adjusted scores + fixed updater.py for unicode support

Author: Requiem

auxiliary/updater.py

@@ -41,7 +41,7 @@
 
 
 def update_sections(filename):
-    with open(filename, 'r') as vmaware_read:
+    with open(filename, 'r', encoding='utf-8', errors='ignore') as vmaware_read:
         header_content = vmaware_read.readlines()
 
     enum = "enum enum_flags"
@@ -112,7 +112,7 @@ def update_sections(filename):
     for i, new_line in enumerate(banner):
         header_content[section_line + i] = new_line + '\n'
 
-    with open(filename, 'w') as file:
+    with open(filename, 'w', encoding='utf-8', errors='ignore') as file:
         file.writelines(header_content)
 
 
@@ -126,7 +126,7 @@ def update_date(filename):
             date_arg = arg
             break
 
-    with open(filename, 'r') as file:
+    with open(filename, 'r', encoding='utf-8', errors='ignore') as file:
         header_content = file.readlines()
 
     banner_line = " *   ╚═══╝  ╚═╝     ╚═╝╚═╝  ╚═╝ ╚══╝╚══╝ ╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝ "
@@ -143,7 +143,6 @@ def find_pattern(base_str):
         print(f"Version number not found for {red}{bold}{base_str}{ansi_exit}, aborting")
         sys.exit(1)
 
-
     header_version = find_pattern(header_content[index])
     arg_version = find_pattern(date_arg) if date_arg else header_version
     new_date = datetime.now().strftime("%B %Y")
@@ -157,13 +156,11 @@ def find_pattern(base_str):
 
     header_content[index] = new_content + '\n'
 
-    with open(filename, 'w') as file:
+    with open(filename, 'w', encoding='utf-8', errors='ignore') as file:
         file.writelines(header_content)
 
 
-
-
-with open(vmaware_file, 'r') as file:
+with open(vmaware_file, 'r', encoding='utf-8', errors='ignore') as file:
     file_content = file.readlines()
 
 
@@ -207,6 +204,7 @@ def __init__(self, enum_name="", line=0, platform_emojis="", score=0, descriptio
         self.notes = notes
         self.code_link = code_link
 
+
 class array_dict(dict):
     def __getitem__(self, key):
         return self.get(key)
@@ -218,6 +216,7 @@ def init_as_list(self, key):
 
 technique = array_dict()
 
+
 def fetch_lib_info(enum_list):
     for enum in enum_list:
         technique.init_as_list(enum)
@@ -231,13 +230,11 @@ def fetch_lib_info(enum_list):
                 technique[enum].line = i + 1
                 break
 
-
     # generate the code implementation link 
     link = "[link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L"
     for enum in enum_list:
         technique[enum].code_link = link + str(technique[enum].line) + ")"
 
-
     # fetch scores
     start = "// START OF TECHNIQUE TABLE"
     end = "// END OF TECHNIQUE TABLE"
@@ -253,7 +250,6 @@ def fetch_lib_info(enum_list):
                 end_ptr = index
                 break  # Stop after first end marker
 
-
         if start_ptr == -1 or end_ptr == -1:
             print("Error: Start or end marker not found")
         else:
@@ -265,7 +261,6 @@ def fetch_lib_info(enum_list):
                 if match:
                     technique[enum].score = int(match.group(1))
 
-
     # fetch more stuff
     for enum in enum_list:
         start_line = end_line = technique[enum].line
@@ -322,7 +317,6 @@ def fetch_lib_info(enum_list):
                 technique[enum].notes = line.split("@note", 1)[-1]
 
 
-
 def update_docs(enum_list):
     technique_array = []
 
@@ -340,7 +334,7 @@ def update_docs(enum_list):
 
         technique_array.append("| " + " | ".join(str(item).strip() for item in order) + " |")
 
-    with open(vmaware_docs, 'r') as file:
+    with open(vmaware_docs, 'r', encoding='utf-8', errors='ignore') as file:
         docs_content = file.readlines()
 
     docs_start = "<!-- START OF TECHNIQUE DOCUMENTATION -->"
@@ -367,7 +361,7 @@ def update_docs(enum_list):
 
     docs_content[start_ptr:end_ptr - 1] = [line + '\n' for line in technique_array]
 
