VM::ACPI_SIGNATURE - False positive on Windows

[luukjp]

On Windows with Parsec Virtual Display Adapter installed VM::ACPI_SIGNATURE incorrectly flags a bare metal machine.

[CORE DEBUG] HYPER_X: added Hyper-V artifact VM
[NOT DETECTED] Checking VMID...
[DEBUG] CPUID: max extended leaf = 2147483656
[DEBUG] CPU: 13th Gen Intel(R) Core(TM) i7-1355U
[NOT DETECTED] Checking CPU brand...
[CORE DEBUG] HYPER_X: returned from cache
[NOT DETECTED] Checking CPUID hypervisor bit...
[CORE DEBUG] HYPER_X: returned from cache
[NOT DETECTED] Checking hypervisor str...
[DEBUG] CPUID: max hypervisor leaf = 1073741836
[CORE DEBUG] HYPER_X: returned from cache
[DEBUG] TIMER: Average latency -> 1791 cycles
[DEBUG] TIMER: CPU base speed -> 2611.23 MHz
[DEBUG] TIMER: Split-lock test -> 4198 cycles
[NOT DETECTED] Checking timing anomalies...
[NOT DETECTED] Checking thread count...
[NOT DETECTED] Checking MAC addresses...
[NOT DETECTED] Checking temperature...
[NOT DETECTED] Checking systemd virtualisation...
[NOT DETECTED] Checking chassis vendor...
[NOT DETECTED] Checking chassis type...
[NOT DETECTED] Checking Dockerenv...
[NOT DETECTED] Checking dmidecode output...
[NOT DETECTED] Checking dmesg output...
[NOT DETECTED] Checking hwmon presence...
[NOT DETECTED] Checking DLLs...
[NOT DETECTED] Checking registry keys...
[NOT DETECTED] Checking Wine...
[NOT DETECTED] Checking hw.model...
[DEBUG] DISK_SIZE: size = 474
[NOT DETECTED] Checking disk size...
[DEBUG] VBOX_DEFAULT: ram = 16
[NOT DETECTED] Checking VBox default specs...
[NOT DETECTED] Checking processes...
[NOT DETECTED] Checking default Linux user/host...
[NOT DETECTED] Checking gamarue ransomware technique...
[NOT DETECTED] Checking BOCHS CPU techniques...
[NOT DETECTED] Checking MacOS hw.memsize...
[NOT DETECTED] Checking MacOS registry IO-kit...
[NOT DETECTED] Checking IO registry grep...
[NOT DETECTED] Checking MacOS SIP...
[NOT DETECTED] Checking registry values...
[NOT DETECTED] Checking audio device...
[NOT DETECTED] Checking VPC invalid instructions...
[NOT DETECTED] Checking SIDT...
[NOT DETECTED] Checking SGDT...
[NOT DETECTED] Checking SLDT...
[NOT DETECTED] Checking SMSW...
[NOT DETECTED] Checking /proc/iomem file...
[NOT DETECTED] Checking /proc/ioports file...
[NOT DETECTED] Checking /proc/scsi/scsi file...
[  DISABLED  ] Skipped VMware dmesg
[NOT DETECTED] Checking STR instruction...
[NOT DETECTED] Checking VMware IO port backdoor...
[NOT DETECTED] Checking mutex strings...
[NOT DETECTED] Checking odd thread count number...
[DEBUG] INTEL_THREAD_MISMATCH: CPU model = 13th Gen Intel(R) Core(TM) i7-1355U
[NOT DETECTED] Checking Intel thread count mismatch...
[NOT DETECTED] Checking Intel Xeon thread count mismatch...
