diff --git a/README.md b/README.md
index 34f3c7c9..64f9605d 100755
--- a/README.md
+++ b/README.md
@@ -257,7 +257,7 @@ If you want to learn about the architecture and design of the library, head over
## Issues, discussions, pull requests, and inquiries 📬
-If you have any suggestions, ideas, or any sort of contribution, feel free to ask! We'll be more than happy to discuss either in the [issue](https://github.com/kernelwernel/VMAware/issues) or [discussion](https://github.com/kernelwernel/VMAware/discussions) sections. We usually reply fairly quickly. If you want to personally ask something in private, our discords are `kr.nl` and `shenzken`
+If you have any suggestions, ideas, or any sort of contribution, feel free to ask! I'll be more than happy to discuss either in the [issue](https://github.com/kernelwernel/VMAware/issues) or [discussion](https://github.com/kernelwernel/VMAware/discussions) sections. If you want to personally ask something in private, my discord is `kr.nl`.
For email inquiries: `jeanruyv@gmail.com`
diff --git a/auxiliary/updater.py b/auxiliary/updater.py
index 8419d7b6..e9e1447f 100755
--- a/auxiliary/updater.py
+++ b/auxiliary/updater.py
@@ -17,7 +17,7 @@
# the structure of the headers for anybody reading it for the first
# time, it's more of a guide to point which parts are this and that.
#
-# 2. Update the dates in the banner, example: "1.9 (Septmber 2024)"
+# 2. Update the dates in the banner, example: "1.9 (September 2024)"
#
# ===============================================================
#
@@ -308,16 +308,45 @@ def fetch_lib_info(enum_list):
end_ptr = index
break
+
+ if start_ptr == -1:
+ print(f"start position for technique table not found, aborting")
+ sys.exit(1)
+
+ if end_ptr == -1:
+ print(f"end position for technique table not found, aborting")
+ sys.exit(1)
+
+ raw_technique_list = []
+
+ if end_ptr > start_ptr:
+ raw_technique_list = [line.strip() for line in file_content[start_ptr+1:end_ptr]]
+
technique_list = []
- if start_ptr != -1 and end_ptr != -1 and end_ptr > start_ptr:
- technique_list = [line.strip() for line in file_content[start_ptr+1:end_ptr]]
+
+ for line in raw_technique_list:
+ if line.startswith("#"):
+ continue
+
+ if line == "":
+ continue
+
+ technique_list.append(line)
for enum in enum_list:
for enum_line in technique_list:
if enum in enum_line:
- match = re.search(r'technique\((\d+)', enum_line)
- if match:
- technique[enum].score = int(match.group(1))
+ matches = re.findall(r'\d+', enum_line)
+
+ if len(matches) == 0:
+ print(f"could not find score number in technique table line, aborting")
+ sys.exit(1)
+
+ if len(matches) > 2:
+ print(f"found multiple score numbers in technique table line, aborting")
+ sys.exit(1)
+
+ technique[enum].score = int(matches[0])
break
# fetch more stuff, comment block surrounding the implementation line
diff --git a/docs/documentation.md b/docs/documentation.md
index d250ae11..86e334d9 100644
--- a/docs/documentation.md
+++ b/docs/documentation.md
@@ -502,95 +502,95 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
| Flag alias | Description | Supported platforms | Certainty | Admin? | 32-bit only? | Notes | Code implementation |
| ---------- | ----------- | ------------------- | --------- | ------ | ------------ | ----- | ------------------- |
-| `VM::VMID` | Check CPUID output of manufacturer ID for known VMs/hypervisors at leaf 0 and 0x40000000-0x40000100 | 🐧🪟🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L2426) |
-| `VM::CPU_BRAND` | Check if CPU brand model contains any VM-specific string snippets | 🐧🪟🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L2444) |
-| `VM::HYPERVISOR_BIT` | Check if hypervisor feature bit in CPUID ECX bit 31 is enabled (always false for physical CPUs) | 🐧🪟🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L2518) |
-| `VM::HYPERVISOR_STR` | Check for hypervisor brand string length (would be around 2 characters in a host machine) | 🐧🪟🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L2544) |
-| `VM::TIMER` | Check for timing anomalies in the system | 🐧🪟🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4368) |
-| `VM::THREAD_COUNT` | Check if there are only 1 or 2 threads, which is a common pattern in VMs with default settings, nowadays physical CPUs should have at least 4 threads for modern CPUs | 🐧🪟🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6775) |
-| `VM::MAC` | Check if mac address starts with certain VM designated values | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4883) |
-| `VM::TEMPERATURE` | Check for device's temperature | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5735) |
