Merge pull request #231 from NotRequiem/dev

added native_vhd, virtual_registry and firmware_scan techniques
kernelwernel · Jan 28, 2025 · d7e6876 · d7e6876
2 parents c547a3b + 32c1e48
commit d7e6876
Show file tree

Hide file tree

Showing 3 changed files with 912 additions and 618 deletions.
diff --git a/docs/documentation.md b/docs/documentation.md
@@ -459,6 +459,9 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
 | `VM::AMD_SEV` | Check for AMD-SEV MSR running on the system | Linux and MacOS | 50% | Admin |  |  |  |
 | `VM::AMD_RESERVED` | Check for bits that should be reserved in leaf 8000000Ah | 50% |  |  |  |  |
 | `VM::AMD_THREAD_MISMATCH` | Check for AMD CPU thread count database if it matches the system's thread count |  | 100% |  |  |  |  |
+| `VM::NATIVE_VHD` | Checks if the OS was booted from a VHD container |  | 100% |  |  |  |  |
+| `VM::VIRTUAL_REGISTRY` | Checks for particular object directory which is present in Sandboxie virtual environment but not in usual host systems |  | 65% |  |  |  |  |
+| `VM::FIRMWARE_SCAN` | Checks for VM signatures in firmware |  | 90% |  |  |  |  |
 <!-- ADD DETAILS HERE -->
 
 <br>

diff --git a/src/cli.cpp b/src/cli.cpp
@@ -475,6 +475,9 @@ bool is_unsupported(VM::enum_flags flag) {
             case VM::HYPERV_QUERY:
             case VM::BAD_POOLS:
 			case VM::AMD_THREAD_MISMATCH:
+            case VM::NATIVE_VHD:
+            case VM::VIRTUAL_REGISTRY:
+            case VM::FIRMWARE_SCAN:
             // ADD WINDOWS FLAG
             return false;
             default: return true;
@@ -1003,6 +1006,10 @@ void general() {
 	checker(VM::AMD_SEV, "AMD-SEV MSR");
     checker(VM::AMD_RESERVED, "AMD reserved bits");
 	checker(VM::AMD_THREAD_MISMATCH, "AMD thread count mismatch");
+    checker(VM::NATIVE_VHD, "VHD containers");
+    checker(VM::VIRTUAL_REGISTRY, "registry emulation");
+    checker(VM::FIRMWARE_SCAN, "firmware signatures");
+
     // ADD NEW TECHNIQUE CHECKER HERE
 
     std::printf("\n");