Merge pull request #407 from NotRequiem/dev

NotRequiem · web-flow · commit 07697d37e400 · 2025-06-01T00:36:47.000+02:00
QEMU GPU passthrough detection
diff --git a/auxiliary/updater.py b/auxiliary/updater.py
@@ -41,7 +41,7 @@
 
 
 def update_sections(filename):
-    with open(filename, 'r') as vmaware_read:
+    with open(filename, 'r', encoding='utf-8', errors='ignore') as vmaware_read:
         header_content = vmaware_read.readlines()
 
     enum = "enum enum_flags"
@@ -112,7 +112,7 @@ def update_sections(filename):
     for i, new_line in enumerate(banner):
         header_content[section_line + i] = new_line + '\n'
 
-    with open(filename, 'w') as file:
+    with open(filename, 'w', encoding='utf-8', errors='ignore') as file:
         file.writelines(header_content)
 
 
@@ -126,7 +126,7 @@ def update_date(filename):
             date_arg = arg
             break
 
-    with open(filename, 'r') as file:
+    with open(filename, 'r', encoding='utf-8', errors='ignore') as file:
         header_content = file.readlines()
 
     banner_line = " *   ╚═══╝  ╚═╝     ╚═╝╚═╝  ╚═╝ ╚══╝╚══╝ ╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝ "
@@ -143,7 +143,6 @@ def find_pattern(base_str):
         print(f"Version number not found for {red}{bold}{base_str}{ansi_exit}, aborting")
         sys.exit(1)
 
-
     header_version = find_pattern(header_content[index])
     arg_version = find_pattern(date_arg) if date_arg else header_version
     new_date = datetime.now().strftime("%B %Y")
@@ -157,13 +156,11 @@ def find_pattern(base_str):
 
     header_content[index] = new_content + '\n'
 
-    with open(filename, 'w') as file:
+    with open(filename, 'w', encoding='utf-8', errors='ignore') as file:
         file.writelines(header_content)
 
 
-
-
-with open(vmaware_file, 'r') as file:
+with open(vmaware_file, 'r', encoding='utf-8', errors='ignore') as file:
     file_content = file.readlines()
 
 
@@ -207,6 +204,7 @@ def __init__(self, enum_name="", line=0, platform_emojis="", score=0, descriptio
         self.notes = notes
         self.code_link = code_link
 
+
 class array_dict(dict):
     def __getitem__(self, key):
         return self.get(key)
@@ -218,6 +216,7 @@ def init_as_list(self, key):
 
 technique = array_dict()
 
+
 def fetch_lib_info(enum_list):
     for enum in enum_list:
         technique.init_as_list(enum)
@@ -231,13 +230,11 @@ def fetch_lib_info(enum_list):
                 technique[enum].line = i + 1
                 break
 
-
     # generate the code implementation link 
     link = "[link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L"
     for enum in enum_list:
         technique[enum].code_link = link + str(technique[enum].line) + ")"
 
-
     # fetch scores
     start = "// START OF TECHNIQUE TABLE"
     end = "// END OF TECHNIQUE TABLE"
@@ -253,7 +250,6 @@ def fetch_lib_info(enum_list):
                 end_ptr = index
                 break  # Stop after first end marker
 
-
         if start_ptr == -1 or end_ptr == -1:
             print("Error: Start or end marker not found")
         else:
@@ -265,7 +261,6 @@ def fetch_lib_info(enum_list):
                 if match:
                     technique[enum].score = int(match.group(1))
 
-
     # fetch more stuff
     for enum in enum_list:
         start_line = end_line = technique[enum].line
@@ -322,7 +317,6 @@ def fetch_lib_info(enum_list):
                 technique[enum].notes = line.split("@note", 1)[-1]
 
 
-
 def update_docs(enum_list):
     technique_array = []
 