-| `VM::SYSTEMD` | Check result from systemd-detect-virt tool | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4764) |
-| `VM::CVENDOR` | Check if the chassis vendor is a VM vendor | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4788) |
-| `VM::CTYPE` | Check if the chassis type is valid (it's very often invalid in VMs) | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4813) |
-| `VM::DOCKERENV` | Check if /.dockerenv or /.dockerinit file is present | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4831) |
-| `VM::DMIDECODE` | Check if dmidecode output matches a VM brand | 🐧 | 0% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4846) |
-| `VM::DMESG` | Check if dmesg output matches a VM brand | 🐧 | 0% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4989) |
-| `VM::HWMON` | Check if /sys/class/hwmon/ directory is present. If not, likely a VM | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5030) |
-| `VM::DLL` | Check for VM-specific DLLs | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7074) |
-| `VM::HWMODEL` | Check if the sysctl for the hwmodel does not contain the "Mac" string | 🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6799) |
-| `VM::WINE` | Check if the function "wine_get_unix_file_name" is present and if the OS booted from a VHD container | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7105) |
-| `VM::POWER_CAPABILITIES` | Check what power states are enabled | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7144) |
-| `VM::PROCESSES` | Check for any VM processes that are active | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5746) |
-| `VM::LINUX_USER_HOST` | Check for default VM username and hostname for linux | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5040) |
-| `VM::GAMARUE` | Check for Gamarue ransomware technique which compares VM-specific Window product IDs | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7204) |
-| `VM::BOCHS_CPU` | Check for various Bochs-related emulation oversights through CPU checks | 🐧🪟🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L2572) |
-| `VM::MAC_MEMSIZE` | Check if memory is too low for MacOS system | 🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6835) |
-| `VM::MAC_IOKIT` | Check MacOS' IO kit registry for VM-specific strings | 🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6868) |
-| `VM::IOREG_GREP` | Check for VM-strings in ioreg commands for MacOS | 🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6965) |
-| `VM::MAC_SIP` | Check for the status of System Integrity Protection and hv_mm_present | 🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7022) |
-| `VM::VPC_INVALID` | Check for official VPC method | 🪟 | 0% | | 32-bit | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7302) |
-| `VM::SIDT` | Check for uncommon IDT virtual addresses | 🐧🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5773) |
-| `VM::SGDT` | Check for sgdt instruction method | 🪟 | 0% | | | code documentation paper in /papers/www.offensivecomputing.net_vm.pdf (top-most byte signature) | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7353) |
-| `VM::SLDT` | Check for sldt instruction method | 🪟 | 0% | | 32-bit | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7421) |
-| `VM::SMSW` | Check for SMSW assembly instruction technique | 🪟 | 0% | | 32-bit | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7476) |
-| `VM::VMWARE_IOMEM` | Check for VMware string in /proc/iomem | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5069) |
-| `VM::VMWARE_IOPORTS` | Check for VMware string in /proc/ioports | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5581) |
-| `VM::VMWARE_SCSI` | Check for VMware string in /proc/scsi/scsi | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5378) |
-| `VM::VMWARE_DMESG` | Check for VMware-specific device name in dmesg output | 🐧 | 0% | Admin | | Disabled by default | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5397) |
-| `VM::VMWARE_STR` | Check str assembly instruction method for VMware | 🪟 | 0% | | 32-bit | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7503) |
-| `VM::VMWARE_BACKDOOR` | Check for official VMware io port backdoor technique | 🪟 | 0% | | 32-bit | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7528) |
-| `VM::MUTEX` | Check for mutex strings of VM brands | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7589) |
-| `VM::INTEL_THREAD_MISMATCH` | Check for Intel I-series CPU thread count database if it matches the system's thread count | 🐧🪟🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L2652) |
