Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False detections on surface pro #212

Open
GhostDog98 opened this issue Jan 19, 2025 · 5 comments
Open

False detections on surface pro #212

GhostDog98 opened this issue Jan 19, 2025 · 5 comments

Comments

@GhostDog98
Copy link

Output:

[  DETECTED  ] Checking CPUID hypervisor bit...
[  DETECTED  ] Checking hypervisor str...
[  DETECTED  ] Checking VirtualPC motherboard...
[  DETECTED  ] Checking CPUID bitset...
[  DETECTED  ] Checking CPUID signatures...
[  DETECTED  ] Checking Physical connection ports...


VM brand: Microsoft Virtual PC/Hyper-V
VM type: Hypervisor (either type 1 or 2)
VM likeliness: 100%
VM confirmation: true
VM detections: 6/123

====== CONCLUSION: Running inside a Microsoft Virtual PC/Hyper-V VM ======

[    NOTE    ] If you found a false positive, please make sure to create an issue at https://github.com/kernelwernel/VMAware/issues

VirtualPC Motherboard:
I suspect this is triggering due to the fact that my motherboard is made by microsoft, funnily enough.

(base) PS > Get-WmiObject Win32_BaseBoard


Manufacturer : Microsoft Corporation
Model        :
Name         : Base Board
SerialNumber : -
SKU          :
Product      : Surface Pro 7+

As for the other ones, I'm unsure, but happy to provide whatever details to hopefully get to a fix.
@GhostDog98
Copy link
Author

For Physical connection ports, running Get-WmiObject Win32_PortConnector returns nothing, so that may be why port connectors are triggering.

@GhostDog98
Copy link
Author

Debug level info is:

[  DETECTED  ] Checking CPUID signatures...
[CORE DEBUG] HYPER_X: returned from cache
[DEBUG] HYPERV_BITMASK: max leaf = 4000000c
[DEBUG] 01 eax = 00110001001000110111011001001000
[DEBUG] 01 ebx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 01 ecx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 01 edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 01: 1
[DEBUG] 03 ecx = 00000000000000000000000001100010
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^    ^^^^^
[DEBUG] 03 edx = 01110101111111101111101111110110
[DEBUG]          ^^^^^ ^^ ^     ^
[DEBUG] 03: 0
[DEBUG] 04 eax = 00000000000001100000111000010100
[DEBUG]          ^^^^^^^^^^^^^  ^       ^
[DEBUG] 04 ecx = 00000000000000000000000000101110
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 04 edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 04: 1
[DEBUG] 05 edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 05: 1
[DEBUG] 06 eax = 00000001111100100000000010101111
[DEBUG]          ^^^^^^^         ^
[DEBUG] 06 ebx = 00000000000000000000000000100111
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 06 ecx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 06 edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 06: 0
[DEBUG] 09 eax = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^ ^^^^^   ^ ^^
[DEBUG] 09 ebx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 09 ecx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 09 edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^ ^ ^^^^^^^^^^ ^^^^
[DEBUG] 09: 0
[DEBUG] 0A eax = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^    ^
[DEBUG] 0A eax = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 0A ecx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 0A edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 0A: 0
[DEBUG] 01 eax = 00110001001000110111011001001000
[DEBUG] 01 ebx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 01 ecx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 01 edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 03 ecx = 00000000000000000000000001100010
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^    ^^^^^
[DEBUG] 03 edx = 01110101111111101111101111110110
[DEBUG]          ^^^^^ ^^ ^     ^
[  DETECTED  ] Checking CPUID hypervisor bit...
[CORE DEBUG] HYPER_X: returned from cache
[DEBUG] HYPERVISOR_STR: eax: 12
ebx: 0
ecx: 0
edx: 64
[  DETECTED  ] Checking hypervisor str...

@kernelwernel
Copy link
Owner

kernelwernel commented Jan 19, 2025
edited
Loading

Hi! did you run the library by cloning the main branch or from the release?

There seems to be something terribly wrong if you're running on a host and 6 false positives appeared.

And thanks for the debug info, I was about to ask for an output of the debug binary :)

Is it possible if you can show the full one however? There are some outputs that are necessary to determine what's going on.(P.S. there is a technique that shows the mac address which you should delete from the output and neither is it important for us to know)

@GhostDog98
Copy link
Author

Hi! did you run the library by cloning the main branch or from the release?

