Skip to content

updated hyper-v information #255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Feb 10, 2025
Merged

updated hyper-v information #255

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b029b08
updated Hyper-V description and VM type
Feb 10, 2025
ae6d7e3
Merge pull request #254 from NotRequiem/dev
NotRequiem Feb 10, 2025
3c18262
improved description
NotRequiem Feb 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/cli.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -651,7 +651,7 @@ std::string vm_description(const std::string& vm_brand) {
{ VM::brands::AZURE_HYPERV, "Azure Hyper-V is Microsoft's cloud-optimized hypervisor variant powering Azure VMs. Implements Azure-specific virtual devices like NVMe Accelerated Networking and vTPMs. Supports nested virtualization for running Hyper-V/containers within Azure VMs, enabling cloud-based CI/CD pipelines and dev/test environments." },
{ VM::brands::NANOVISOR, "NanoVisor is a Hyper-V modification serving as the host OS of Xbox's devices: the Xbox System Software. It contains 2 partitions: the \"Exclusive\" partition is a custom VM for games, while the other partition, called the \"Shared\" partition is a custom VM for running multiple apps including the OS itself. The OS was based on Windows 8 Core at the Xbox One launch in 2013." },
{ VM::brands::SIMPLEVISOR, "SimpleVisor is a minimalist Intel VT-x hypervisor by Alex Ionescu for Windows/Linux research. Demonstrates EPT-based memory isolation and hypercall handling. Used to study VM escapes and hypervisor rootkits, with hooks for intercepting CR3 changes and MSR accesses." },
{ VM::brands::HYPERV_ARTIFACT, "The result means that the CLI has found Hyper-V, but as an artifact instead of an actual VM. Although the hardware values do in fact match with the brand due to how it's designed by Microsoft, the CLI has determined you are NOT in a Hyper-V VM from our \"Hyper-X\" mechanism which differentiates between an actual Hyper-V and a false Hyper-V VM that left out breadcrumbs in the system, making it seem like it's a real Hyper-V VM." },
{ VM::brands::HYPERV_ARTIFACT, "The CLI detected Hyper-V operating as a Type 1 hypervisor, not as a guest virtual machine. Althought your hardware/firmware signatures match Microsoft's Hyper-V architecture, we determined that you're running on baremetal, with the help of our \"Hyper-X\" mechanism that differentiates between the root partition (host OS) and guest VM environments. This prevents false positives, as Windows sometimes runs under Hyper-V (type 1) hypervisor." },
{ VM::brands::UML, "User-Mode Linux (UML) allows running Linux kernels as user-space processes using ptrace-based virtualization. Primarily used for kernel debugging and network namespace testing. Offers lightweight isolation without hardware acceleration, but requires host/guest kernel version matching for stable operation." },
{ VM::brands::POWERVM, "IBM PowerVM is a type 1 hypervisor for POWER9/10 systems, supporting Live Partition Mobility and Shared Processor Pools. Implements VIOS (Virtual I/O Server) for storage/networking virtualization, enabling concurrent AIX, IBM i, and Linux workloads with RAS features like predictive failure analysis." },
{ VM::brands::GCE, "Google Compute Engine (GCE) utilizes KVM-based virtualization with custom Titanium security chips for hardware root of trust. Features live migration during host maintenance and shielded VMs with UEFI secure boot. Underpins Google Cloud's Confidential Computing offering using AMD SEV-SNP memory encryption." },
Expand Down Expand Up @@ -1368,4 +1368,4 @@ int main(int argc, char* argv[]) {
// at this point, it's assumed that the user's intention is for the general summary to be ran
general();
return 0;
}
}
5 changes: 3 additions & 2 deletions src/vmaware.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12609,6 +12609,7 @@ static bool rdtsc() {
{ brands::AWS_NITRO, "Hypervisor (type 1)" },
{ brands::LKVM, "Hypervisor (type 1)" },
{ brands::NOIRVISOR, "Hypervisor (type 1)" },
{ brands::HYPERV_ARTIFACT, "Hypervisor (type 1)" },

// type 2
{ brands::BHYVE, "Hypervisor (type 2)" },
Expand All @@ -12622,6 +12623,8 @@ static bool rdtsc() {
{ brands::VPC, "Hypervisor (type 2)" },
{ brands::NVMM, "Hypervisor (type 2)" },
{ brands::BSD_VMM, "Hypervisor (type 2)" },
{ brands::HYPERV, "Hypervisor (type 2)" },
{ brands::HYPERV_VPC, "Hypervisor (type 2)" },

// sandbox
{ brands::CUCKOO, "Sandbox" },
Expand All @@ -12644,12 +12647,10 @@ static bool rdtsc() {
{ brands::DOCKER, "Container" },
{ brands::PODMAN, "Container" },
{ brands::OPENVZ, "Container" },
{ brands::HYPERV_VPC, "Hypervisor (either type 1 or 2)" },
{ brands::LMHS, "Hypervisor (unknown type)" },
{ brands::WINE, "Compatibility layer" },
{ brands::INTEL_TDX, "Trusted Domain" },
{ brands::APPLE_VZ, "Unknown" },
{ brands::HYPERV_ARTIFACT, "Unknown" },
{ brands::UML, "Paravirtualised/Hypervisor (type 2)" },
{ brands::WSL, "Hybrid Hyper-V (type 1 and 2)" }, // debatable tbh
{ brands::AMD_SEV, "VM encryptor" },
Expand Down
Loading