-| `VM::XEON_THREAD_MISMATCH` | Check for Intel Xeon CPU thread count database if it matches the system's thread count | 🐧🪟🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L3628) |
-| `VM::AMD_THREAD_MISMATCH` | Check for AMD CPU thread count database if it matches the system's thread count | 🐧🪟🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L3784) |
-| `VM::CUCKOO_DIR` | Check for cuckoo directory using crt and WIN API directory functions | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7675) |
-| `VM::CUCKOO_PIPE` | Check for Cuckoo specific piping mechanism | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7731) |
-| `VM::AZURE` | | | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L1) |
-| `VM::DISPLAY` | Check for display configurations commonly found in VMs | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7787) |
-| `VM::DEVICE_STRING` | Check if bogus device string would be accepted | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7822) |
-| `VM::BLUESTACKS_FOLDERS` | Check for the presence of BlueStacks-specific folders | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5085) |
-| `VM::CPUID_SIGNATURE` | Check for signatures in leaf 0x40000001 in CPUID | 🐧🪟🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4315) |
-| `VM::KGT_SIGNATURE` | Check for Intel KGT (Trusty branch) hypervisor signature in CPUID | 🐧🪟🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4344) |
-| `VM::QEMU_VIRTUAL_DMI` | Check for presence of QEMU in the /sys/devices/virtual/dmi/id directory | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5166) |
-| `VM::QEMU_USB` | Check for presence of QEMU in the /sys/kernel/debug/usb/devices directory | 🐧 | 0% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5195) |
-| `VM::HYPERVISOR_DIR` | Check for presence of any files in /sys/hypervisor directory | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5223) |
-| `VM::UML_CPU` | Check for the "UML" string in the CPU brand | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5271) |
-| `VM::KMSG` | Check for any indications of hypervisors in the kernel message logs | 🐧 | 0% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5301) |
-| `VM::VBOX_MODULE` | Check for a VBox kernel module | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5355) |
-| `VM::SYSINFO_PROC` | Check for potential VM info in /proc/sysinfo | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5431) |
-| `VM::DMI_SCAN` | Check for string matches of VM brands in the linux DMI | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5453) |
-| `VM::SMBIOS_VM_BIT` | Check for the VM bit in the SMBIOS data | 🐧 | 0% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5536) |
-| `VM::PODMAN_FILE` | Check for podman file in /run/ | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5566) |
-| `VM::WSL_PROC` | Check for WSL or microsoft indications in /proc/ subdirectories | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5598) |
-| `VM::DRIVERS` | Check for VM-specific names for drivers | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7839) |
-| `VM::DISK_SERIAL` | Check for serial numbers of virtual disks | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7937) |
-| `VM::IVSHMEM` | Check for IVSHMEM device presence | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8156) |
-| `VM::GPU_CAPABILITIES` | Check for GPU capabilities related to VMs | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8255) |
-| `VM::DEVICE_HANDLES` | Check for vm-specific devices | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8293) |
-| `VM::QEMU_FW_CFG` | Detect QEMU fw_cfg interface. This first checks the Device Tree for a fw-cfg node or hypervisor tag, then verifies the presence of the qemu_fw_cfg module and firmware directories in sysfs. | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5626) |
-| `VM::VIRTUAL_PROCESSORS` | Check if the number of virtual and logical processors are reported correctly by the system | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8396) |
-| `VM::HYPERVISOR_QUERY` | Check if a call to NtQuerySystemInformation with the 0x9f leaf fills a _SYSTEM_HYPERVISOR_DETAIL_INFORMATION structure | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8426) |
-| `VM::AMD_SEV` | Check for AMD-SEV MSR running on the system | 🐧🍏 | 0% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5108) |
-| `VM::VIRTUAL_REGISTRY` | Check for particular object directory which is present in Sandboxie virtual environment but not in usual host systems | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8487) |
-| `VM::FIRMWARE` | Check for VM signatures on all firmware tables | 🐧🪟 | 0% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5932) |
