fix: updated cli with hardener from vmaware struct and fixed false positive from logic due to Hyper-X

kernelwernel · kernelwernel · commit cbca23af03cd · 2026-03-01T06:53:01.000Z
diff --git a/src/cli.cpp b/src/cli.cpp
@@ -368,12 +368,12 @@ R"(Usage:
     std::exit(0);
 }
 
-static const char* color(const u8 score) {
+static const char* color(const u8 score, const bool is_hardened) {
     if (arg_bitset.test(NO_ANSI)) {
         return "";
     }
 
-    if (VM::is_hardened()) {
+    if (is_hardened) {
         return green.c_str();
     }
 
@@ -1100,10 +1100,10 @@ static void general(
     {
         std::cout << bold << "VM hardening: " << ansi_exit;
 
-        if (VM::is_hardened()) {
-            std::cout << green << "found" << ansi_exit << "\n";
+        if (vm.is_hardened) {
+            std::cout << green << "likely" << ansi_exit << "\n";
         } else {
-            std::cout << grey << "not found" << ansi_exit << "\n";
+            std::cout << grey << "unlikely" << ansi_exit << "\n";
         }
     }
 
@@ -1177,7 +1177,7 @@ static void general(
 
     // conclusion manager
     {
-        const char* conclusion_color = color(vm.percentage);
+        const char* conclusion_color = color(vm.percentage, vm.is_hardened);
 
         std::string conclusion = vm.conclusion;
 
diff --git a/src/vmaware.hpp b/src/vmaware.hpp
@@ -12693,10 +12693,11 @@ struct VM {
             };
 
             const bool hv_present = (check(VM::HYPERVISOR_BIT) || check(VM::HYPERVISOR_STR));
+            const bool has_hyper_x = (detected_brand(VM::HYPERVISOR_BIT) == brand_enum::HYPERV_ARTIFACT);
 
             // rule 1: if VM::FIRMWARE is detected, so should VM::HYPERVISOR_BIT or VM::HYPERVISOR_STR
             const enum brand_enum firmware_brand = detected_brand(VM::FIRMWARE);
-            if (firmware_brand != brand_enum::NULL_BRAND && !hv_present) {
+            if (firmware_brand != brand_enum::NULL_BRAND && !hv_present && !has_hyper_x) {
                 debug("is_hardened(): firmware and hypervisor bit/str are not detected together");
                 return true;
             }
@@ -12721,7 +12722,7 @@ struct VM {
             }
 
             // rule 4: if VM::TRAP or VM::NVRAM is detected, so should VM::HYPERVISOR_BIT or VM::HYPERVISOR_STR
-            if ((check(VM::TRAP) || check(VM::NVRAM)) && !hv_present) {
+            if ((check(VM::TRAP) || check(VM::NVRAM)) && !hv_present && !has_hyper_x) {
                 debug("is_hardened(): trap/NVRAM and hypervisor bit/str are not detected together");
                 return true;
             }

Original file line number	Diff line number	Diff line change
`@@ -368,12 +368,12 @@ R"(Usage:`
`368`	`368`	`std::exit(0);`
`369`	`369`	`}`
`370`	`370`
`371`		`-static const char* color(const u8 score) {`
	`371`	`+static const char* color(const u8 score, const bool is_hardened) {`
`372`	`372`	`if (arg_bitset.test(NO_ANSI)) {`
`373`	`373`	`return "";`
`374`	`374`	`}`
`375`	`375`
`376`		`- if (VM::is_hardened()) {`
	`376`	`+ if (is_hardened) {`
`377`	`377`	`return green.c_str();`
`378`	`378`	`}`
`379`	`379`
`@@ -1100,10 +1100,10 @@ static void general(`
`1100`	`1100`	`{`
`1101`	`1101`	`std::cout << bold << "VM hardening: " << ansi_exit;`
`1102`	`1102`
`1103`		`- if (VM::is_hardened()) {`
`1104`		`- std::cout << green << "found" << ansi_exit << "\n";`
	`1103`	`+ if (vm.is_hardened) {`
	`1104`	`+ std::cout << green << "likely" << ansi_exit << "\n";`
`1105`	`1105`	`} else {`
`1106`		`- std::cout << grey << "not found" << ansi_exit << "\n";`
	`1106`	`+ std::cout << grey << "unlikely" << ansi_exit << "\n";`
`1107`	`1107`	`}`
`1108`	`1108`	`}`
`1109`	`1109`
`@@ -1177,7 +1177,7 @@ static void general(`
`1177`	`1177`
`1178`	`1178`	`// conclusion manager`
`1179`	`1179`	`{`
`1180`		`- const char* conclusion_color = color(vm.percentage);`
	`1180`	`+ const char* conclusion_color = color(vm.percentage, vm.is_hardened);`
`1181`	`1181`
`1182`	`1182`	`std::string conclusion = vm.conclusion;`
`1183`	`1183`
Original file line number	Diff line number	Diff line change
`@@ -12693,10 +12693,11 @@ struct VM {`
`12693`	`12693`	`};`
`12694`	`12694`
`12695`	`12695`	`const bool hv_present = (check(VM::HYPERVISOR_BIT) \|\| check(VM::HYPERVISOR_STR));`
	`12696`	`+ const bool has_hyper_x = (detected_brand(VM::HYPERVISOR_BIT) == brand_enum::HYPERV_ARTIFACT);`
`12696`	`12697`
`12697`	`12698`	`// rule 1: if VM::FIRMWARE is detected, so should VM::HYPERVISOR_BIT or VM::HYPERVISOR_STR`
`12698`	`12699`	`const enum brand_enum firmware_brand = detected_brand(VM::FIRMWARE);`
`12699`		`- if (firmware_brand != brand_enum::NULL_BRAND && !hv_present) {`
	`12700`	`+ if (firmware_brand != brand_enum::NULL_BRAND && !hv_present && !has_hyper_x) {`
`12700`	`12701`	`debug("is_hardened(): firmware and hypervisor bit/str are not detected together");`
`12701`	`12702`	`return true;`
`12702`	`12703`	`}`
`@@ -12721,7 +12722,7 @@ struct VM {`
`12721`	`12722`	`}`
`12722`	`12723`
`12723`	`12724`	`// rule 4: if VM::TRAP or VM::NVRAM is detected, so should VM::HYPERVISOR_BIT or VM::HYPERVISOR_STR`
`12724`		`- if ((check(VM::TRAP) \|\| check(VM::NVRAM)) && !hv_present) {`
	`12725`	`+ if ((check(VM::TRAP) \|\| check(VM::NVRAM)) && !hv_present && !has_hyper_x) {`
`12725`	`12726`	`debug("is_hardened(): trap/NVRAM and hypervisor bit/str are not detected together");`
`12726`	`12727`	`return true;`
`12727`	`12728`	`}`