Built using microsoft cl from the main branch.

There seems to be something terribly wrong if you're running on a host and 6 false positives appeared.

And thanks for the debug info, I was about to ask for an output of the debug binary :)

Is it possible if you can show the full one however? There are some outputs that are necessary to determine what's going on.(P.S. there is a technique that shows the mac address which you should delete from the output and neither is it important for us to know)

(base) PS > .\cli.exe
[DEBUG] VMID:
[DEBUG] VMID:
[NOT DETECTED] Checking VMID...
[DEBUG] CPUID function: highest leaf = 2147483656
[DEBUG] BRAND: cpu brand = 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz
[DEBUG] BRAND_KEYWORDS: matches: 0
[NOT DETECTED] Checking CPU brand...
[CORE DEBUG] HYPER_X: eax = 12
[CORE DEBUG] HYPER_X: motherboard string match = 1
[CORE DEBUG] HYPER_X: cached
[CORE DEBUG] HYPER_X: added Hyper-V real VM
[  DETECTED  ] Checking CPUID hypervisor bit...
[CORE DEBUG] HYPER_X: returned from cache
[DEBUG] HYPERVISOR_STR: eax: 12
ebx: 0
ecx: 0
edx: 64
[  DETECTED  ] Checking hypervisor str...
[NOT DETECTED] Checking RDTSC...
[NOT DETECTED] Checking sidt null byte...
[DEBUG] THREADCOUNT: threads = 8
[NOT DETECTED] Checking processor count...
[DEBUG] MAC: XX:XX:XX:XX:XX:XX
[NOT DETECTED] Checking MAC address...
[NOT DETECTED] Checking temperature...
[NOT DETECTED] Checking systemd virtualisation...
[NOT DETECTED] Checking chassis vendor...
[NOT DETECTED] Checking chassis type...
[NOT DETECTED] Checking Dockerenv...
[NOT DETECTED] Checking dmidecode output...
[NOT DETECTED] Checking dmesg output...
[NOT DETECTED] Checking hwmon presence...
[NOT DETECTED] Checking DLLs...
[DEBUG] REGISTRY: score = 0
[NOT DETECTED] Checking registry...
[NOT DETECTED] Checking Wine...
[DEBUG] VM_FILES: vmware score: 0
[DEBUG] VM_FILES: vbox score: 0
[DEBUG] KVM_FILES: kvm score: 0
[DEBUG] VPC_FILES: vpc score: 0
[DEBUG] PARALLELS_FILES: parallels score: 0
[NOT DETECTED] Checking VM files...
[NOT DETECTED] Checking hw.model...
[DEBUG] private util::get_disk_size( function: disk size = 237GB
[DEBUG] DISK_SIZE: size = 237
[NOT DETECTED] Checking disk size...
[DEBUG] private util::get_disk_size( function: disk size = 237GB
[DEBUG] VBOX_DEFAULT: disk = 237
[DEBUG] VBOX_DEFAULT: ram = 16
[DEBUG] VBOX_DEFAULT: returned false due to lack of precondition spec comparisons
[NOT DETECTED] Checking VBox default specs...
[NOT DETECTED] Checking VBox network provider match...
[DEBUG] COMPUTER_NAME: fetched = TABLET
[NOT DETECTED] Checking computer name...
[DEBUG] HOSTNAME: TABLET
[NOT DETECTED] Checking hostname...
[NOT DETECTED] Checking VM processes...
[NOT DETECTED] Checking default Linux user/host...
[NOT DETECTED] Checking gamarue ransomware technique...
[DEBUG] VMID_0x4:
[DEBUG] VMID_0x4:
[DEBUG] VMID_0x4 + 1:
[DEBUG] VMID_0x4 + 1:
[NOT DETECTED] Checking 0x4 leaf of VMID...
[DEBUG] Manufacturer:
[DEBUG] Product Name:
[DEBUG] Serial No:
[DEBUG] UUID:
[DEBUG] Version:
[NOT DETECTED] Checking Parallels techniques...
[NOT DETECTED] Checking loaded DLLs...
[NOT DETECTED] Checking QEMU CPU brand...
[NOT DETECTED] Checking BOCHS CPU techniques...
[  DETECTED  ] Checking VirtualPC motherboard...
[NOT DETECTED] Checking BIOS serial number...
[DEBUG] MSSMBIOS: empty, returned false
[NOT DETECTED] Checking MSSMBIOS...
[NOT DETECTED] Checking MacOS hw.memsize...
[NOT DETECTED] Checking MacOS registry IO-kit...
[NOT DETECTED] Checking IO registry grep...
[NOT DETECTED] Checking MacOS SIP...
[NOT DETECTED] Checking KVM directories...
[DEBUG] Failed to query value for "HARDWARE\Description\System"
[DEBUG] Failed to query value for "SOFTWARE\Microsoft\Windows\CurrentVersion"
[DEBUG] Failed to query value for "SOFTWARE\Microsoft\Windows\CurrentVersion"
[DEBUG] Failed to query value for "SOFTWARE\Microsoft\Windows\CurrentVersion"
[DEBUG] Failed to query value for "HARDWARE\Description\System"
[DEBUG] Failed to query value for "HARDWARE\Description\System"
[DEBUG] Failed to open registry key for "HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0"
[DEBUG] Failed to open registry key for "HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0"
[DEBUG] Failed to query value for "HARDWARE\DESCRIPTION\System"
[DEBUG] Failed to query value for "HARDWARE\Description\System"
