Improve Hyper-V tests in checkvm

asoto-r7 · asoto-r7 · commit 10cf327c26ac · 2018-01-17T14:29:03.000-06:00
All Win10 machines, physical and virtual, were being reported as 'Hyper-V' (false positives)

Added functionality to extract hostname of physical hypervisor from VM registry
diff --git a/modules/post/windows/gather/checkvm.rb b/modules/post/windows/gather/checkvm.rb
@@ -28,49 +28,73 @@ module supports detection of Hyper-V, VMWare, Virtual PC,
   # Method for detecting if it is a Hyper-V VM
   def hypervchk(session)
     vm = false
-    sfmsvals = registry_enumkeys('HKLM\SOFTWARE\Microsoft')
-    if sfmsvals and sfmsvals.include?("Hyper-V")
-      vm = true
-    elsif sfmsvals and sfmsvals.include?("VirtualMachine")
-      vm = true
+
+    physicalHost = registry_getvaldata('HKLM\SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters','PhysicalHostNameFullyQualified')
+    if physicalHost
+      vm=true
+      report_note(
+        :host   => session,
+        :type   => 'host.physicalHost',
+        :data   => { :physicalHost => physicalHost },
+        :update => :unique_data
+        )
     end
+
     if not vm
-      if registry_getvaldata('HKLM\HARDWARE\DESCRIPTION\System','SystemBiosVersion') =~ /vrtual/i
+      sfmsvals = registry_enumkeys('HKLM\SOFTWARE\Microsoft')
+      if sfmsvals and sfmsvals.include?("Hyper-V")
+        vm = true
+      elsif sfmsvals and sfmsvals.include?("VirtualMachine")
+        vm = true
+      elsif registry_getvaldata('HKLM\HARDWARE\DESCRIPTION\System','SystemBiosVersion') =~ /vrtual/i
         vm = true
       end
     end
+
     if not vm
       srvvals = registry_enumkeys('HKLM\HARDWARE\ACPI\FADT')
       if srvvals and srvvals.include?("VRTUAL")
         vm = true
+      else
+        srvvals = registry_enumkeys('HKLM\HARDWARE\ACPI\RSDT')
+        if srvvals and srvvals.include?("VRTUAL")
+          vm = true
+        end
       end
     end
+
     if not vm
-      srvvals = registry_enumkeys('HKLM\HARDWARE\ACPI\RSDT')
-      if srvvals and srvvals.include?("VRTUAL")
+      srvvals = registry_enumkeys('HKLM\SYSTEM\ControlSet001\Services')
+      if srvvals and srvvals.include?("vmicexchange")
         vm = true
+      else
+        key_path = 'HKLM\HARDWARE\DESCRIPTION\System'
+        systemBiosVersion = registry_getvaldata(key_path,'SystemBiosVersion')
+        if systemBiosVersion.unpack("s<*").reduce('', :<<).include? "Hyper-V"
+          vm = true
+        end
       end
     end
+
     if not vm
-      srvvals = registry_enumkeys('HKLM\SYSTEM\ControlSet001\Services')
-      if srvvals and srvvals.include?("vmicheartbeat")
-        vm = true
-      elsif srvvals and srvvals.include?("vmicvss")
-        vm = true
-      elsif srvvals and srvvals.include?("vmicshutdown")
-        vm = true
-      elsif srvvals and srvvals.include?("vmicexchange")
+      key_path = 'HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0'
+      if registry_getvaldata(key_path,'Identifier') =~ /Msft    Virtual Disk    1.0/i
         vm = true
       end
     end
+
     if vm
       report_note(
         :host   => session,
         :type   => 'host.hypervisor',
         :data   => { :hypervisor => "MS Hyper-V" },
         :update => :unique_data
         )
-      print_good("This is a Hyper-V Virtual Machine")
+      if physicalHost
+        print_good("This is a Hyper-V Virtual Machine running on physical host #{physicalHost}")
+      else
+        print_good("This is a Hyper-V Virtual Machine")
+      end
       return "MS Hyper-V"
     end
   end
