Merge pull request #119 from kernelwernel/dev

Dev

.github/workflows/build_run_win_32_debug.bat

@@ -8,4 +8,5 @@ copy "C:\Program Files (x86)\Microsoft Visual Studio\2022\Enterprise\VC\Redist\M
 copy "C:\Program Files (x86)\Microsoft Visual Studio\2022\Enterprise\VC\Redist\MSVC\14.30.30704\debug_nonredist\x86\Microsoft.VC143.DebugCRT\vcruntime140d.dll" Debug\
 copy "C:\Program Files (x86)\Microsoft Visual Studio\2022\Enterprise\VC\Redist\MSVC\14.30.30704\debug_nonredist\x86\Microsoft.VC143.DebugCRT\msvcp140d.dll" Debug\
 cd Debug
-vmaware.exe
+vmaware.exe
+vmaware.exe --disable-hyperv-host

.github/workflows/build_run_win_64_debug.bat

@@ -8,4 +8,5 @@ copy "C:\Program Files (x86)\Microsoft Visual Studio\2022\Enterprise\VC\Redist\M
 copy "C:\Program Files (x86)\Microsoft Visual Studio\2022\Enterprise\VC\Redist\MSVC\14.30.30704\debug_nonredist\x86\Microsoft.VC143.DebugCRT\vcruntime140d.dll" Debug\
 copy "C:\Program Files (x86)\Microsoft Visual Studio\2022\Enterprise\VC\Redist\MSVC\14.30.30704\debug_nonredist\x86\Microsoft.VC143.DebugCRT\msvcp140d.dll" Debug\
 cd Debug
-vmaware.exe
+vmaware.exe
+vmaware.exe --disable-hyperv-host

README.md

@@ -28,11 +28,12 @@ The library is:
 
 <br>
 
-> [!WARNING]
+> [!CAUTION]
 **DO NOT USE THIS LIBRARY FOR CRITICAL SOFTWARE** (i.e. anti-cheats, proprietary software, paid software, etc...)
 > 
 > The full reason can be found [here](deprecation.md)
 
