Skip to content

Commit

Permalink
Merge pull request #45 from kernelwernel/dev
Browse files Browse the repository at this point in the history
1.1 update
kernelwernel authored Mar 7, 2024
2 parents 458882f + fae72ba commit fabfc4a
Showing 7 changed files with 756 additions and 398 deletions.
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -21,6 +21,7 @@ The library is:
- Able to guess the VM brand
- Able to add your own custom VM detection techniques
- Memoized, meaning past results are cached and retrieved if ran again for performance benefits
- seperate MIT and GPL-3.0 compliant library header files

- - -

@@ -114,8 +115,8 @@ You can view the full docs [here](docs/documentation.md). Trust me, it's not too
- Can I use this for malware?
> This project is not soliciting the development of malware for obvious reasons. Even if you intend to use it for concealment purposes, it'll most likely be flagged by antiviruses anyway and nothing is obfuscated to begin with. Good luck obfuscating 5000 lines of C++ code lmfao.
- Why GPL 3.0?
> I would've made it MIT so proprietary software can make use of the library, but some of the techniques employed are from GPL 3.0 projects, and I have no choice but to use the same license for legal reasons. I could try to make an MIT version without the GPL code, but I'm not sure if anybody would care enough if I made one. That's just an idea in my head for now.
- Why GPL 3.0 and MIT?
> I would've made it strictly MIT so proprietary software can make use of the library, but some of the techniques employed are from GPL 3.0 projects, and I have no choice but to use the same license for legal reasons. This gave me an idea to make an MIT version without all of the GPL code so it can also be used without forcing your code to be open-source. It should be noted that the MIT version removes **8** techniques, and the lesser the number of techniques, the less accurate the overall result might be.
<br>

202 changes: 99 additions & 103 deletions auxiliary/updater.py
Original file line number Diff line number Diff line change
@@ -3,108 +3,104 @@
# For example, it'll update the line numbers for the sections
# the header, and other basic information.


filename = "../src/vmaware.hpp"

# read file content
#def read():
with open(filename, 'r') as vmaware_read:
header_content = vmaware_read.readlines()

#return header_content

# fetch important bits
#def fetch(p_content):
# keywords to scan
enum = "enum enum_flags"
cpu = "struct cpu {"
memo = "struct memo {"
util = "struct util {"
techniques = "private: // START OF PRIVATE VM DETECTION TECHNIQUE DEFINITIONS"
core = "struct core {"
public = "public: // START OF PUBLIC FUNCTIONS"
external = "// ============= EXTERNAL DEFINITIONS ============="

# set up the arrays
pointer_array = []
pair_array = []
keywords = [enum, cpu, memo, util, techniques, core, public, external]
scanner_keywords = [
"__ENUM__",
"__CPU__",
"__MEMO__",
"__UTIL__",
"__TECHNIQUES__",
"__CORE__",
"__PUBLIC__",
"__EXTERNAL__"
]

# set the indexes
file_pointer = 0
array_index = 0


# loop and append if keyword is found
for line in header_content:
if keywords[array_index] in line:
if array_index != len(keywords) - 1:
array_index += 1

pointer_array.append(file_pointer)

file_pointer += 1


# create the pair array
i = 0
for scanner in scanner_keywords:
tmp_pair = (scanner, pointer_array[i])
pair_array.append(tmp_pair)
if i != len(pointer_array) - 1:
i += 1


MACRO = 0
FILE_LINE = 1
index = 0
banner = [
" * - enums for publicly accessible techniques => line __ENUM__",
" * - struct for internal cpu operations => line __CPU__",
" * - struct for internal memoization => line __MEMO__",
" * - struct for internal utility functions => line __UTIL__",
" * - start of internal VM detection techniques => line __TECHNIQUES__",
" * - struct for internal core components => line __CORE__",
" * - start of public VM detection functions => line __PUBLIC__",
" * - start of externally defined variables => line __EXTERNAL__",
" */",
""
]

# replace the macro strings with the file line numbers
for pair in pair_array:
for line in banner:
if pair[MACRO] in line:
banner[index] = line.replace(pair[MACRO], str(pair[FILE_LINE]))
index += 1
continue