[NOT DETECTED] Checking AMD thread count mismatch...
[NOT DETECTED] Checking Cuckoo directory...
[NOT DETECTED] Checking Cuckoo pipe...
[NOT DETECTED] Checking Hyper-V Azure hostname...
[NOT DETECTED] Checking general VM hostnames...
[NOT DETECTED] Checking display...
[NOT DETECTED] Checking bogus device string...
[NOT DETECTED] Checking BlueStacks folders...
[DEBUG] CPUID_SIGNATURE: eax = 824407624
[NOT DETECTED] Checking CPUID signatures...
[NOT DETECTED] Checking Intel KGT signature...
[NOT DETECTED] Checking QEMU virtual DMI directory...
[NOT DETECTED] Checking QEMU USB...
[NOT DETECTED] Checking hypervisor directory (Linux)...
[NOT DETECTED] Checking User-mode Linux CPU...
[NOT DETECTED] Checking /dev/kmsg hypervisor message...
[NOT DETECTED] Checking VBox kernel module...
[NOT DETECTED] Checking /proc/sysinfo...
[NOT DETECTED] Checking DMI scan...
[NOT DETECTED] Checking SMBIOS VM bit...
[NOT DETECTED] Checking podman file...
[NOT DETECTED] Checking WSL string in /proc...
[NOT DETECTED] Checking ANY.RUN driver...
[NOT DETECTED] Checking ANY.RUN directory...
[NOT DETECTED] Checking driver names...
[DEBUG] DISK_SERIAL: E823_8FA6_BF53_0001_001B_444A_48E8_C1D2.
[NOT DETECTED] Checking disk serial number...
[NOT DETECTED] Checking IVSHMEM device...
[NOT DETECTED] Checking GPU capabilities...
[NOT DETECTED] Checking logical processor count...
[NOT DETECTED] Checking physical processor count...
[NOT DETECTED] Checking power capabilities...
[NOT DETECTED] Checking QEMU fw_cfg device...
[DEBUG] VIRTUAL_PROCESSORS: MaxVirtualProcessors -> 1024, MaxLogicalProcessors -> 1024
[NOT DETECTED] Checking virtual processors...
[CORE DEBUG] HYPER_X: returned from cache
[NOT DETECTED] Checking hypervisor query...
[NOT DETECTED] Checking AMD-SEV MSR...
[NOT DETECTED] Checking registry emulation...
[NOT DETECTED] Checking firmware...
[NOT DETECTED] Checking low file access count...
[NOT DETECTED] Checking nsjail PID...
[DEBUG] TPM: Manufacturer -> 0x53544d20
[NOT DETECTED] Checking TPM manufacturer...
[NOT DETECTED] Checking PCI vendor/device ID...
[DEBUG] ACPI_SIGNATURE: PCIROOT(0)#PCI(0200)
[DEBUG] ACPI_SIGNATURE: ACPI(_SB_)#ACPI(PC00)#ACPI(GFX0)
[DEBUG] ACPI_SIGNATURE: No baremetal display device information detected
[  DETECTED  ] Checking ACPI device signatures...
[CORE DEBUG] HYPER_X: returned from cache
[NOT DETECTED] Checking hypervisor interception...
[NOT DETECTED] Checking undefined exceptions...
[NOT DETECTED] Checking single step with trap flag...
[NOT DETECTED] Checking Dark Byte's hypervisor...
[DEBUG] BOOT_LOGO: size=589886, flags=1, offset=8, crc=0x264a244c
[NOT DETECTED] Checking boot logo...
[NOT DETECTED] Checking system profiler...