-| `VM::FILE_ACCESS_HISTORY` | Check if the number of accessed files are too low for a human-managed environment | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5656) |
-| `VM::AUDIO` | Check if no waveform-audio output devices are present in the system | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8572) |
-| `VM::NSJAIL_PID` | Check if process status matches with nsjail patterns with PID anomalies | 🐧 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5683) |
-| `VM::PCI_DEVICES` | Check for PCI vendor and device IDs that are VM-specific | 🐧🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6419) |
-| `VM::ACPI_SIGNATURE` | Check for VM-specific ACPI device signatures | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8670) |
-| `VM::TRAP` | Check if after raising two traps at the same RIP, a hypervisor interferes with the instruction pointer delivery | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8815) |
-| `VM::UD` | Check if no waveform-audio output devices are present in the system | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8572) |
-| `VM::BLOCKSTEP` | Check if a hypervisor does not properly restore the interruptibility state after a VM-exit in compatibility mode | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9053) |
-| `VM::DBVM` | Check if Dark Byte's VM is present | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9100) |
-| `VM::BOOT_LOGO` | Check boot logo for known VM images | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9219) |
-| `VM::MAC_SYS` | Check for VM-strings in system profiler commands for MacOS | 🍏 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7049) |
-| `VM::OBJECTS` | Check for any signs of VMs in Windows kernel object entities | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9311) |
-| `VM::NVRAM` | Check for known NVRAM signatures that are present on virtual firmware | 🪟 | 0% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9480) |
-| `VM::SMBIOS_INTEGRITY` | Check if SMBIOS is malformed/corrupted in a way that is typical for VMs | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9932) |
-| `VM::EDID` | Check for non-standard EDID configurations | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9943) |
-| `VM::CPU_HEURISTIC` | Check whether the CPU is genuine and its reported instruction capabilities are not masked | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L10168) |
-| `VM::CLOCK` | Check the presence of system timers | 🪟 | 0% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L10633) |
+| `VM::VMID` | Check CPUID output of manufacturer ID for known VMs/hypervisors at leaf 0 and 0x40000000-0x40000100 | 🐧🪟🍏 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L2434) |
+| `VM::CPU_BRAND` | Check if CPU brand model contains any VM-specific string snippets | 🐧🪟🍏 | 95% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L2452) |
+| `VM::HYPERVISOR_BIT` | Check if hypervisor feature bit in CPUID ECX bit 31 is enabled (always false for physical CPUs) | 🐧🪟🍏 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L2526) |
+| `VM::HYPERVISOR_STR` | Check for hypervisor brand string length (would be around 2 characters in a host machine) | 🐧🪟🍏 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L2552) |
+| `VM::TIMER` | Check for timing anomalies in the system | 🐧🪟🍏 | 150% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4376) |
+| `VM::THREAD_COUNT` | Check if there are only 1 or 2 threads, which is a common pattern in VMs with default settings, nowadays physical CPUs should have at least 4 threads for modern CPUs | 🐧🪟🍏 | 35% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6783) |
+| `VM::MAC` | Check if mac address starts with certain VM designated values | 🐧 | 20% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4891) |
+| `VM::TEMPERATURE` | Check for device's temperature | 🐧 | 80% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5743) |
+| `VM::SYSTEMD` | Check result from systemd-detect-virt tool | 🐧 | 35% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4772) |
+| `VM::CVENDOR` | Check if the chassis vendor is a VM vendor | 🐧 | 65% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4796) |
+| `VM::CTYPE` | Check if the chassis type is valid (it's very often invalid in VMs) | 🐧 | 20% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4821) |
+| `VM::DOCKERENV` | Check if /.dockerenv or /.dockerinit file is present | 🐧 | 30% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4839) |
+| `VM::DMIDECODE` | Check if dmidecode output matches a VM brand | 🐧 | 55% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4854) |