@@ -340,7 +334,7 @@ def update_docs(enum_list):
 
         technique_array.append("| " + " | ".join(str(item).strip() for item in order) + " |")
 
-    with open(vmaware_docs, 'r') as file:
+    with open(vmaware_docs, 'r', encoding='utf-8', errors='ignore') as file:
         docs_content = file.readlines()
 
     docs_start = "<!-- START OF TECHNIQUE DOCUMENTATION -->"
@@ -367,7 +361,7 @@ def update_docs(enum_list):
 
     docs_content[start_ptr:end_ptr - 1] = [line + '\n' for line in technique_array]
 
-    with open(vmaware_docs, 'w', newline='\n') as f:
+    with open(vmaware_docs, 'w', encoding='utf-8', errors='ignore', newline='\n') as f:
         f.writelines(docs_content)
 
 
diff --git a/docs/documentation.md b/docs/documentation.md
@@ -458,14 +458,14 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
 | `VM::DMIDECODE` | Check if dmidecode output matches a VM brand | 🐧 | 55% | Admin |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4423) |
 | `VM::DMESG` | Check if dmesg output matches a VM brand | 🐧 | 65% | Admin |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4557) |
 | `VM::HWMON` | Check if /sys/class/hwmon/ directory is present. If not, likely a VM | 🐧 | 35% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4594) |
-| `VM::DLL` | Check for VM-specific DLLs | 🪟 | 25% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6563) |
+| `VM::DLL` | Check for VM-specific DLLs | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6563) |
 | `VM::REGISTRY_KEYS` | Check for VM-specific registry values | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6594) |
 | `VM::HWMODEL` | Check if the sysctl for the hwmodel does not contain the "Mac" string | 🍏 | 100% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6341) |
 | `VM::DISK_SIZE` | Check if disk size is under or equal to 50GB | 🐧🪟 | 60% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5335) |
 | `VM::VBOX_DEFAULT` | Check for default RAM and DISK sizes set by VirtualBox | 🐧🪟 | 25% | Admin |  | Admin only needed for Linux | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5351) |
 | `VM::VBOX_NETWORK` | Check for VirtualBox network provider string | 🪟 | 100% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6704) |
 | `VM::WINE` | Check if the function "wine_get_unix_file_name" is present and if the OS booted from a VHD container | 🪟 | 100% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6734) |
-| `VM::POWER_CAPABILITIES` | Check what power states are enabled | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6774) |
+| `VM::POWER_CAPABILITIES` | Check what power states are enabled | 🪟 | 90% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6774) |
 | `VM::PROCESSES` | Check for any VM processes that are active | 🐧 | 40% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5310) |
 | `VM::LINUX_USER_HOST` | Check for default VM username and hostname for linux | 🐧 | 10% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4604) |
 | `VM::GAMARUE` | Check for Gamarue ransomware technique which compares VM-specific Window product IDs | 🪟 | 10% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6815) |
@@ -476,10 +476,10 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
 | `VM::MAC_SIP` | Check if System Integrity Protection is disabled (likely a VM if it is) | 🍏 | 40% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6546) |
 | `VM::REGISTRY_VALUES` | Check HKLM registries for specific VM strings | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6868) |
 | `VM::VPC_INVALID` | Check for official VPC method | 🪟 | 75% |  | 32-bit |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6969) |
-| `VM::SIDT` | Check for uncommon IDT virtual addresses | 🐧🪟 | 45% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5445) |
-| `VM::SGDT` | Check for sgdt instruction method | 🪟 | 45% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7025) |
-| `VM::SLDT` | Check for sldt instruction method | 🪟 | 45% |  | 32-bit |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7088) |
-| `VM::SMSW` | Check for SMSW assembly instruction technique | 🪟 | 45% |  | 32-bit |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7144) |
+| `VM::SIDT` | Check for uncommon IDT virtual addresses | 🐧🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5445) |
