final changes before 2.4.0 release

Author: Requiem

docs/documentation.md

@@ -528,7 +528,7 @@ VMAware provides a convenient way to not only check for VMs, but also have the f
 | `VM::AUDIO` | Check if no waveform-audio output devices are present in the system | 🪟 | 25% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8039) |
 | `VM::NSJAIL_PID` | Check if process status matches with nsjail patterns with PID anomalies | 🐧 | 75% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5245) |
 | `VM::TPM` | Check if the system has a physical TPM by matching the TPM manufacturer against known physical TPM chip vendors | 🪟 | 100% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8081) |
-| `VM::PCI_DEVICES` | Check for PCI vendor and device IDs that are VM-specific | 🐧🪟 | 50% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5985) |
+| `VM::PCI_DEVICES` | Check for PCI vendor and device IDs that are VM-specific | 🐧🪟 | 95% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L5985) |
 | `VM::QEMU_PASSTHROUGH` | Check for QEMU's hot-plug signature | 🪟 | 90% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8164) |
 | `VM::TRAP` | Check for two traps being raised at the same RIP, a hypervisor interferes with the instruction pointer delivery | 🪟 | 100% |  |  |  | [link](https://github.com/kernelwernel/VMAware/tree/main/src/vmaware.hpp#L8338) |
 

src/vmaware.hpp

@@ -5687,20 +5687,14 @@ struct VM {
                         return true;
                     }
 
-                    // 1b) lives under _SB.PCI0 but not under _SB.PR00
-                    if (contains("_SB.PCI0", 7) && !contains("_SB.PR00", 7)) {
-                        debug("FIRMWARE: SSDT namespace indicates VM (_SB.PCI0 only)");
-                        return true;
-                    }
-
-                    // 1c) power/adapter objects
+                    // 1b) power/adapter objects
                     if (contains("PWRB", 4) && contains("SLPB", 4) && contains("ACAD", 4)) {
                         debug("FIRMWARE: VM‐specific power/adapter objects detected");
                         return true;
                     }
                 }
 
-                // 2) Spoofed AMD manufacturer
+                // 2) spoofed AMD manufacturer
                 constexpr char man_short[] = "Advanced Micro Devices";
                 constexpr char man_full[] = "Advanced Micro Devices, Inc.";
                 const size_t short_len = sizeof(man_short) - 1;
@@ -5730,7 +5724,7 @@ struct VM {
                     }
                 }
 
-                // 4) Known patches used by popular hardeners 
+                // 4) known patches used by popular hardeners 
                 constexpr char marker[] = "777777";
                 constexpr size_t mlen = sizeof(marker) - 1;
                 if (len >= mlen) {
@@ -5745,7 +5739,7 @@ struct VM {
                 return false;
             };
 
-            // 1) Enumerate ACPI tables
+            // 1) enumerate ACPI tables
             const DWORD enumSize = EnumSystemFirmwareTables(ACPI_SIG, nullptr, 0);
             if (enumSize == 0) return false;
 
@@ -5770,7 +5764,7 @@ struct VM {
                 return true;
             }
 
-            // Helper to fetch one table into a malloc'd buffer
+            // helper to fetch one table into a malloc'd buffer
             auto fetch = [&](DWORD provider, DWORD tableID, BYTE*& outBuf, size_t& outLen) -> bool {
                 const UINT sz = GetSystemFirmwareTable(provider, __bswap32(tableID), nullptr, 0);
                 if (sz == 0) return false;
@@ -5786,7 +5780,7 @@ struct VM {
                 return true;
             };
 
-            // 3) Scan FADT + each ACPI table
+            // 3) scan FADT + each ACPI table
             for (auto tbl : tables) {
                 if (tbl == facpSig) {
                     BYTE* buf = nullptr;
@@ -5842,7 +5836,7 @@ struct VM {
                 return true;
             }
 
-            // 5) SMBIOS / FIRM tables
+            // 5) SMBIOS (RSMB) / FIRM tables
             const DWORD smbios[] = { FIRM_SIG, RSMB_SIG };
             for (DWORD provider : smbios) {
                 const UINT enumSMB = EnumSystemFirmwareTables(provider, nullptr, 0);
@@ -8201,7 +8195,6 @@ struct VM {
             nullptr,
             DIGCF_PRESENT);
         if (hDevInfo == INVALID_HANDLE_VALUE) {
-            std::wcerr << L"[ERROR] SetupDiGetClassDevsW failed\n";
             return false;
         }
 
@@ -8218,7 +8211,6 @@ struct VM {
                 hDevInfo, &devInfo, &key, &propType,
                 nullptr, 0, &requiredSize, 0);
             if (GetLastError() != ERROR_INSUFFICIENT_BUFFER || requiredSize == 0) {
-                // No LocationPaths or error; skip
                 continue;
             }
 
@@ -8241,7 +8233,7 @@ struct VM {
 
         #ifdef __VMAWARE_DEBUG__
             for (auto& wstr : paths) {
-                debug(wstr);
+                debug("QEMU_PASSTHROUGH: ", wstr);
             }
         #endif
 
@@ -9542,6 +9534,7 @@ struct VM {
             case HIGH_THRESHOLD: return "setting flag, error";
             case DYNAMIC: return "setting flag, error";
             case MULTIPLE: return "setting flag, error";
+            default: return "Unknown flag";
         }
     }
 
@@ -10041,7 +10034,7 @@ std::pair<VM::enum_flags, VM::core::technique> VM::core::technique_list[] = {
 
     #if (LINUX || WINDOWS)
         std::make_pair(VM::FIRMWARE, VM::core::technique(100, VM::firmware)),
-        std::make_pair(VM::PCI_DEVICES, VM::core::technique(50, VM::pci_devices)),
+        std::make_pair(VM::PCI_DEVICES, VM::core::technique(95, VM::pci_devices)),
         std::make_pair(VM::SIDT, VM::core::technique(50, VM::sidt)),
         std::make_pair(VM::DISK_SIZE, VM::core::technique(60, VM::disk_size)),
         std::make_pair(VM::HYPERV_HOSTNAME, VM::core::technique(30, VM::hyperv_hostname)),