feat: spoof rdtsc timings

Previously, RDTSC in the VM always returned a constant value, which broke any non deterministic timing-based operations, or caused detections in heuristics of malware and ANTI-VM tools.

This patch introduces a spoofed rdtsc_fake counter that tracks and adjusts timing deltas to simulate realistic TSC increments. Can be extended to simulate rdtsc timings based on CPU clock speed.

src/common/utils/time.hpp

@@ -3,6 +3,10 @@
 #include <chrono>
 
 #include "../platform/platform.hpp"
+#if defined(_MSC_VER)
+#include <intrin.h>
+#pragma intrinsic(__rdtsc)
+#endif
 
 constexpr auto HUNDRED_NANOSECONDS_IN_ONE_SECOND = 10000000LL;
 constexpr auto EPOCH_DIFFERENCE_1601_TO_1970_SECONDS = 11644473600LL;
@@ -29,6 +33,24 @@ namespace utils
         {
             return std::chrono::steady_clock::now();
         }
+
+        // Returnds the current timestamp counter value. RDTSC on x86/x64, or just time since epoch for ARM
+        /// TODO: find better solution for ARM and Figure out better CPU base frequency heuristics
+        virtual uint64_t timestamp_counter()
+        {
+#if defined(_MSC_VER)
+#if defined(_M_X64) || defined(_M_AMD64) || defined(_M_IX86)
+            return __rdtsc(); // 64-bit with MSVC intrinsic
+#endif
+
+#elif defined(__x86_64__) || defined(__i386__) || defined(__amd64__) // If we are using clang or gcc
+            unsigned int lo, hi;
+            __asm__ __volatile__("rdtsc" : "=a"(lo), "=d"(hi));
+            return ((uint64_t)hi << 32) | lo;
+#endif
+            return static_cast<uint64_t>(std::chrono::high_resolution_clock::now().time_since_epoch().count()) *
+                   3.8; // should be base cpu frequency here;
+        }
     };
 
     class tick_clock : public clock