+| `VM::DMESG` | Check if dmesg output matches a VM brand | 🐧 | 55% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4997) |
+| `VM::HWMON` | Check if /sys/class/hwmon/ directory is present. If not, likely a VM | 🐧 | 35% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5038) |
+| `VM::DLL` | Check for VM-specific DLLs | 🪟 | 50% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7099) |
+| `VM::HWMODEL` | Check if the sysctl for the hwmodel does not contain the "Mac" string | 🍏 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6807) |
+| `VM::WINE` | Check if the function "wine_get_unix_file_name" is present and if the OS booted from a VHD container | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7130) |
+| `VM::POWER_CAPABILITIES` | Check what power states are enabled | 🪟 | 45% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7169) |
+| `VM::PROCESSES` | Check for any VM processes that are active | 🐧 | 40% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5754) |
+| `VM::LINUX_USER_HOST` | Check for default VM username and hostname for linux | 🐧 | 10% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5048) |
+| `VM::GAMARUE` | Check for Gamarue ransomware technique which compares VM-specific Window product IDs | 🪟 | 10% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7229) |
+| `VM::BOCHS_CPU` | Check for various Bochs-related emulation oversights through CPU checks | 🐧🪟🍏 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L2580) |
+| `VM::MAC_MEMSIZE` | Check if memory is too low for MacOS system | 🍏 | 15% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6843) |
+| `VM::MAC_IOKIT` | Check MacOS' IO kit registry for VM-specific strings | 🍏 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6876) |
+| `VM::IOREG_GREP` | Check for VM-strings in ioreg commands for MacOS | 🍏 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6973) |
+| `VM::MAC_SIP` | Check for the status of System Integrity Protection and hv_mm_present | 🍏 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7030) |
+| `VM::VPC_INVALID` | Check for official VPC method | 🪟 | 75% | | 32-bit | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7327) |
+| `VM::SIDT` | Check for uncommon IDT virtual addresses | 🐧🪟 | 50% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5781) |
+| `VM::SGDT` | Check for sgdt instruction method | 🪟 | 50% | | | code documentation paper in /papers/www.offensivecomputing.net_vm.pdf (top-most byte signature) | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7378) |
+| `VM::SLDT` | Check for sldt instruction method | 🪟 | 50% | | 32-bit | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7446) |
+| `VM::SMSW` | Check for SMSW assembly instruction technique | 🪟 | 50% | | 32-bit | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7501) |
+| `VM::VMWARE_IOMEM` | Check for VMware string in /proc/iomem | 🐧 | 65% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5077) |
+| `VM::VMWARE_IOPORTS` | Check for VMware string in /proc/ioports | 🐧 | 70% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5589) |
+| `VM::VMWARE_SCSI` | Check for VMware string in /proc/scsi/scsi | 🐧 | 40% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5386) |
+| `VM::VMWARE_DMESG` | Check for VMware-specific device name in dmesg output | 🐧 | 65% | Admin | | Disabled by default | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5405) |
+| `VM::VMWARE_STR` | Check str assembly instruction method for VMware | 🪟 | 35% | | 32-bit | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7528) |
+| `VM::VMWARE_BACKDOOR` | Check for official VMware io port backdoor technique | 🪟 | 100% | | 32-bit | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7553) |
+| `VM::MUTEX` | Check for mutex strings of VM brands | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7614) |
+| `VM::INTEL_THREAD_MISMATCH` | Check for Intel I-series CPU thread count database if it matches the system's thread count | 🐧🪟🍏 | 50% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L2660) |
+| `VM::XEON_THREAD_MISMATCH` | Check for Intel Xeon CPU thread count database if it matches the system's thread count | 🐧🪟🍏 | 50% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L3636) |
+| `VM::AMD_THREAD_MISMATCH` | Check for AMD CPU thread count database if it matches the system's thread count | 🐧🪟🍏 | 50% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L3792) |
+| `VM::CUCKOO_DIR` | Check for cuckoo directory using crt and WIN API directory functions | 🪟 | 30% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7700) |
+| `VM::CUCKOO_PIPE` | Check for Cuckoo specific piping mechanism | 🪟 | 30% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7756) |
