vmaware/
lib.rs

1//! VMAware – Rust VM Detection Library
2//!
3//! A faithful port of the VMAware C library.  Provides a simple API for
4//! detecting virtual machine environments.
5//!
6//! # Quick-start
7//!
8//! ```no_run
9//! use vmaware::{detect, brand, percentage};
10//!
11//! if detect(None) {
12//!     println!("Running inside a VM: {}", brand(None).as_str());
13//!     println!("Confidence: {}%", percentage(None));
14//! }
15//! ```
16
17#![allow(clippy::too_many_arguments)]
18
19pub mod core;
20pub mod cpu;
21pub mod memo;
22pub mod techniques;
23pub mod types;
24pub mod util;
25
26/// Direct syscall (Hell's Gate) module – Windows x86-64 only.
27///
28/// Provides spoofed NT function wrappers that invoke the `syscall` instruction
29/// directly, bypassing ntdll trampolines that AV/EDR software hook.
30#[cfg(all(windows, target_arch = "x86_64"))]
31pub mod syscall;
32
33pub use types::{Flagset, HyperXState, Technique, VMBrand};
34
35// ── Public API ────────────────────────────────────────────────────────────────
36
37/// Returns `true` when the current environment is detected as a virtual machine.
38///
39/// Pass `None` to run all applicable techniques, or supply a custom `Flagset`
40/// to restrict which techniques are used.
41pub fn detect(flags: Option<Flagset>) -> bool {
42    let fs = flags.unwrap_or_else(Flagset::all);
43    core::detect(fs)
44}
45
46/// Returns the most likely VM brand.
47pub fn brand(flags: Option<Flagset>) -> VMBrand {
48    let fs = flags.unwrap_or_else(Flagset::all);
49    core::get_brand(fs)
50}
51
52/// Returns the VM confidence as a percentage (0–100).
53pub fn percentage(flags: Option<Flagset>) -> u8 {
54    let fs = flags.unwrap_or_else(Flagset::all);
55    core::get_percentage(fs)
56}
57
58/// Returns the number of techniques that returned a positive result.
59pub fn detected_count(flags: Option<Flagset>) -> usize {
60    let fs = flags.unwrap_or_else(Flagset::all);
61    core::detected_technique_count(fs)
62}
63
64/// Returns all brands that contributed at least one point.
65pub fn multi_brand(flags: Option<Flagset>) -> Vec<VMBrand> {
66    let fs = flags.unwrap_or_else(Flagset::all);
67    core::get_detected_brands(fs)
68}
69
70/// Run a single technique and return whether it fired.
71pub fn check(technique: Technique) -> bool {
72    let mut fs = Flagset::new();
73    fs.set(technique);
74    core::run_all(fs, false) > 0
75}
76
77/// Hyper-X environment classification.
78pub fn hyperx() -> HyperXState {
79    util::hyper_x()
80}
81
82/// Human-readable conclusion string.
83pub fn conclusion(flags: Option<Flagset>) -> String {
84    let is_vm = detect(flags);
85    let b = brand(flags);
86    let pct = percentage(flags);
87
88    if is_vm {
89        if b != VMBrand::Invalid {
90            format!(
91                "This environment is detected as a virtual machine ({}). \
92                 VM confidence: {}%.",
93                b.as_str(),
94                pct
95            )
96        } else {
97            format!(
98                "This environment is detected as a virtual machine (unknown brand). \
99                 VM confidence: {}%.",
100                pct
101            )
102        }
103    } else {
104        format!(
105            "No virtual machine detected. VM confidence: {}%.",
106            pct
107        )
108    }
109}
vmaware/lib.rs

vmaware/
lib.rs