-    with open(vmaware_docs, 'w', newline='\n') as f:
+    with open(vmaware_docs, 'w', encoding='utf-8', errors='ignore', newline='\n') as f:
         f.writelines(docs_content)
 
 

docs/documentation.md

@@ -458,14 +458,14 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
 | `VM::DMIDECODE` | Check if dmidecode output matches a VM brand | 🐧 | 55% | Admin |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4423) |
 | `VM::DMESG` | Check if dmesg output matches a VM brand | 🐧 | 65% | Admin |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4557) |
 | `VM::HWMON` | Check if /sys/class/hwmon/ directory is present. If not, likely a VM | 🐧 | 35% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4594) |
-| `VM::DLL` | Check for VM-specific DLLs | 🪟 | 25% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6563) |
+| `VM::DLL` | Check for VM-specific DLLs | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6563) |
 | `VM::REGISTRY_KEYS` | Check for VM-specific registry values | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6594) |
 | `VM::HWMODEL` | Check if the sysctl for the hwmodel does not contain the "Mac" string | 🍏 | 100% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6341) |
 | `VM::DISK_SIZE` | Check if disk size is under or equal to 50GB | 🐧🪟 | 60% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5335) |
 | `VM::VBOX_DEFAULT` | Check for default RAM and DISK sizes set by VirtualBox | 🐧🪟 | 25% | Admin |  | Admin only needed for Linux | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5351) |
 | `VM::VBOX_NETWORK` | Check for VirtualBox network provider string | 🪟 | 100% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6704) |
 | `VM::WINE` | Check if the function "wine_get_unix_file_name" is present and if the OS booted from a VHD container | 🪟 | 100% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6734) |
-| `VM::POWER_CAPABILITIES` | Check what power states are enabled | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6774) |
+| `VM::POWER_CAPABILITIES` | Check what power states are enabled | 🪟 | 90% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6774) |
 | `VM::PROCESSES` | Check for any VM processes that are active | 🐧 | 40% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5310) |
 | `VM::LINUX_USER_HOST` | Check for default VM username and hostname for linux | 🐧 | 10% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4604) |
 | `VM::GAMARUE` | Check for Gamarue ransomware technique which compares VM-specific Window product IDs | 🪟 | 10% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6815) |
@@ -476,10 +476,10 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
 | `VM::MAC_SIP` | Check if System Integrity Protection is disabled (likely a VM if it is) | 🍏 | 40% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6546) |
 | `VM::REGISTRY_VALUES` | Check HKLM registries for specific VM strings | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6868) |
 | `VM::VPC_INVALID` | Check for official VPC method | 🪟 | 75% |  | 32-bit |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L6969) |
-| `VM::SIDT` | Check for uncommon IDT virtual addresses | 🐧🪟 | 45% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5445) |
-| `VM::SGDT` | Check for sgdt instruction method | 🪟 | 45% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7025) |
-| `VM::SLDT` | Check for sldt instruction method | 🪟 | 45% |  | 32-bit |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7088) |
-| `VM::SMSW` | Check for SMSW assembly instruction technique | 🪟 | 45% |  | 32-bit |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7144) |
+| `VM::SIDT` | Check for uncommon IDT virtual addresses | 🐧🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5445) |