+| `VM::AZURE` | | | 30% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L1) |
+| `VM::DISPLAY` | Check for display configurations commonly found in VMs | 🪟 | 35% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7812) |
+| `VM::DEVICE_STRING` | Check if bogus device string would be accepted | 🪟 | 25% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7847) |
+| `VM::BLUESTACKS_FOLDERS` | Check for the presence of BlueStacks-specific folders | 🐧 | 5% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5093) |
+| `VM::CPUID_SIGNATURE` | Check for signatures in leaf 0x40000001 in CPUID | 🐧🪟🍏 | 95% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4323) |
+| `VM::KGT_SIGNATURE` | Check for Intel KGT (Trusty branch) hypervisor signature in CPUID | 🐧🪟🍏 | 80% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4352) |
+| `VM::QEMU_VIRTUAL_DMI` | Check for presence of QEMU in the /sys/devices/virtual/dmi/id directory | 🐧 | 40% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5174) |
+| `VM::QEMU_USB` | Check for presence of QEMU in the /sys/kernel/debug/usb/devices directory | 🐧 | 20% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5203) |
+| `VM::HYPERVISOR_DIR` | Check for presence of any files in /sys/hypervisor directory | 🐧 | 20% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5231) |
+| `VM::UML_CPU` | Check for the "UML" string in the CPU brand | 🐧 | 80% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5279) |
+| `VM::KMSG` | Check for any indications of hypervisors in the kernel message logs | 🐧 | 5% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5309) |
+| `VM::VBOX_MODULE` | Check for a VBox kernel module | 🐧 | 15% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5363) |
+| `VM::SYSINFO_PROC` | Check for potential VM info in /proc/sysinfo | 🐧 | 15% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5439) |
+| `VM::DMI_SCAN` | Check for string matches of VM brands in the linux DMI | 🐧 | 50% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5461) |
+| `VM::SMBIOS_VM_BIT` | Check for the VM bit in the SMBIOS data | 🐧 | 50% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5544) |
+| `VM::PODMAN_FILE` | Check for podman file in /run/ | 🐧 | 5% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5574) |
+| `VM::WSL_PROC` | Check for WSL or microsoft indications in /proc/ subdirectories | 🐧 | 30% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5606) |
+| `VM::DRIVERS` | Check for VM-specific names for drivers | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7864) |
+| `VM::DISK_SERIAL` | Check for serial numbers of virtual disks | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7962) |
+| `VM::IVSHMEM` | Check for IVSHMEM device presence | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8181) |
+| `VM::GPU_CAPABILITIES` | Check for GPU capabilities related to VMs | 🪟 | 45% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8280) |
+| `VM::DEVICE_HANDLES` | Check for vm-specific devices | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8318) |
+| `VM::QEMU_FW_CFG` | Detect QEMU fw_cfg interface. This first checks the Device Tree for a fw-cfg node or hypervisor tag, then verifies the presence of the qemu_fw_cfg module and firmware directories in sysfs. | 🐧 | 70% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5634) |
+| `VM::VIRTUAL_PROCESSORS` | Check if the number of virtual and logical processors are reported correctly by the system | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8421) |
+| `VM::HYPERVISOR_QUERY` | Check if a call to NtQuerySystemInformation with the 0x9f leaf fills a _SYSTEM_HYPERVISOR_DETAIL_INFORMATION structure | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8451) |
+| `VM::AMD_SEV` | Check for AMD-SEV MSR running on the system | 🐧🍏 | 50% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5116) |
+| `VM::VIRTUAL_REGISTRY` | Check for particular object directory which is present in Sandboxie virtual environment but not in usual host systems | 🪟 | 90% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8512) |
+| `VM::FIRMWARE` | Check for VM signatures on all firmware tables | 🐧🪟 | 100% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5940) |
+| `VM::FILE_ACCESS_HISTORY` | Check if the number of accessed files are too low for a human-managed environment | 🐧 | 15% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5664) |
+| `VM::AUDIO` | Check if no waveform-audio output devices are present in the system | 🪟 | 25% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8597) |
+| `VM::NSJAIL_PID` | Check if process status matches with nsjail patterns with PID anomalies | 🐧 | 75% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5691) |
