In the context of issues like "KeyLocker insns with ZF output look to only ever set it" requiring workarounds in the to-be-emulated binary it would be helpful is there was a reliable (i.e. maintained going forward) was to identify that the binary is running under SDE, ideally including the SDE version. Is there some means for this, perhaps a custom CPUID leaf (e.g. in the hypervisor range)?
We are trying to hide Pin/SDE presence from the running application, but there are still ways to detect it. For example, in Linux you can see SDE/Pin in /proc/self/maps or in the environment variables.
Providing a custom CPUID leaf information is a good idea, we will look into it.