[DEBUG] Failed to query value for "SYSTEM\ControlSet001\Services\Disk\Enum"
[DEBUG] Failed to query value for "SYSTEM\ControlSet001\Services\Disk\Enum"
[DEBUG] Failed to open registry key for "SYSTEM\ControlSet002\Services\Disk\Enum"
[DEBUG] Failed to open registry key for "SYSTEM\ControlSet002\Services\Disk\Enum"
[DEBUG] Failed to open registry key for "SYSTEM\ControlSet003\Services\Disk\Enum"
[DEBUG] Failed to open registry key for "SYSTEM\ControlSet003\Services\Disk\Enum"
[DEBUG] Failed to open registry key for "HARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0"
[DEBUG] Failed to open registry key for "HARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0"
[DEBUG] Failed to query value for "HARDWARE\Description\System"
[DEBUG] Failed to query value for "SYSTEM\ControlSet001\Services\Disk\Enum"
[DEBUG] Failed to query value for "SYSTEM\ControlSet001\Services\Disk\Enum"
[DEBUG] Failed to query value for "SYSTEM\ControlSet001\Services\Disk\Enum"
[DEBUG] Failed to open registry key for "SYSTEM\ControlSet002\Services\Disk\Enum"
[DEBUG] Failed to open registry key for "SYSTEM\ControlSet002\Services\Disk\Enum"
[DEBUG] Failed to open registry key for "SYSTEM\ControlSet003\Services\Disk\Enum"
[DEBUG] Failed to open registry key for "SYSTEM\ControlSet003\Services\Disk\Enum"
[DEBUG] Failed to query value for "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
[DEBUG] Failed to query value for "SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000"
[DEBUG] Failed to query value for "SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000"
[DEBUG] Failed to query value for "SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000"
[DEBUG] Failed to query value for "SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000"
[DEBUG] Failed to open registry key for "SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\Settings"
[DEBUG] Failed to open registry key for "SYSTEM\CurrentControlSet\Control\Video\{GUID}\Video"
[DEBUG] Failed to open registry key for "SYSTEM\CurrentControlSet\Control\Video\{GUID}\Video"
[DEBUG] Failed to open registry key for "SYSTEM\CurrentControlSet\Control\Video\{GUID}\0000"
[DEBUG] Failed to open registry key for "HARDWARE\ACPI\DSDT\PTLTD_\CUSTOM__\00000000"
[NOT DETECTED] Checking HKLM registries...
[NOT DETECTED] Checking audio device...
[NOT DETECTED] Checking qemu-ga process...
[NOT DETECTED] Checking QEMU directories...
[NOT DETECTED] Checking VPC invalid instructions...
[NOT DETECTED] Checking SIDT...
[NOT DETECTED] Checking SGDT...
[NOT DETECTED] Checking SLDT...
[NOT DETECTED] Checking Offensive Security SIDT...
[NOT DETECTED] Checking Offensive Security SGDT...
[NOT DETECTED] Checking Offensive Security SLDT...
[NOT DETECTED] Checking VirtualPC SIDT...
[NOT DETECTED] Checking Hyper-V motherboard...
[NOT DETECTED] Checking /proc/iomem file...
[NOT DETECTED] Checking /proc/ioports file...
[NOT DETECTED] Checking /proc/scsi/scsi file...
[  DISABLED  ] Skipped VMware dmesg
[NOT DETECTED] Checking STR instruction...
[NOT DETECTED] Checking VMware IO port backdoor...
[NOT DETECTED] Checking VMware port memory...
[NOT DETECTED] Checking SMSW instruction...
[NOT DETECTED] Checking mutex strings...
[DEBUG] ODD_CPU_THREADS: model    = 12
[DEBUG] ODD_CPU_THREADS: family   = 6
[DEBUG] ODD_CPU_THREADS: extmodel = 8
[NOT DETECTED] Checking unusual thread count...
[DEBUG] INTEL_THREAD_MISMATCH: CPU model = i7-1165G7
[NOT DETECTED] Checking Intel thread count mismatch...
[NOT DETECTED] Checking Intel Xeon thread count mismatch...
[DEBUG] NETTITUDE_VM_MEMORY: Reading data from Hardware\ResourceMap\System Resources\Physical Memory\.Translated
[DEBUG] NETTITUDE_VM_MEMORY: Could not get reg key: 2 / 122
[DEBUG] NETTITUDE_VM_MEMORY: Could not find memory region, returning 0.
[NOT DETECTED] Checking VM memory regions...
[CORE DEBUG] HYPER_X: returned from cache
[  DETECTED  ] Checking CPUID bitset...
[NOT DETECTED] Checking Cuckoo directory...
[NOT DETECTED] Checking Cuckoo pipe...
[NOT DETECTED] Checking Hyper-V Azure hostname...
[NOT DETECTED] Checking general VM hostnames...
[DEBUG] SCREEN_RESOLUTION: horizontal = 2560, vertical = 1440
[NOT DETECTED] Checking screen resolution...
[DEBUG] DEVICE_STRING: BuildCommDCBAndTimeouts failed
[NOT DETECTED] Checking bogus device string...
[NOT DETECTED] Checking BlueStacks folders...