+| `VM::PCI_DEVICES` | Check for PCI vendor and device IDs that are VM-specific | 🐧🪟 | 95% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6427) |
+| `VM::ACPI_SIGNATURE` | Check for VM-specific ACPI device signatures | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8695) |
+| `VM::TRAP` | Check if after raising two traps at the same RIP, a hypervisor interferes with the instruction pointer delivery | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8840) |
+| `VM::UD` | Check if no waveform-audio output devices are present in the system | 🪟 | 25% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8597) |
+| `VM::BLOCKSTEP` | Check if a hypervisor does not properly restore the interruptibility state after a VM-exit in compatibility mode | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9078) |
+| `VM::DBVM` | Check if Dark Byte's VM is present | 🪟 | 150% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9125) |
+| `VM::BOOT_LOGO` | Check boot logo for known VM images | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9244) |
+| `VM::MAC_SYS` | Check for VM-strings in system profiler commands for MacOS | 🍏 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7074) |
+| `VM::OBJECTS` | Check for any signs of VMs in Windows kernel object entities | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9336) |
+| `VM::NVRAM` | Check for known NVRAM signatures that are present on virtual firmware | 🪟 | 100% | Admin | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9505) |
+| `VM::SMBIOS_INTEGRITY` | Check if SMBIOS is malformed/corrupted in a way that is typical for VMs | 🪟 | 60% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9957) |
+| `VM::EDID` | Check for non-standard EDID configurations | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L9968) |
+| `VM::CPU_HEURISTIC` | Check whether the CPU is genuine and its reported instruction capabilities are not masked | 🪟 | 90% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L10193) |
+| `VM::CLOCK` | Check the presence of system timers | 🪟 | 100% | | | | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L10658) |
diff --git a/src/vmaware.hpp b/src/vmaware.hpp
index c16b6bd2..8a061dbb 100644
--- a/src/vmaware.hpp
+++ b/src/vmaware.hpp
@@ -52,14 +52,14 @@
*
*
* ============================== SECTIONS ==================================
- * - enums for publicly accessible techniques => line 537
- * - struct for internal cpu operations => line 713
- * - struct for internal memoization => line 1205
- * - struct for internal utility functions => line 1379
- * - struct for internal core components => line 10733
- * - start of VM detection technique list => line 2421
- * - start of public VM detection functions => line 11079
- * - start of externally defined variables => line 12064
+ * - enums for publicly accessible techniques => line 545
+ * - struct for internal cpu operations => line 721
+ * - struct for internal memoization => line 1213
+ * - struct for internal utility functions => line 1387
+ * - struct for internal core components => line 10758
+ * - start of VM detection technique list => line 2429
+ * - start of public VM detection functions => line 11104
+ * - start of externally defined variables => line 12089
*
*
* ============================== EXAMPLE ===================================
@@ -218,24 +218,25 @@
#define VMAWARE_HEADER
#ifndef __VMAWARE_DEBUG__
-#if defined(_DEBUG) /* MSVC Debug */ \
-|| defined(DEBUG) /* user or build-system */
-#define __VMAWARE_DEBUG__
- #endif
+ #if defined(_DEBUG) /* MSVC Debug */ \
+ || defined(DEBUG) /* user or build-system */
+ #define __VMAWARE_DEBUG__
#endif
+#endif
- #if defined(_WIN32) || defined(_WIN64)
+#if defined(_WIN32) || defined(_WIN64)
#ifndef WIN32_LEAN_AND_MEAN
- #define WIN32_LEAN_AND_MEAN
+ #define WIN32_LEAN_AND_MEAN
#endif
+
#define WINDOWS 1
#define LINUX 0
#define APPLE 0
- #elif (defined(__linux__))
+#elif (defined(__linux__))
#define WINDOWS 0
#define LINUX 1
#define APPLE 0
- #elif (defined(__APPLE__) || defined(__APPLE_CPP__) || defined(__MACH__) || defined(__DARWIN))
+#elif (defined(__APPLE__) || defined(__APPLE_CPP__) || defined(__MACH__) || defined(__DARWIN))
#define WINDOWS 0
#define LINUX 0
#define APPLE 1
@@ -246,101 +247,108 @@
#endif
#ifdef _MSC_VER
-#define MSVC 1
+ #define MSVC 1
#endif
#if defined(_MSVC_LANG)
#define VMA_CPLUSPLUS _MSVC_LANG
- #else
+#else
#define VMA_CPLUSPLUS __cplusplus
- #endif
+#endif
#if VMA_CPLUSPLUS >= 202302L
#define VMA_CPP 23
#elif VMA_CPLUSPLUS >= 202002L
-#define VMA_CPP 20
+ #define VMA_CPP 20
#elif VMA_CPLUSPLUS >= 201703L
-#define VMA_CPP 17
+ #define VMA_CPP 17
