diff --git a/docs/documentation.md b/docs/documentation.md index 10ee4b4b..93a611ef 100755 --- a/docs/documentation.md +++ b/docs/documentation.md @@ -495,7 +495,6 @@ VMAware provides a convenient way to not only check for VMs, but also have the f | `VM::DEVICE_STRING` | Check if bogus device string would be accepted | 🪟 | 25% | | | | | [link](https://github.com/kernelwernel/VMAware/blob/8cb2491b1c7d2cb7300d1d698b7c64c953b4ae75/src/vmaware.hpp#L6821) | | `VM::BLUESTACKS_FOLDERS` | Check for the presence of BlueStacks-specific folders | 🐧 | 5% | | | | | [link](https://github.com/kernelwernel/VMAware/blob/8cb2491b1c7d2cb7300d1d698b7c64c953b4ae75/src/vmaware.hpp#L6842) | | `VM::CPUID_SIGNATURE` | Check for signatures in leaf 0x40000001 in CPUID | 🐧🪟🍏 | 95% | | | | | [link](https://github.com/kernelwernel/VMAware/blob/8cb2491b1c7d2cb7300d1d698b7c64c953b4ae75/src/vmaware.hpp#L6865) | -| `VM::KVM_BITMASK` | Check for KVM CPUID bitmask range for reserved values | 🐧🪟🍏 | 40% | | | | | [link](https://github.com/kernelwernel/VMAware/blob/8cb2491b1c7d2cb7300d1d698b7c64c953b4ae75/src/vmaware.hpp#L6893) | | `VM::KGT_SIGNATURE` | Check for Intel KGT (Trusty branch) hypervisor signature in CPUID | 🐧🪟🍏 | 80% | | | | | [link](https://github.com/kernelwernel/VMAware/blob/8cb2491b1c7d2cb7300d1d698b7c64c953b4ae75/src/vmaware.hpp#L6931) | | `VM::QEMU_VIRTUAL_DMI` | Check for presence of QEMU in the /sys/devices/virtual/dmi/id directory | 🐧 | 40% | | | | | [link](https://github.com/kernelwernel/VMAware/blob/8cb2491b1c7d2cb7300d1d698b7c64c953b4ae75/src/vmaware.hpp#L6956) | | `VM::QEMU_USB` | Check for presence of QEMU in the /sys/kernel/debug/usb/devices directory | 🐧 | 20% | | | | | [link](https://github.com/kernelwernel/VMAware/blob/8cb2491b1c7d2cb7300d1d698b7c64c953b4ae75/src/vmaware.hpp#L6986) | diff --git a/src/cli.cpp b/src/cli.cpp index c2f671eb..42ab0193 100755 --- a/src/cli.cpp +++ b/src/cli.cpp @@ -371,7 +371,6 @@ bool is_unsupported(VM::enum_flags flag) { case VM::GENERAL_HOSTNAME: case VM::BLUESTACKS_FOLDERS: case VM::CPUID_SIGNATURE: - case VM::KVM_BITMASK: case VM::KGT_SIGNATURE: case VM::QEMU_VIRTUAL_DMI: case VM::QEMU_USB: @@ -440,7 +439,6 @@ bool is_unsupported(VM::enum_flags flag) { case VM::SCREEN_RESOLUTION: case VM::DEVICE_STRING: case VM::CPUID_SIGNATURE: - case VM::KVM_BITMASK: case VM::KGT_SIGNATURE: case VM::DRIVER_NAMES: case VM::DISK_SERIAL: @@ -485,7 +483,6 @@ bool is_unsupported(VM::enum_flags flag) { case VM::INTEL_THREAD_MISMATCH: case VM::XEON_THREAD_MISMATCH: case VM::CPUID_SIGNATURE: - case VM::KVM_BITMASK: case VM::KGT_SIGNATURE: case VM::AMD_SEV: case VM::AMD_THREAD_MISMATCH: @@ -903,7 +900,6 @@ void general() { checker(VM::DEVICE_STRING, "bogus device string"); checker(VM::BLUESTACKS_FOLDERS, "BlueStacks folders"); checker(VM::CPUID_SIGNATURE, "CPUID signatures"); - checker(VM::KVM_BITMASK, "KVM CPUID reserved bitmask"); checker(VM::KGT_SIGNATURE, "Intel KGT signature"); checker(VM::QEMU_VIRTUAL_DMI, "QEMU virtual DMI directory"); checker(VM::QEMU_USB, "QEMU USB"); diff --git a/src/vmaware.hpp b/src/vmaware.hpp index 47edafb2..3cd2d3e2 100644 --- a/src/vmaware.hpp +++ b/src/vmaware.hpp @@ -592,7 +592,6 @@ struct VM { DEVICE_STRING, BLUESTACKS_FOLDERS, CPUID_SIGNATURE, - KVM_BITMASK, KGT_SIGNATURE, QEMU_VIRTUAL_DMI, QEMU_USB, @@ -837,7 +836,7 @@ struct VM { cpu::leaf::brand3 }}; - std::string b(48, '\n'); + std::string b(48, '\0'); union Regs { u32 i[4]; @@ -1984,7 +1983,7 @@ struct VM { return true; } - // Otherwise map to your enums: + // Otherwise map to our enums: switch (v.size) { case 4: // "qemu" or "vbox" return core::add(v.data[0] == 'q' @@ -5618,43 +5617,6 @@ struct VM { } - /** - * @brief Check for KVM CPUID bitmask range for reserved values - * @category x86 - * @implements VM::KVM_BITMASK - */ - [[nodiscard]] static bool kvm_bitmask() { -#if (!x86) - return false; -#else - u32 eax, ebx, ecx, edx = 0; - cpu::cpuid(eax, ebx, ecx, edx, 0x40000000); - - // KVM brand and max leaf check - if (!