very likely"; const std::string inside_vm = "Running inside"; - auto make_conclusion = [&](const std::string& category) -> std::string { + auto make_conclusion = [&](const std::string &category) -> std::string { // this basically just fixes the grammatical syntax // by either having "a" or "an" before the VM brand // name, like it would look weird if the conclusion // message was "an VirtualBox" or "a Anubis", so this // section fixes that issue. - std::string article = ""; + std::string article = ""; if ( (brand_tmp == brands::ACRN) || @@ -11288,10 +11254,9 @@ struct VM { (brand_tmp == brands::AMD_SEV_SNP) || (brand_tmp == brands::NSJAIL) || (brand_tmp == brands::NULL_BRAND) - ) { + ) { article = " an "; - } - else { + } else { article = " a "; } @@ -11303,33 +11268,31 @@ struct VM { // Hyper-V artifacts are an exception due to how unique the circumstance is if (brand_tmp == brands::HYPERV_ARTIFACT) { - return (category + article + brand_tmp); - } - else { + return (category + article + brand_tmp); + } else { return (category + article + brand_tmp + " VM"); } - }; + }; if (core::is_enabled(flags, DYNAMIC)) { - if (percent_tmp == 0) { return baremetal; } - else if (percent_tmp <= 20) { return very_unlikely; } - else if (percent_tmp <= 35) { return unlikely; } - else if (percent_tmp < 50) { return make_conclusion(potentially); } - else if (percent_tmp <= 62) { return make_conclusion(might); } - else if (percent_tmp <= 75) { return make_conclusion(likely); } - else if (percent_tmp < 100) { return make_conclusion(very_likely); } - else { return make_conclusion(inside_vm); } + if (percent_tmp == 0) { return baremetal; } + else if (percent_tmp <= 20) { return very_unlikely; } + else if (percent_tmp <= 35) { return unlikely; } + else if (percent_tmp < 50) { return make_conclusion(potentially); } + else if (percent_tmp <= 62) { return make_conclusion(might); } + else if (percent_tmp <= 75) { return make_conclusion(likely); } + else if (percent_tmp < 100) { return make_conclusion(very_likely); } + else { return make_conclusion(inside_vm); } } if (percent_tmp == 100) { return make_conclusion(inside_vm); - } - else { + } else { return baremetal; } } -#pragma pack(push, 1) + #pragma pack(push, 1) struct vmaware { std::string brand; std::string type; @@ -11352,7 +11315,7 @@ struct VM { technique_count = VM::technique_count; } }; -#pragma pack(pop) + #pragma pack(pop) static u16 technique_count; // get total number of techniques @@ -11360,7 +11323,7 @@ struct VM { #ifdef __VMAWARE_DEBUG__ static u16 total_points; #endif - }; +}; MSVC_ENABLE_WARNING(ASSIGNMENT_OPERATOR NO_INLINE_FUNC SPECTRE) @@ -11477,7 +11440,7 @@ std::vector VM::technique_vector = []() -> std::vector { } return tmp; - }(); +}(); // this value is incremented each time VM::add_custom is called @@ -11603,4 +11566,4 @@ table_t VM::core::technique_table = []() -> table_t { table.insert(technique); } return table; - }(); +}();