[DEBUG] theoretical maximum points: 3805
VM brand: Hyper-V artifact (not an actual VM)
VM type: Unknown
VM likeliness: 99%
VM confirmation: false
VM detections: 1/97

VM description:
The CLI detected Hyper-V operating as a Type 1 hypervisor, not as
a guest virtual machine. Although your hardware/firmware signatures
match Microsoft's Hyper-V architecture, we determined that you're
running on baremetal, with the help of our "Hyper-X" mechanism
that differentiates between the root partition (host OS) and guest
VM environments. This prevents false positives, as Windows sometimes
runs under Hyper-V (type 1) hypervisor.

====== CONCLUSION: Running on baremetal ======

[    NOTE    ] If you found a false positive, please make sure to create an issue at https://github.com/kernelwernel/VMAware/issues

Extra info:
Commit c8801b48d8a73c7ec31a117db8e675ccb759ee62 broke the detection.

[luukjp]

Same for https://github.com/VirtualDrivers/Virtual-Display-Driver

[CORE DEBUG] HYPER_X: running under virtual root partition
[CORE DEBUG] HYPER_X: added Hyper-V artifact VM
[NOT DETECTED] Checking VMID...
[DEBUG] CPUID: max extended leaf = 2147483656
[DEBUG] CPU: 13th Gen Intel(R) Core(TM) i7-1355U
[NOT DETECTED] Checking CPU brand...
[CORE DEBUG] HYPER_X: returned from cache
[NOT DETECTED] Checking CPUID hypervisor bit...
[CORE DEBUG] HYPER_X: returned from cache
[NOT DETECTED] Checking hypervisor str...
[DEBUG] CPUID: max hypervisor leaf = 1073741836
[CORE DEBUG] HYPER_X: returned from cache
[DEBUG] TIMER: Average latency -> 1808 cycles
[DEBUG] TIMER: CPU base speed -> 2611.23 MHz
[DEBUG] TIMER: Split-lock test -> 3918 cycles
[NOT DETECTED] Checking timing anomalies...
[NOT DETECTED] Checking thread count...
[NOT DETECTED] Checking MAC addresses...
[NOT DETECTED] Checking temperature...
[NOT DETECTED] Checking systemd virtualisation...
[NOT DETECTED] Checking chassis vendor...
[NOT DETECTED] Checking chassis type...
[NOT DETECTED] Checking Dockerenv...
[NOT DETECTED] Checking dmidecode output...
[NOT DETECTED] Checking dmesg output...
[NOT DETECTED] Checking hwmon presence...
[NOT DETECTED] Checking DLLs...
[NOT DETECTED] Checking registry keys...
[NOT DETECTED] Checking Wine...
[NOT DETECTED] Checking hw.model...
[DEBUG] DISK_SIZE: size = 474
[NOT DETECTED] Checking disk size...
[DEBUG] VBOX_DEFAULT: ram = 16
[NOT DETECTED] Checking VBox default specs...
[NOT DETECTED] Checking processes...
[NOT DETECTED] Checking default Linux user/host...
[NOT DETECTED] Checking gamarue ransomware technique...
[NOT DETECTED] Checking BOCHS CPU techniques...
[NOT DETECTED] Checking MacOS hw.memsize...
[NOT DETECTED] Checking MacOS registry IO-kit...
[NOT DETECTED] Checking IO registry grep...
[NOT DETECTED] Checking MacOS SIP...
[NOT DETECTED] Checking registry values...
[NOT DETECTED] Checking audio device...
[NOT DETECTED] Checking VPC invalid instructions...
[NOT DETECTED] Checking SIDT...
[NOT DETECTED] Checking SGDT...
[NOT DETECTED] Checking SLDT...
[NOT DETECTED] Checking SMSW...
[NOT DETECTED] Checking /proc/iomem file...
[NOT DETECTED] Checking /proc/ioports file...
[NOT DETECTED] Checking /proc/scsi/scsi file...
[  DISABLED  ] Skipped VMware dmesg
[NOT DETECTED] Checking STR instruction...
[NOT DETECTED] Checking VMware IO port backdoor...
[NOT DETECTED] Checking mutex strings...
[NOT DETECTED] Checking odd thread count number...
[DEBUG] INTEL_THREAD_MISMATCH: CPU model = 13th Gen Intel(R) Core(TM) i7-1355U
[NOT DETECTED] Checking Intel thread count mismatch...
[NOT DETECTED] Checking Intel Xeon thread count mismatch...
[NOT DETECTED] Checking AMD thread count mismatch...
[NOT DETECTED] Checking Cuckoo directory...
