I'll work on another PR for some of the registry-based VM detection described in the VMDE paper (https://github.com/hfiref0x/VMDE), but since the demo code is using the Nt* registry calls, the fakery will need to be extended to those calls first. Since there is already code in place to do registry value data rewriting in misc.c, might as well leverage it to support registry key name rewriting too.
I'll work on another PR for some of the registry-based VM detection described in the VMDE paper (https://github.com/hfiref0x/VMDE), but since the demo code is using the Nt* registry calls, the fakery will need to be extended to those calls first. Since there is already code in place to do registry value data rewriting in misc.c, might as well leverage it to support registry key name rewriting too.