#elif VMA_CPLUSPLUS >= 201402L
-#define VMA_CPP 14
+ #define VMA_CPP 14
#elif VMA_CPLUSPLUS >= 201103L
-#define VMA_CPP 11
+ #define VMA_CPP 11
#elif VMA_CPLUSPLUS >= 199711L
-#define VMA_CPP 98 /* C++98 or C++03 */
+ #define VMA_CPP 98 /* C++98 or C++03 */
#else
#error "Unsupported C++ standard (pre-C++98 or unknown)."
- #endif
+#endif
#if (VMA_CPP < 11 && !WINDOWS)
#error "VMAware only supports C++11 or above, set your compiler flag to '-std=c++20' for gcc/clang, or '/std:c++20' for MSVC"
- #endif
-
-
- #if defined(__x86_64__) || defined(_M_X64)
+#endif
+
+#if defined(__x86_64__) || defined(_M_X64)
#define x86_64 1
- #else
+#else
#define x86_64 0
#endif
#if defined(__i386__) || defined(_M_IX86)
#define x86_32 1
- #else
+#else
#define x86_32 0
#endif
#if x86_32 || x86_64
-#define x86 1
+ #define x86 1
#else
#define x86 0
- #endif
+#endif
#if defined(__aarch64__) || defined(_M_ARM64) || defined(__ARM_LINUX_COMPILER__)
-#define ARM64 1
+ #define ARM64 1
#else
#define ARM64 0
- #endif
+#endif
#if (defined(__arm__) || defined(_M_ARM)) && !ARM64
#define ARM32 1
- #else
+#else
#define ARM32 0
- #endif
+#endif
- #if ARM32 || ARM64
+#if ARM32 || ARM64
#define ARM 1
#else
-#define ARM 0
+ #define ARM 0
+#endif
+
+#if (!APPLE && (VMA_CPP >= 20) && (!CLANG || __clang_major__ >= 16))
+ #define SOURCE_LOCATION_SUPPORTED 1
+#else
+ #define SOURCE_LOCATION_SUPPORTED 0
#endif
#if defined(__clang__)
-#define GCC 0
-#define CLANG 1
+ #define GCC 0
+ #define CLANG 1
#elif defined(__GNUC__)
-#define GCC 1
-#define CLANG 0
+ #define GCC 1
+ #define CLANG 0
#else
-#define GCC 0
-#define CLANG 0
+ #define GCC 0
+ #define CLANG 0
#endif
#if !(defined(WINDOWS) || defined(LINUX) || defined(APPLE))
-#warning "Unknown OS detected, tests will be severely limited"
+ #warning "Unknown OS detected, tests will be severely limited"
#endif
#if (VMA_CPP >= 23)
-#include
+ #include
#endif
#if (VMA_CPP >= 20)
#include
#include
- #include
+ #if (SOURCE_LOCATION_SUPPORTED)
+ #include
#endif
-#if (VMA_CPP >= 17)
-#include
-#include
#endif
+#if (VMA_CPP >= 17)
+ #include
+ #include
+ #endif
#ifdef __VMAWARE_DEBUG__
-#include
+ #include
#include
#include
#include
@@ -367,20 +375,20 @@
#include
#if (WINDOWS)
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
-#pragma comment(lib, "setupapi.lib")
-#pragma comment(lib, "powrprof.lib")
-#pragma comment(lib, "mincore.lib")
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+ #include
+
+ #pragma comment(lib, "setupapi.lib")
+ #pragma comment(lib, "powrprof.lib")
+ #pragma comment(lib, "mincore.lib")
#pragma comment(lib, "wevtapi.lib")
#elif (LINUX)
#if (x86)
@@ -7032,14 +7040,31 @@ struct VM {
return false;
}
- if (hv_present != 0) return true;
+ if (hv_present != 0) {
+ return true;
+ }
std::unique_ptr result = util::sys_result("csrutil status");
- const std::string tmp = *result;
+
+ if (!result) {
+ return false;
+ }
+
+ std::string tmp = *result;
+
+ auto pos = tmp.find('\n');
+
+ if (pos != std::string::npos) {
+ tmp.resize(pos);
+ }
debug("MAC_SIP: ", "result = ", tmp);
- return (util::find(tmp, "disabled") || (!util::find(tmp, "enabled")));
+ if (util::find(tmp, "unknown")) {
+ return false;
+ }
+
+ return (util::find(tmp, "disabled"));
}
@@ -11087,7 +11112,7 @@ struct VM {
*/
static bool check(
const enum_flags flag_bit
- #if (VMA_CPP >= 20) && (!CLANG || __clang_major__ >= 16)
+ #if (SOURCE_LOCATION_SUPPORTED)
, [[maybe_unused]] const std::source_location& loc = std::source_location::current()
#endif
) {
@@ -11485,7 +11510,7 @@ struct VM {
static void add_custom(
const u8 percent,
bool(*detection_func)()
- #if (VMA_CPP >= 20 && !CLANG)
+ #if (SOURCE_LOCATION_SUPPORTED)
, const std::source_location& loc = std::source_location::current()
#endif
) {
@@ -11683,7 +11708,7 @@ struct VM {
static void modify_score(
const enum_flags flag,
const u8 percent
- #if (VMA_CPP >= 20) && (!CLANG || __clang_major__ >= 16)
+ #if (SOURCE_LOCATION_SUPPORTED)
, const std::source_location& loc = std::source_location::current()
#endif
) {
@@ -12214,8 +12239,8 @@ size_t VM::core::custom_table_size = 0;
std::array VM::core::technique_table = []() {
std::array table{};
// FORMAT: { VM::, { certainty%, function pointer } },
- // START OF TECHNIQUE TABLE
const VM::core::technique_entry entries[] = {
+ // START OF TECHNIQUE TABLE
#if (WINDOWS)
{VM::TRAP, {100, VM::trap}},
{VM::ACPI_SIGNATURE, {100, VM::acpi_signature}},
@@ -12320,6 +12345,7 @@ std::array VM::core::technique_table = [
{VM::HYPERVISOR_BIT, {100, VM::hypervisor_bit}},
{VM::BOCHS_CPU, {100, VM::bochs_cpu}},
{VM::KGT_SIGNATURE, {80, VM::intel_kgt_signature}}
+ // END OF TECHNIQUE TABLE
};
// fill the table based on ID