[CORE DEBUG] HYPER_X: returned from cache
[DEBUG] CPUID_SIGNATURE: eax = 824407624
[  DETECTED  ] Checking CPUID signatures...
[CORE DEBUG] HYPER_X: returned from cache
[DEBUG] HYPERV_BITMASK: max leaf = 4000000c
[DEBUG] 01 eax = 00110001001000110111011001001000
[DEBUG] 01 ebx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 01 ecx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 01 edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 01: 1
[DEBUG] 03 ecx = 00000000000000000000000001100010
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^    ^^^^^
[DEBUG] 03 edx = 01110101111111101111101111110110
[DEBUG]          ^^^^^ ^^ ^     ^
[DEBUG] 03: 0
[DEBUG] 04 eax = 00000000000001100000111000010100
[DEBUG]          ^^^^^^^^^^^^^  ^       ^
[DEBUG] 04 ecx = 00000000000000000000000000101110
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 04 edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 04: 1
[DEBUG] 05 edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 05: 1
[DEBUG] 06 eax = 00000001111100100000000010101111
[DEBUG]          ^^^^^^^         ^
[DEBUG] 06 ebx = 00000000000000000000000000100111
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 06 ecx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 06 edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 06: 0
[DEBUG] 09 eax = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^ ^^^^^   ^ ^^
[DEBUG] 09 ebx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 09 ecx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 09 edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^ ^ ^^^^^^^^^^ ^^^^
[DEBUG] 09: 0
[DEBUG] 0A eax = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^    ^
[DEBUG] 0A eax = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 0A ecx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 0A edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 0A: 0
[DEBUG] 01 eax = 00110001001000110111011001001000
[DEBUG] 01 ebx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 01 ecx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 01 edx = 00000000000000000000000000000000
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[DEBUG] 03 ecx = 00000000000000000000000001100010
[DEBUG]          ^^^^^^^^^^^^^^^^^^^^^^^    ^^^^^
[DEBUG] 03 edx = 01110101111111101111101111110110
[DEBUG]          ^^^^^ ^^ ^     ^
[NOT DETECTED] Checking Hyper-V CPUID reserved bitmask...
[NOT DETECTED] Checking KVM CPUID reserved bitmask...
[NOT DETECTED] Checking Intel KGT signature...
[NOT DETECTED] Checking VMware DMI...
[NOT DETECTED] Checking VMware event logs...
[NOT DETECTED] Checking QEMU virtual DMI directory...
[NOT DETECTED] Checking QEMU USB...
[NOT DETECTED] Checking Hypervisor directory (Linux)...
[NOT DETECTED] Checking User-mode Linux CPU...
[NOT DETECTED] Checking /dev/kmsg hypervisor message...
[NOT DETECTED] Checking various VM files in /proc...
[NOT DETECTED] Checking VBox kernel module...
[NOT DETECTED] Checking /proc/sysinfo...
[NOT DETECTED] Checking /proc/device-tree...
[NOT DETECTED] Checking DMI scan...
[NOT DETECTED] Checking SMBIOS VM bit...
[NOT DETECTED] Checking Podman file...
[NOT DETECTED] Checking WSL string in /proc...
[NOT DETECTED] Checking ANY.RUN driver...
[NOT DETECTED] Checking ANY.RUN directory...
[NOT DETECTED] Checking GPU chip name...
[NOT DETECTED] Checking driver names...
[NOT DETECTED] Checking VM SIDT...
[NOT DETECTED] Checking HDD serial number...
[  DETECTED  ] Checking Physical connection ports...
[DEBUG] QEMU_HDD: model = KBG40ZNS256G BG4A KIOXIA
[NOT DETECTED] Checking VM keywords in HDD model...
[NOT DETECTED] Checking ACPI Hyper-V...
[NOT DETECTED] Checking GPU name...
[NOT DETECTED] Checking VM memory traces...
[NOT DETECTED] Checking IDT GDT mismatch...
[NOT DETECTED] Checking Processor count...
[NOT DETECTED] Checking CPU core count...
[NOT DETECTED] Checking hardware model...
[NOT DETECTED] Checking Hardware manufacturer...
[NOT DETECTED] Checking WMI temperature...
[NOT DETECTED] Checking Processor ID...
[NOT DETECTED] Checking CPU fans...
[NOT DETECTED] Checking Power capabilities...
[NOT DETECTED] Checking SETUPDI diskdrive...
[NOT DETECTED] Checking VMware hardener...
[NOT DETECTED] Checking QEMU in /sys...
[NOT DETECTED] Checking QEMU in lshw output...
[NOT DETECTED] Checking virtual processors...