( - (eax == 0x40000001) && - (ebx == 0x4b4d564b) && - (ecx == 0x564b4d56) && - (edx == 0x4d) - )) { - return false; - } - - cpu::cpuid(eax, ebx, ecx, edx, 0x40000001); - - if ( - (eax & (1 << 8)) && - (((eax >> 13) & 0b1111111111) == 0) && - ((eax >> 24) == 0) - ) { - return core::add(brands::KVM); - } - - return false; -#endif - } - - /** * @brief Check for Intel KGT (Trusty branch) hypervisor signature in CPUID * @link https://github.com/intel/ikgt-core/blob/7dfd4d1614d788ec43b02602cce7a272ef8d5931/vmm/vmexit/vmexit_cpuid.c @@ -6274,8 +6236,8 @@ struct VM { }; static constexpr std::array hex_positions = { { - 2, 3, 4, 5, 6, 7, 8, 9, - 11,12,13,14,15,16,17,18 + 2, 3, 4, 5, 6, 7, 8, 9, + 11,12,13,14,15,16,17,18 } }; for (u8 idx : hex_positions) { @@ -6286,6 +6248,18 @@ struct VM { return str[10] == '-'; }; + auto is_qemu_serial = [](const char* str, u8 len) -> bool { + constexpr const char* prefix = "QM0000"; + constexpr size_t prefix_len = 6; + if (len < prefix_len) + return false; + for (size_t i = 0; i < prefix_len; ++i) { + if (str[i] != prefix[i]) + return false; + } + return true; + }; + for (u8 drive = 0; drive < MAX_PHYSICAL_DRIVES; drive++) { wchar_t path[32]; swprintf_s(path, L"\\\\.\\PhysicalDrive%u", drive); @@ -6327,9 +6301,7 @@ struct VM { if (!DeviceIoControl(hDevice, IOCTL_STORAGE_QUERY_PROPERTY, &query, sizeof(query), buffer, header.Size, &bytesReturned, nullptr)) { - if (buffer != stackBuf) { - LocalFree(buffer); - } + if (buffer != stackBuf) LocalFree(buffer); CloseHandle(hDevice); continue; } @@ -6347,13 +6319,7 @@ struct VM { constexpr size_t BUF_SZ = 256; char upperSerial[BUF_SZ] = { 0 }; - size_t copyLen; - if (serialLen < (BUF_SZ - 1)) { - copyLen = serialLen; - } - else { - copyLen = BUF_SZ - 1; - } + size_t copyLen = (serialLen < BUF_SZ - 1) ? serialLen : BUF_SZ - 1; for (size_t i = 0; i < copyLen; ++i) { char c = serial[i]; @@ -6361,19 +6327,22 @@ struct VM { } upperSerial[copyLen] = '\0'; + if (is_qemu_serial(upperSerial, static_cast(copyLen))) { + result = core::add(brands::QEMU); + if (buffer != stackBuf) LocalFree(buffer); + CloseHandle(hDevice); + return result; + } + if (is_vbox_serial(upperSerial, static_cast(copyLen))) { result = core::add(brands::VBOX); - if (buffer != stackBuf) { - LocalFree(buffer); - } + if (buffer != stackBuf) LocalFree(buffer); CloseHandle(hDevice); return result; } } - if (buffer != stackBuf) { - LocalFree(buffer); - } + if (buffer != stackBuf) LocalFree(buffer); CloseHandle(hDevice); } @@ -10518,7 +10487,6 @@ struct VM { case DEVICE_STRING: return "DEVICE_STRING"; case BLUESTACKS_FOLDERS: return "BLUESTACKS_FOLDERS"; case CPUID_SIGNATURE: return "CPUID_SIGNATURE"; - case KVM_BITMASK: return "KVM_BITMASK"; case KGT_SIGNATURE: return "KGT_SIGNATURE"; case QEMU_VIRTUAL_DMI: return "QEMU_VIRTUAL_DMI"; case QEMU_USB: return "QEMU_USB"; @@ -11090,7 +11058,6 @@ std::pair VM::core::technique_list[] = { std::make_pair(VM::DEVICE_STRING, VM::core::technique(25, VM::device_string)), std::make_pair(VM::BLUESTACKS_FOLDERS, VM::core::technique(5, VM::bluestacks)), std::make_pair(VM::CPUID_SIGNATURE, VM::core::technique(95, VM::cpuid_signature)), - std::make_pair(VM::KVM_BITMASK, VM::core::technique(40, VM::kvm_bitmask)), std::make_pair(VM::KGT_SIGNATURE, VM::core::technique(80, VM::intel_kgt_signature)), std::make_pair(VM::QEMU_VIRTUAL_DMI, VM::core::technique(40, VM::qemu_virtual_dmi)), std::make_pair(VM::QEMU_USB, VM::core::technique(20, VM::qemu_USB)),