[NOT DETECTED] Checking Cuckoo pipe...
[NOT DETECTED] Checking Hyper-V Azure hostname...
[NOT DETECTED] Checking general VM hostnames...
[NOT DETECTED] Checking display...
[NOT DETECTED] Checking bogus device string...
[NOT DETECTED] Checking BlueStacks folders...
[DEBUG] CPUID_SIGNATURE: eax = 824407624
[NOT DETECTED] Checking CPUID signatures...
[NOT DETECTED] Checking Intel KGT signature...
[NOT DETECTED] Checking QEMU virtual DMI directory...
[NOT DETECTED] Checking QEMU USB...
[NOT DETECTED] Checking hypervisor directory (Linux)...
[NOT DETECTED] Checking User-mode Linux CPU...
[NOT DETECTED] Checking /dev/kmsg hypervisor message...
[NOT DETECTED] Checking VBox kernel module...
[NOT DETECTED] Checking /proc/sysinfo...
[NOT DETECTED] Checking DMI scan...
[NOT DETECTED] Checking SMBIOS VM bit...
[NOT DETECTED] Checking podman file...
[NOT DETECTED] Checking WSL string in /proc...
[NOT DETECTED] Checking ANY.RUN driver...
[NOT DETECTED] Checking ANY.RUN directory...
[NOT DETECTED] Checking driver names...
[DEBUG] DISK_SERIAL: E823_8FA6_BF53_0001_001B_444A_48E8_C1D2.
[NOT DETECTED] Checking disk serial number...
[NOT DETECTED] Checking IVSHMEM device...
[  DETECTED  ] Checking GPU capabilities...
[NOT DETECTED] Checking logical processor count...
[NOT DETECTED] Checking physical processor count...
[NOT DETECTED] Checking power capabilities...
[NOT DETECTED] Checking QEMU fw_cfg device...
[DEBUG] VIRTUAL_PROCESSORS: MaxVirtualProcessors -> 1024, MaxLogicalProcessors -> 1024
[NOT DETECTED] Checking virtual processors...
[CORE DEBUG] HYPER_X: returned from cache
[NOT DETECTED] Checking hypervisor query...
[NOT DETECTED] Checking AMD-SEV MSR...
[NOT DETECTED] Checking registry emulation...
[NOT DETECTED] Checking firmware...
[NOT DETECTED] Checking low file access count...
[NOT DETECTED] Checking nsjail PID...
[DEBUG] TPM: Manufacturer -> 0x53544d20
[NOT DETECTED] Checking TPM manufacturer...
[NOT DETECTED] Checking PCI vendor/device ID...
[DEBUG] ACPI_SIGNATURE: PCIROOT(0)#PCI(0200)
[DEBUG] ACPI_SIGNATURE: ACPI(_SB_)#ACPI(PC00)#ACPI(GFX0)
[DEBUG] ACPI_SIGNATURE: No baremetal display device information detected
[  DETECTED  ] Checking ACPI device signatures...
[CORE DEBUG] HYPER_X: returned from cache
[NOT DETECTED] Checking hypervisor interception...
[NOT DETECTED] Checking undefined exceptions...
[NOT DETECTED] Checking single step with trap flag...
[NOT DETECTED] Checking Dark Byte's hypervisor...
[DEBUG] BOOT_LOGO: size=589886, flags=1, offset=8, crc=0x264a244c
[NOT DETECTED] Checking boot logo...
[NOT DETECTED] Checking system profiler...

[DEBUG] theoretical maximum points: 3825
VM brand: Hyper-V artifact (not an actual VM)
VM type: Unknown
VM likeliness: 100%
VM confirmation: true
VM detections: 2/97

VM description:
The CLI detected Hyper-V operating as a Type 1 hypervisor, not as
a guest virtual machine. Although your hardware/firmware signatures
match Microsoft's Hyper-V architecture, we determined that you're
running on baremetal, with the help of our "Hyper-X" mechanism
that differentiates between the root partition (host OS) and guest
VM environments. This prevents false positives, as Windows sometimes
runs under Hyper-V (type 1) hypervisor.

====== CONCLUSION: Running inside a Hyper-V artifact (not an actual VM) ======

[    NOTE    ] If you found a false positive, please make sure to create an issue at https://github.com/kernelwernel/VMAware/issues

VDD also triggers [ DETECTED ] Checking GPU capabilities...

[NotRequiem]

Fixed ACPI_SIGNATURE here. GPU_CAPABILITIES won't be fixed because its whole job is to detect virtual GPUs, of course you're gonna flag it if you install a vGPU...