[DEBUG] theoretical maximum points: 5510
[CORE DEBUG] VM::brand(): cached multiple brand string
[CORE DEBUG] scoreboard: 2 : Microsoft Virtual PC/Hyper-V
[CORE DEBUG] VM::brand(): returned multi brand from cache
[CORE DEBUG] VM::brand(): returned multi brand from cache
VM brand: Microsoft Virtual PC/Hyper-V
VM type: Hypervisor (either type 1 or 2)
VM likeliness: 100%
VM confirmation: true
VM detections: 6/123

====== CONCLUSION: Running inside a Microsoft Virtual PC/Hyper-V VM ======

[    NOTE    ] If you found a false positive, please make sure to create an issue at https://github.com/kernelwernel/VMAware/issues

Important to note is that I run some VMs on this PC, but this is ran inside of the Developer powershell on the bare metal OS.

@kernelwernel
Copy link
Owner

The issue is definitely because of your motherboard. We had no idea that Microsoft made their own motherboards, and one of our mechanisms called Hyper-X depends on the motherboard string as one of the data it uses, and determined you were running in a Hyper-V VM.

A few techniques we've implemented depends on our Hyper-X mechanism, which is what caused a cascade of false positives to appear in your case. This will be fixed in the 2.1 release really soon.

In the meantime, I'll keep this issue opened until it's fully fixed. I sort of need time to discuss with my co-maintainer about a few things we could do. But anyways, thanks for reporting the issue :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GhostDog98 @kernelwernel