+| `VM::SGDT` | Check for sgdt instruction method | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7025) |
+| `VM::SLDT` | Check for sldt instruction method | 🪟 | 50% |  | 32-bit |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7088) |
+| `VM::SMSW` | Check for SMSW assembly instruction technique | 🪟 | 50% |  | 32-bit |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7144) |
 | `VM::VMWARE_IOMEM` | Check for VMware string in /proc/iomem | 🐧 | 65% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4633) |
 | `VM::VMWARE_IOPORTS` | Check for VMware string in /proc/ioports | 🐧 | 70% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5143) |
 | `VM::VMWARE_SCSI` | Check for VMware string in /proc/scsi/scsi | 🐧 | 40% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4942) |
@@ -495,7 +495,7 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
 | `VM::CUCKOO_PIPE` | Check for Cuckoo specific piping mechanism | 🪟 | 30% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7324) |
 | `VM::HYPERV_HOSTNAME` | Check for default Azure hostname format (Azure uses Hyper-V as their base VM brand) | 🐧🪟 | 30% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5544) |
 | `VM::GENERAL_HOSTNAME` | Check for commonly set hostnames by certain VM brands | 🐧🪟 | 10% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5584) |
-| `VM::DISPLAY` | Check for display configurations related to VMs | 🪟 | 20% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7351) |
+| `VM::DISPLAY` | Check for display configurations related to VMs | 🪟 | 35% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7351) |
 | `VM::DEVICE_STRING` | Check if bogus device string would be accepted | 🪟 | 25% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L7399) |
 | `VM::BLUESTACKS_FOLDERS` | Check for the presence of BlueStacks-specific folders | 🐧 | 5% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4649) |
 | `VM::CPUID_SIGNATURE` | Check for signatures in leaf 0x40000001 in CPUID | 🐧🪟🍏 | 95% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L4132) |
@@ -527,10 +527,10 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
 | `VM::FILE_ACCESS_HISTORY` | Check if the number of accessed files are too low for a human-managed environment | 🐧 | 15% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5218) |
 | `VM::AUDIO` | Check if no waveform-audio output devices are present in the system | 🪟 | 25% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8039) |
 | `VM::NSJAIL_PID` | Check if process status matches with nsjail patterns with PID anomalies | 🐧 | 75% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5245) |
-| `VM::TPM` | Check if the system has a physical TPM by matching the TPM manufacturer against known physical TPM chip vendors | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8081) |
-| `VM::PCI_DEVICES` | Check for PCI vendor and device IDs that are VM-specific | 🐧🪟 | 95% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5985) |
+| `VM::TPM` | Check if the system has a physical TPM by matching the TPM manufacturer against known physical TPM chip vendors | 🪟 | 100% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8081) |
+| `VM::PCI_DEVICES` | Check for PCI vendor and device IDs that are VM-specific | 🐧🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5985) |
 | `VM::QEMU_PASSTHROUGH` | Check for QEMU's hot-plug signature | 🪟 | 90% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8164) |
-| `VM::TRAP` | Check for two traps being raised at the same RIP, a hypervisor interferes with the instruction pointer delivery | 🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8269) |
+| `VM::TRAP` | Check for two traps being raised at the same RIP, a hypervisor interferes with the instruction pointer delivery | 🪟 | 100% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8338) |
 
