search

kernelwernel / VMAware

VM detection library and tool
MIT License
351 stars 38 forks source link

Does not detect KVM Windows. #43

Closed MarekKnapek closed 7 months ago

MarekKnapek commented 7 months ago

My computer is Windows Server 2022 x64 running on virtual computer in Hetzner data center using the KVM technology. Your tool provides inconsistent report.

[NOT DETECTED] Checking VMID...
[NOT DETECTED] Checking CPU brand...
[  DETECTED  ] Checking CPUID hypervisor bit...
[  DETECTED  ] Checking CPUID 0x4 leaf...
[  DETECTED  ] Checking hypervisor brand...
[NOT DETECTED] Checking RDTSC...
[NOT DETECTED] Checking sidt null byte...
[NOT DETECTED] Checking processor count...
[NOT DETECTED] Checking MAC address...
[NOT DETECTED] Checking temperature...
[NOT DETECTED] Checking systemd virtualisation...
[NOT DETECTED] Checking chassis vendor...
[NOT DETECTED] Checking chassis type...
[NOT DETECTED] Checking Dockerenv...
[NOT DETECTED] Checking dmidecode output...
[NOT DETECTED] Checking dmesg output...
[NOT DETECTED] Checking hwmon presence...
[  DETECTED  ] Checking cursor...
[NOT DETECTED] Checking VMware registry...
[NOT DETECTED] Checking VBox registry...
[NOT DETECTED] Checking users...
[NOT DETECTED] Checking DLLs...
[NOT DETECTED] Checking registry...
[NOT DETECTED] Checking Sunbelt...
[NOT DETECTED] Checking Wine...
[  DETECTED  ] Checking VM files...
[NOT DETECTED] Checking hw.model...
[NOT DETECTED] Checking disk size...
[NOT DETECTED] Checking VBox default specs...
[NOT DETECTED] Checking VBox network provider match...
[NOT DETECTED] Checking computer name...
[NOT DETECTED] Checking hostname...
[NOT DETECTED] Checking low memory space...
[NOT DETECTED] Checking VM processes...
[NOT DETECTED] Checking default Linux user/host...
[NOT DETECTED] Checking VBox window class...
[NOT DETECTED] Checking gamarue ransomware technique...
[NOT DETECTED] Checking WMIC outputs...
[  DETECTED  ] Checking 0x4 leaf of VMID...
[NOT DETECTED] Checking Parallels techniques...
[  DETECTED  ] Checking RDTSC VMEXIT...
[NOT DETECTED] Checking loaded DLLs...
[NOT DETECTED] Checking QEMU CPU brand...
[NOT DETECTED] Checking BOCHS CPU techniques...
[NOT DETECTED] Checking VirtualPC motherboard...
[NOT DETECTED] Checking BIOS serial number...
[NOT DETECTED] Checking Hyper-V registry...
[NOT DETECTED] Checking Hyper-V WMI output...
[NOT DETECTED] Checking VirtualBox shared folders...
[NOT DETECTED] Checking VirtualBox MSSMBIOS...
[NOT DETECTED] Checking MacOS hyperthreading...
[NOT DETECTED] Checking MacOS hw.memsize...
[NOT DETECTED] Checking MacOS registry IO-kit...
[NOT DETECTED] Checking IO registry grep...
[NOT DETECTED] Checking MacOS SIP...
[  DETECTED  ] Checking KVM registries...
[  DETECTED  ] Checking KVM drivers...
[NOT DETECTED] Checking KVM directories...

VM brand: KVM
VM certainty: 0%
VM confirmation: true

====== CONCLUSION: Running in baremetal ======

cpuz1 cpuz2 cpuz3 cpuz4 cpuz5 cpuz6 cpuz7

kernelwernel commented 7 months ago

strange, i have a few suspicions where the problem might lie, but can you confirm that in the ====== CONCLUSION: Running in baremetal ====== line, the text has a RED color and not a GREEN one?

MarekKnapek commented 7 months ago

vsconsole

kernelwernel commented 7 months ago

vsconsole

alright thanks, I'll work on this asap :)

MarekKnapek commented 7 months ago

There is also lot of QUEMU related hardware devices. You could also rent a virtual computer from various providers such as Hetzner, Contabo, OVH or netcup and examine each virtual machine in great detail. Prices can go as low as 5-10 € per month and billed hourly. Some more screenshots from my machine (no need to be admin to get this info):

msinfo1 msinfo2 msinfo3 msinfo4

kernelwernel commented 7 months ago

I've tried to replicate your output and I've found the issue. Should be fixed now. image

Let me know if you encounter any other problems, and thanks for reporting it! :)

kernelwernel commented 7 months ago

There is also lot of QUEMU related hardware devices. You could also rent a virtual computer from various providers such as Hetzner, Contabo, OVH or netcup and examine each virtual machine in great detail. Prices can go as low as 5-10 € per month and billed hourly. Some more screenshots from my machine (no need to be admin to get this info):

msinfo1 msinfo2 msinfo3 msinfo4

and thanks, i really appreciate the effort. I think I've already added some of those registries but I need to double check. If there are some I haven't added yet then i'll make sure to make some additional techniques. :+1:

MarekKnapek commented 7 months ago

Since I already have account with Hetzner and I'm familiar with their user interface, I can create new cheap virtual machine for 1-2 weeks and give you root access to it. I'm thinking something like 2 CPU / 4 GB RAM / 40 GB SSD. What operating system do you prefer? They also offer ARM 64bit computers if you are into this sort of things.

kernelwernel commented 7 months ago

Since I already have account with Hetzner and I'm familiar with their user interface, I can create new cheap virtual machine for 1-2 weeks and give you root access to it. I'm thinking something like 2 CPU / 4 GB RAM / 40 GB SSD. What operating system do you prefer? They also offer ARM 64bit computers if you are into this sort of things.

You sure about this? that would be incredibly helpful! :smile: You can email me the credentials at jeanruyv@gmail.com, or you can add me on discord at kr.nl if you have it.