+| `VM::SGDT` | Check for sgdt instruction method | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7025) |
+| `VM::SLDT` | Check for sldt instruction method | 🪟 | 50% |  | 32-bit |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7088) |
+| `VM::SMSW` | Check for SMSW assembly instruction technique | 🪟 | 50% |  | 32-bit |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7144) |
 | `VM::VMWARE_IOMEM` | Check for VMware string in /proc/iomem | 🐧 | 65% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4633) |
 | `VM::VMWARE_IOPORTS` | Check for VMware string in /proc/ioports | 🐧 | 70% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5143) |
 | `VM::VMWARE_SCSI` | Check for VMware string in /proc/scsi/scsi | 🐧 | 40% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4942) |
@@ -495,7 +495,7 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
 | `VM::CUCKOO_PIPE` | Check for Cuckoo specific piping mechanism | 🪟 | 30% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7324) |
 | `VM::HYPERV_HOSTNAME` | Check for default Azure hostname format (Azure uses Hyper-V as their base VM brand) | 🐧🪟 | 30% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5544) |
 | `VM::GENERAL_HOSTNAME` | Check for commonly set hostnames by certain VM brands | 🐧🪟 | 10% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5584) |
-| `VM::DISPLAY` | Check for display configurations related to VMs | 🪟 | 20% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7351) |
+| `VM::DISPLAY` | Check for display configurations related to VMs | 🪟 | 35% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7351) |
 | `VM::DEVICE_STRING` | Check if bogus device string would be accepted | 🪟 | 25% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7399) |
 | `VM::BLUESTACKS_FOLDERS` | Check for the presence of BlueStacks-specific folders | 🐧 | 5% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4649) |
 | `VM::CPUID_SIGNATURE` | Check for signatures in leaf 0x40000001 in CPUID | 🐧🪟🍏 | 95% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4132) |
@@ -527,10 +527,10 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
 | `VM::FILE_ACCESS_HISTORY` | Check if the number of accessed files are too low for a human-managed environment | 🐧 | 15% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5218) |
 | `VM::AUDIO` | Check if no waveform-audio output devices are present in the system | 🪟 | 25% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8039) |
 | `VM::NSJAIL_PID` | Check if process status matches with nsjail patterns with PID anomalies | 🐧 | 75% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5245) |
-| `VM::TPM` | Check if the system has a physical TPM by matching the TPM manufacturer against known physical TPM chip vendors | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8081) |
-| `VM::PCI_DEVICES` | Check for PCI vendor and device IDs that are VM-specific | 🐧🪟 | 95% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5985) |
+| `VM::TPM` | Check if the system has a physical TPM by matching the TPM manufacturer against known physical TPM chip vendors | 🪟 | 100% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8081) |
+| `VM::PCI_DEVICES` | Check for PCI vendor and device IDs that are VM-specific | 🐧🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5985) |
 | `VM::QEMU_PASSTHROUGH` | Check for QEMU's hot-plug signature | 🪟 | 90% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8164) |
-| `VM::TRAP` | Check for two traps being raised at the same RIP, a hypervisor interferes with the instruction pointer delivery | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8269) |
+| `VM::TRAP` | Check for two traps being raised at the same RIP, a hypervisor interferes with the instruction pointer delivery | 🪟 | 100% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8338) |
 
 <!-- END OF TECHNIQUE DOCUMENTATION -->
 
diff --git a/src/cli.cpp b/src/cli.cpp
@@ -796,7 +796,7 @@ void general() {
     checker(VM::TPM, "TPM manufacturer");
     checker(VM::PCI_DEVICES, "PCI vendor/device ID");
     checker(VM::QEMU_PASSTHROUGH, "QEMU passthrough");
-    checker(VM::TRAP, "trap behavior");
+    checker(VM::TRAP, "hypervisor interception");
 
     // ADD NEW TECHNIQUE CHECKER HERE
 
diff --git a/src/vmaware.hpp b/src/vmaware.hpp
