From 9e79a132eeba3fbd8a04b49257947d4dfc587a15 Mon Sep 17 00:00:00 2001
From: kernel <77142078+kernelwernel@users.noreply.github.com>
Date: Wed, 20 Mar 2024 20:52:13 +0000
Subject: [PATCH] descriptor table fix attempt 12

---
 src/cli.cpp     |  2 +-
 src/vmaware.hpp | 29 +++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/src/cli.cpp b/src/cli.cpp
index 7062cff..037c461 100644
--- a/src/cli.cpp
+++ b/src/cli.cpp
@@ -178,7 +178,7 @@ int main(int argc, char* argv[]) {
         checker(VM::SLDT, "SLDT");
         checker(VM::HYPERV_BOARD, "Hyper-V motherboard");
         checker(VM::OFFSEC_SIDT, "Offensive Security SIDT");
-        //checker(VM::OFFSEC_SGDT, "Offensive Security SGDT");
+        checker(VM::OFFSEC_SGDT, "Offensive Security SGDT");
         //checker(VM::OFFSEC_SGDT, "Offensive Security SLDT");
         std::printf("\n");
 
diff --git a/src/vmaware.hpp b/src/vmaware.hpp
index 29819f5..4918687 100644
--- a/src/vmaware.hpp
+++ b/src/vmaware.hpp
@@ -297,6 +297,7 @@ struct VM {
         SGDT,
         HYPERV_BOARD,
         OFFSEC_SIDT,
+        OFFSEC_SGDT,
         EXTREME,
         NO_MEMO,
         WIN11_HYPERV
@@ -5010,6 +5011,33 @@ struct VM {
     }
 
 
+    /**
+     * @brief Check for offensive security sgdt method
+     * @category Windows, x86
+     * @author Danny Quist (chamuco@gmail.com)
+     * @author Val Smith (mvalsmith@metasploit.com)
+     * @note code documentation paper in /papers/www.offensivecomputing.net_vm.pdf
+     */ 
+    [[nodiscard]] static bool offsec_sgdt() try {
+        if (core::disabled(OFFSEC_SGDT)) {
+            return false;
+        }
+
+#if (!x86)
+        return false;
+#elif (defined(_WIN32) && defined(__i386__))
+        unsigned char m[6];
+        __asm sgdt m;
+        return (m[5] > 0xd0);
+#else
+        return false;
+#endif
+    } catch (...) {
+        debug("OFFSEC_SGDT: ", "catched error, returned false");
+        return false;
+    }
+
+
     struct core {
         MSVC_DISABLE_WARNING(4820)
         struct technique {
@@ -5485,6 +5513,7 @@ const std::map<VM::u8, VM::core::technique> VM::core::table = {
     { VM::SGDT, { 50, VM::sgdt }},
     { VM::HYPERV_BOARD, { 45, VM::hyperv_board }},
     { VM::OFFSEC_SIDT, { 60, VM::offsec_sidt }},
+    { VM::OFFSEC_SGDT, { 60, VM::offsec_sgdt }}
 
     // __TABLE_LABEL, add your technique above
     // { VM::FUNCTION, { POINTS, FUNCTION_POINTER }}