2.4.0 Release 🎉

kernelwernel released this 01 Jun 04:48

· 119 commits to main since this release

6f86fac

removed:
- VM::ACPI_TEMPERATURE
- VM::BAD_POOLS
- VM::COMPUTER_NAME
- VM::DEVICE_TREE
- VM::DRIVER_NAMES
- VM::GPU_VM_STRINGS
- VM::HKLM_REGISTRIES
- VM::HOSTNAME
- VM::KVM_BITMASK
- VM::KVM_DIRS
- VM::LSHW_QEMU
- VM::MSSMBIOS
- VM::NATIVE_VHD
- VM::NETTITUDE_VM_MEMORY
- VM::NUMBER_OF_CORES
- VM::OSXSAVE
- VM::PCI_VM
- VM::PORT_CONNECTORS
- VM::PROCESSOR_NUMBER
- VM::QEMU_DIR
- VM::REGISTRY
- VM::SCREEN_RESOLUTION
- VM::SETUPAPI_DISK
- VM::THREADCOUNT
- VM::UNKNOWN_MANUFACTURER
- VM::VM_DEVICES
- VM::VM_FILES
- VM::VM_PROCESSES
- VM::VM_PROCS
- VM::VMWARE_PORT_MEM
- VM::WINE_CHECK
- VM::PROCESSES (Windows section)
- VM::TEMPERATURE (Windows section)
undisabled:
- VM::TEMPERATURE
added:
- VM::DEVICE_HANDLES
- VM::DISPLAY
- VM::DRIVERS
- VM::LOGICAL_PROCESSORS
- VM::PCI_DEVICES
- VM::PHYSICAL_PROCESSORS
- VM::PROCESSES
- VM::QEMU_PASSTHROUGH (world's first ever device passthrough detection)
- VM::REGISTRY_KEYS
- VM::REGISTRY_VALUES
- VM::THREAD_COUNT
- VM::TRAP
added compile-time filters for unsupported techniques based on platforms
added compatibility for Windows 7 and above
made the library fully MIT
improved every vm detection technique, focusing on:
- Timing attacks
- Firmware analysis
- Device passthrough detection
- PCIe scanning
- GPU capabilities

VirusTotal results

The Windows binaries were generated in the CI/CD purely from the source code here.

The Linux binaries on the other hand, were generated through the cmake file present in the root directory of the repository.

https://www.virustotal.com/gui/file/47bb5c20629b8b4173eea2076e123777b80ceee25243c2c41e5b41e2068f3608?nocache=1

Credits

@NotRequiem
@kernelwernel

Extra

For any inquiries, contact me on discord at kr.nl or email me at jeanruyv@gmail.com

Contributors

kernelwernel and NotRequiem

Assets 9