 <!-- END OF TECHNIQUE DOCUMENTATION -->
 

src/vmaware.hpp

@@ -4,7 +4,7 @@
  * ██║   ██║██╔████╔██║███████║██║ █╗ ██║███████║██████╔╝█████╗
  * ╚██╗ ██╔╝██║╚██╔╝██║██╔══██║██║███╗██║██╔══██║██╔══██╗██╔══╝
  *  ╚████╔╝ ██║ ╚═╝ ██║██║  ██║╚███╔███╔╝██║  ██║██║  ██║███████╗
- *   ╚═══╝  ╚═╝     ╚═╝╚═╝  ╚═╝ ╚══╝╚══╝ ╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝ Experimental post-2.3.0 (May 2025)
+ *   ╚═══╝  ╚═╝     ╚═╝╚═╝  ╚═╝ ╚══╝╚══╝ ╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝ Experimental post-2.3.0 (June 2025)
  *
  *  C++ VM detection library
  *
@@ -53,10 +53,10 @@
  * - struct for internal cpu operations        => line 717
  * - struct for internal memoization           => line 1042
  * - struct for internal utility functions     => line 1183
- * - struct for internal core components       => line 8359
+ * - struct for internal core components       => line 8428
  * - start of VM detection technique list      => line 1993
- * - start of public VM detection functions    => line 8874
- * - start of externally defined variables     => line 9802
+ * - start of public VM detection functions    => line 8943
+ * - start of externally defined variables     => line 9871
  *
  *
  * ============================== EXAMPLE ===================================
@@ -10006,15 +10006,15 @@ std::pair<VM::enum_flags, VM::core::technique> VM::core::technique_list[] = {
     // START OF TECHNIQUE TABLE
     #if (WINDOWS)
         std::make_pair(VM::GPU_CAPABILITIES, VM::core::technique(100, VM::gpu_capabilities)),
-        std::make_pair(VM::TRAP, VM::core::technique(50, VM::trap)),
-        std::make_pair(VM::TPM, VM::core::technique(50, VM::tpm)),
+        std::make_pair(VM::TRAP, VM::core::technique(100, VM::trap)),
+        std::make_pair(VM::TPM, VM::core::technique(100, VM::tpm)),
         std::make_pair(VM::QEMU_PASSTHROUGH, VM::core::technique(90, VM::qemu_passthrough)),
-        std::make_pair(VM::POWER_CAPABILITIES, VM::core::technique(50, VM::power_capabilities)),
+        std::make_pair(VM::POWER_CAPABILITIES, VM::core::technique(90, VM::power_capabilities)),
         std::make_pair(VM::DISK_SERIAL, VM::core::technique(100, VM::disk_serial_number)),
         std::make_pair(VM::IVSHMEM, VM::core::technique(100, VM::ivshmem)),
-        std::make_pair(VM::SGDT, VM::core::technique(45, VM::sgdt)),
-        std::make_pair(VM::SLDT, VM::core::technique(45, VM::sldt)),
-        std::make_pair(VM::SMSW, VM::core::technique(45, VM::smsw)),
+        std::make_pair(VM::SGDT, VM::core::technique(50, VM::sgdt)),
+        std::make_pair(VM::SLDT, VM::core::technique(50, VM::sldt)),
+        std::make_pair(VM::SMSW, VM::core::technique(50, VM::smsw)),
         std::make_pair(VM::DRIVERS, VM::core::technique(100, VM::drivers)),
         std::make_pair(VM::REGISTRY_VALUES, VM::core::technique(50, VM::registry_values)),
         std::make_pair(VM::REGISTRY_KEYS, VM::core::technique(50, VM::registry_keys)),
@@ -10024,8 +10024,8 @@ std::pair<VM::enum_flags, VM::core::technique> VM::core::technique_list[] = {
         std::make_pair(VM::VIRTUAL_PROCESSORS, VM::core::technique(100, VM::virtual_processors)),
         std::make_pair(VM::HYPERV_QUERY, VM::core::technique(100, VM::hyperv_query)),
         std::make_pair(VM::AUDIO, VM::core::technique(25, VM::audio)),
-        std::make_pair(VM::DISPLAY, VM::core::technique(20, VM::display)),
-        std::make_pair(VM::DLL, VM::core::technique(25, VM::dll)),
+        std::make_pair(VM::DISPLAY, VM::core::technique(35, VM::display)),
+        std::make_pair(VM::DLL, VM::core::technique(50, VM::dll)),
         std::make_pair(VM::VBOX_NETWORK, VM::core::technique(100, VM::vbox_network_share)),
         std::make_pair(VM::VMWARE_BACKDOOR, VM::core::technique(100, VM::vmware_backdoor)),
         std::make_pair(VM::WINE, VM::core::technique(100, VM::wine)),
@@ -10041,8 +10041,8 @@ std::pair<VM::enum_flags, VM::core::technique> VM::core::technique_list[] = {
 
     #if (LINUX || WINDOWS)
         std::make_pair(VM::FIRMWARE, VM::core::technique(100, VM::firmware)),
-        std::make_pair(VM::PCI_DEVICES, VM::core::technique(95, VM::pci_devices)),
-        std::make_pair(VM::SIDT, VM::core::technique(45, VM::sidt)),
+        std::make_pair(VM::PCI_DEVICES, VM::core::technique(50, VM::pci_devices)),
+        std::make_pair(VM::SIDT, VM::core::technique(50, VM::sidt)),
         std::make_pair(VM::DISK_SIZE, VM::core::technique(60, VM::disk_size)),
         std::make_pair(VM::HYPERV_HOSTNAME, VM::core::technique(30, VM::hyperv_hostname)),
         std::make_pair(VM::VBOX_DEFAULT, VM::core::technique(25, VM::vbox_default_specs)),