# manual filters
tmp = banner[4]
banner[4] = banner[5]
banner[5] = tmp

# get the index file line of the section string
section_line = 0
section_str = " * ================================ SECTIONS =================================="
for line in header_content:
if section_str in line:
break
def update(filename):
with open(filename, 'r') as vmaware_read:
header_content = vmaware_read.readlines()

# fetch important bits
enum = "enum enum_flags"
cpu = "struct cpu {"
memo = "struct memo {"
util = "struct util {"
techniques = "private: // START OF PRIVATE VM DETECTION TECHNIQUE DEFINITIONS"
core = "struct core {"
public = "public: // START OF PUBLIC FUNCTIONS"
external = "// ============= EXTERNAL DEFINITIONS ============="

# set up the arrays
pointer_array = []
pair_array = []
keywords = [enum, cpu, memo, util, techniques, core, public, external]
scanner_keywords = [
"__ENUM__",
"__CPU__",
"__MEMO__",
"__UTIL__",
"__TECHNIQUES__",
"__CORE__",
"__PUBLIC__",
"__EXTERNAL__"
]

# set the indexes
file_pointer = 0
array_index = 0


# loop and append if keyword is found
for line in header_content:
if keywords[array_index] in line:
if array_index != len(keywords) - 1:
array_index += 1

pointer_array.append(file_pointer)

file_pointer += 1


# create the pair array
i = 0
for scanner in scanner_keywords:
tmp_pair = (scanner, pointer_array[i])
pair_array.append(tmp_pair)
if i != len(pointer_array) - 1:
i += 1


MACRO = 0
FILE_LINE = 1
index = 0
banner = [
" * - enums for publicly accessible techniques => line __ENUM__",
" * - struct for internal cpu operations => line __CPU__",
" * - struct for internal memoization => line __MEMO__",
" * - struct for internal utility functions => line __UTIL__",
" * - start of internal VM detection techniques => line __TECHNIQUES__",
" * - struct for internal core components => line __CORE__",
" * - start of public VM detection functions => line __PUBLIC__",
" * - start of externally defined variables => line __EXTERNAL__",
" */",
""
]

# replace the macro strings with the file line numbers
for pair in pair_array:
for line in banner:
if pair[MACRO] in line:
banner[index] = line.replace(pair[MACRO], str(pair[FILE_LINE]))
index += 1
continue

# manual filters
tmp = banner[4]
banner[4] = banner[5]
banner[5] = tmp

# get the index file line of the section string
section_line = 0
section_str = " * ================================ SECTIONS =================================="
for line in header_content:
if section_str in line:
break
section_line += 1
section_line += 1
section_line += 1

# write to the header file
for i in range(len(banner)):
header_content[section_line + i] = banner[i] + '\n'
with open(filename, 'w') as file:
file.writelines(header_content)
# write to the header file
for i in range(len(banner)):
header_content[section_line + i] = banner[i] + '\n'
with open(filename, 'w') as file:
file.writelines(header_content)


update("../src/vmaware.hpp")
update("../src/vmaware_mit.hpp")
File renamed without changes.
5 changes: 5 additions & 0 deletions src/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
| filename | purpose |
|----------|---------|
| `cli.cpp` | Entire CLI tool code |
| `vmaware.hpp` | Official and original library header in GPL-3.0 (most likely what you're looking for) |
| `vmaware_mit.hpp` | Same as above but in MIT (might be less accurate than the original GPL-3.0 one) |
2 changes: 2 additions & 0 deletions src/cli.cpp
Original file line number Diff line number Diff line change
@@ -164,6 +164,8 @@ int main(int argc, char* argv[]) {
checker(VM::KVM_REG, "KVM registries");
checker(VM::KVM_DRIVERS, "KVM drivers");
checker(VM::KVM_DIRS, "KVM directories");
checker(VM::HKLM_REGISTRIES, "HKLM registries");
checker(VM::AUDIO, "Audio device");
std::printf("\n");

const std::string brand = VM::brand();
546 changes: 374 additions & 172 deletions src/vmaware.hpp

Large diffs are not rendered by default.

394 changes: 273 additions & 121 deletions src/vmaware_mit.hpp

Large diffs are not rendered by default.

0 comments on commit fabfc4a

Please sign in to comment.