+<br>
 
 ## Example 🧪
 ```cpp

deprecation.md

@@ -7,13 +7,16 @@
 > 
 > 
 > The deprecation is due to a few reasons:
-> 1. **Hyper-V:** Microsoft's Hyper-V has been a complete nightmare since this project began. It took me and [@Requiem](https://github.com/NotRequiem) a while to discover that Hyper-V (upon installation) changes hardware values by making it seem it's actually running in a VM even though the program is running on the host [[example](https://github.com/kernelwernel/VMAware/issues/75)]. This mechanism is even worse for VM detections considering that Windows 11 has Hyper-V installed by default, making Windows 11 completely impossible to detect whether it's running in a manually intended Hyper-V VM by the user, or the leftover artifacts of what Hyper-V vomited all over the system when it was installed, whcih gave the library a false positive on the host system. Although Windows 10 must allow the user to install Hyper-V manually, this does not make the issue any better to handle for us. 
+> ## 1. **Hyper-V:** 
+> - Microsoft's Hyper-V has been a complete nightmare since this project began. It took me and [@Requiem](https://github.com/NotRequiem) a while to discover that Hyper-V (upon installation) changes hardware values by making it seem it's actually running in a VM even though the program is running on the host [[example](https://github.com/kernelwernel/VMAware/issues/75)]. This mechanism is even worse considering that Windows 11 has Hyper-V installed by default, making Windows 11 completely impossible to detect whether it's running in a manually intended Hyper-V VM by the user, or the leftover artifacts of what Hyper-V vomited all over the system when it was installed, which gave the library a false positive on the host system. Although Windows 10 must allow the user to install Hyper-V manually, this does not make the issue any better to handle for us. Hyper-V has been the main reason why I can't sleep well at night for the past half a year.
 > 
-> 2. **Spoofability:** The library does tackle spoofable techniques by skipping over them by default, unless whether `VM::SPOOFABLE` (for the library) or `--spoofable` (for the CLI) options were given. Although this is a fairly practical way to combat against the "easily" spoofable techniques, everything is technically spoofable. One anti-anti-VM project called [VMwareHardenedLoader](https://github.com/hzqst/VmwareHardenedLoader) is at a massive advantage against the library, and there's nothing we can do about it realistically. The library struggled to find anything of value EVEN with spoofable techniques enabled. There's also the problem that 1/3 of all the techniques in the library are considered "spoofable", which doesn't take a genius to figure out that it's a really bad VM detection library if one third of all techniques can't be ran by default. 
+> ## 2. **Spoofability:** 
+> - The library does tackle spoofable techniques by skipping over them by default, unless whether `VM::SPOOFABLE` (for the library) or `--spoofable` (for the CLI) options were given. Although this is a fairly practical way to combat against the "easily" spoofable techniques, everything is technically spoofable. One anti-anti-VM project called [VMwareHardenedLoader](https://github.com/hzqst/VmwareHardenedLoader) is at a massive advantage against the library, and there's nothing we can do about it realistically. The library struggled to find anything of value EVEN with spoofable techniques enabled. There's also the problem that 1/3 of all the techniques in the library are considered "spoofable". It doesn't take a genius to figure out that this is a really bad VM detection library if 33% of all techniques can't be ran by default. 
 > 
-> 3. **Practicality:** The main goal of the project was for the aforementioned category of "integral" programs to detect a VM in a practical and convenient way. If we knew the full extent of the pitfalls (the Hyper-V and spoofability problems mentioned above) from the start, this project wouldn't had been designed with this intention. What I thought was a practical library when starting out has now turned into an ineffective edgecase hell the more we discovered about the reality of VM detections. Not only this, there's the assumption of the fact that this library could be used by serious devs (or worse, companies) who might have a false sense of integrity for how effective the library is for their software, which is a recipe for disaster.
+> ## 3. **Practicality:** 
+> - The main goal of the project was for the aforementioned category of "integral" programs to detect a VM in a practical and convenient way. If we knew the full extent of the pitfalls (the Hyper-V and spoofability problems mentioned above) from the start, this project wouldn't had been designed with this intention. What I thought was a practical library when starting out has now turned into an ineffective edgecase hell the more we discovered about the reality of VM detections. Not only this, there's the assumption of the fact that this library could be used by serious devs (or worse, companies) who might have a false sense of integrity for how effective the library is for their software. For example, having a gamer get declined to run their newly bought game because the library falsely detected the system to be a Hyper-V VM is an absolute fucking nuclear proportion disaster.
 > 
 > This is just a deprecation of **how** the library should be used, however. Development will still continue as usual, and the library will be improved more and more as time passes. But the core issues that were mentioned will linger, and the deprecation will not be lifted for a while unless a solution will be discovered.
 
 
-TL;DR: Too many spoofable techniques, library has become impractial, Hyper-V makes me want to kill myself in an infinite loop of an infinite lifetimes.
+## TL;DR: Too many spoofable techniques, library has become impractial, Hyper-V makes me want to kill myself in an infinite loop of an infinite lifetimes.

src/cli.cpp

@@ -620,7 +620,22 @@ void general() {
 
     std::map<const char*, brand_score_t> brand_map = VM::brand_map();
 
-    auto brand_vec = [&]() -> bool {
+    const char* conclusion_color   = color(percent);
+    std::string conclusion_message = message(percent, brand);
+
+    std::cout 
+        << bold 
+        << "====== CONCLUSION: "
+        << ansi_exit
+        << conclusion_color << conclusion_message << " " << ansi_exit
+        << bold
+        << "======"
+        << ansi_exit
+        << "\n\n";
+
+
+    auto is_hyperv_present = []() -> bool {
+         std::map<const char*, brand_score_t> brand_map = VM::brand_map();
         bool is_hyperv_vpc_present = false;
 
         for (const auto p_brand : brand_map) {
@@ -639,51 +654,8 @@ void general() {
         return is_hyperv_vpc_present;
     };
 
-    auto diff_brand_check = [&]() -> bool {
-        bool is_hyperv = false;
-        bool is_vpc = false;
-        bool is_other = false;
-
-        for (const auto p_brand : brand_map) {
-            if (p_brand.second == 0) {
-                continue;
-            }
-
-            if (std::strcmp(p_brand.first, "Microsoft Hyper-V") == 0) {
-                is_hyperv = true;
-            } else if (std::strcmp(p_brand.first, "Virtual PC") == 0) {
-                is_vpc = true;
-            } else {
-                is_other = true;
-            }
-        }
-
-        if (is_vpc && !(is_hyperv || is_other)) {
-            return false;
-        }
-
-        if ((is_hyperv || is_vpc) && (!is_other)) {
-            return true;
-        }
-
-        return false;
-    };
-
-    const char* conclusion_color   = color(percent);
-    std::string conclusion_message = message(percent, brand);
-
-    std::cout 
-        << bold 
-        << "====== CONCLUSION: "
-        << ansi_exit
-        << conclusion_color << conclusion_message << " " << ansi_exit
-        << bold
-        << "======"
-        << ansi_exit
-        << "\n\n";
-
-    if ((hyperv_setting == VM::ENABLE_HYPERV_HOST) && diff_brand_check() && brand_vec() && notes_enabled) {
-        std::cout << note << " If you know you are running on host, Hyper-V upon installation leaves VM artifacts such as registries, files, and CPUIDs which makes the system look like it's running in a VM when it's not. If you do not want this false positive, disable Hyper-V in your system.\n\n";
+    if ((hyperv_setting == VM::ENABLE_HYPERV_HOST) && is_hyperv_present() && notes_enabled) {
+        std::cout << note << " If you know you are running on host, Hyper-V leaves VM artifacts in CPUIDs which makes the system look like it's running in a Hyper-V VM when it's not. If you want to disable this mechanism, run with \"--disable-hyperv-host\", or disable Hyper-V in your system.\n\n";
     } else if (notes_enabled) {
         if (!arg_bitset.test(SPOOFABLE)) {
             std::cout << tip << "To enable spoofable techniques, run with the \"--spoofable\" argument\n\n";