kernelwernel · NotRequiem · May 6, 2026 · May 6, 2026 · May 6, 2026 · May 6, 2026
diff --git a/src/cli.cpp b/src/cli.cpp
@@ -986,21 +986,21 @@ static void general(
     checker(VM::CONTAINER_PID, "container PID");
     checker(VM::DEVICES, "PCI vendor/device ID");
     checker(VM::ACPI_SIGNATURE, "ACPI device signatures");
-    checker(VM::TRAP, "hypervisor interception");
     checker(VM::UD, "undefined exceptions");
-    checker(VM::INTERRUPT_SHADOW, "interrupt shadows");
     checker(VM::DBVM, "DBVM hypervisor");
     checker(VM::BOOT_LOGO, "boot logo");
     checker(VM::MAC_SYS, "system profiler");
     checker(VM::KERNEL_OBJECTS, "kernel objects");
     checker(VM::NVRAM, "NVRAM");
     checker(VM::EDID, "EDID");
-    checker(VM::CPU_HEURISTIC, "CPU heuristics");
     checker(VM::CLOCK, "system timers");
     checker(VM::MSR, "model specific registers");
+    checker(VM::CPU_HEURISTIC, "instruction capabilities");
+    checker(VM::INTERRUPT_SHADOW, "interrupt shadows");
+    checker(VM::TRAP, "hypervisor interception");
     checker(VM::KVM_INTERCEPTION, "KVM interception");
     checker(VM::HYPERVISOR_HOOK, "EPT/NPT hooking");
-    checker(VM::POPF, "popf behavior");
+    checker(VM::SINGLE_STEP, "single step behavior");
     checker(VM::EIP_OVERFLOW, "instructions in compat mode");
     checker(VM::CGROUP, "cgroup namespace");
 

diff --git a/src/vmaware.hpp b/src/vmaware.hpp
@@ -596,7 +596,7 @@ struct VM {
         MSR,
         KVM_INTERCEPTION,
         HYPERVISOR_HOOK,
-        POPF,
+        SINGLE_STEP,
         EIP_OVERFLOW,
 
         // Linux and Windows
@@ -910,19 +910,19 @@ struct VM {
             if (p_leaf < 0x40000000) {
                 // Standard range: 0x00000000 - 0x3FFFFFFF
                 cpu::cpuid(eax, unused, unused, unused, 0x00000000);
-                debug("CPUID: max standard leaf = ", eax);
+                debug("CPUID: max standard leaf = 0x", std::hex, eax);
                 supported = (p_leaf <= eax);
             }
             else if (p_leaf < 0x80000000) {
                 // Hypervisor range: 0x40000000 - 0x7FFFFFFF
                 cpu::cpuid(eax, unused, unused, unused, cpu::leaf::hypervisor);
-                debug("CPUID: max hypervisor leaf = ", eax);
+                debug("CPUID: max hypervisor leaf = 0x", std::hex, eax);
                 supported = (p_leaf <= eax);
             }
             else if (p_leaf < 0xC0000000) {
                 // Extended range: 0x80000000 - 0xBFFFFFFF
                 cpu::cpuid(eax, unused, unused, unused, cpu::leaf::func_ext);
-                debug("CPUID: max extended leaf = ", eax);
+                debug("CPUID: max extended leaf = 0x", std::hex, eax);
                 supported = (p_leaf <= eax);
             }
             else {
@@ -12713,9 +12713,9 @@ struct VM {
     /**
      * @brief Check whether a hypervisor delays trap flags over exiting instructions
      * @category Windows, x86
-     * @implements VM::POPF
+     * @implements VM::SINGLE_STEP
      */
-    [[nodiscard]] static bool popf() {
+    [[nodiscard]] static bool single_step() {
     #if (!x86)
         return false;
     #else
@@ -13723,7 +13723,7 @@ struct VM {
             case MSR: return "MSR";
             case KVM_INTERCEPTION: return "KVM_INTERCEPTION";
             case HYPERVISOR_HOOK: return "BREAKPOINT";
-            case POPF: return "POPF";
+            case SINGLE_STEP: return "POPF";
             case EIP_OVERFLOW: return "EIP_OVERFLOW";
             case CGROUP: return "CGROUP";
             // END OF TECHNIQUE LIST
@@ -14258,31 +14258,31 @@ std::array<VM::core::technique, VM::enum_size + 1> VM::core::technique_table = [
         // START OF TECHNIQUE TABLE
         #if (WINDOWS)
             {VM::TRAP, {100, VM::trap}},
+            {VM::KVM_INTERCEPTION, {100, VM::kvm_interception}},
+            {VM::INTERRUPT_SHADOW, {100, VM::interrupt_shadow}},
+            {VM::EIP_OVERFLOW, {100, VM::eip_overflow}},
+            {VM::HYPERVISOR_HOOK, {100, VM::hypervisor_hook}},
+            {VM::SINGLE_STEP, {100, VM::single_step}},
             {VM::NVRAM, {100, VM::nvram}},
-            {VM::HYPERVISOR_QUERY, {100, VM::hypervisor_query}},
-            {VM::ACPI_SIGNATURE, {100, VM::acpi_signature}},
             {VM::CPU_HEURISTIC, {90, VM::cpu_heuristic}},
+            {VM::ACPI_SIGNATURE, {100, VM::acpi_signature}},
             {VM::CLOCK, {45, VM::clock}},
             {VM::POWER_CAPABILITIES, {25, VM::power_capabilities}},
             {VM::GPU_CAPABILITIES, {25, VM::gpu_capabilities}},
-            {VM::KVM_INTERCEPTION, {100, VM::kvm_interception}},
-            {VM::EIP_OVERFLOW, {100, VM::eip_overflow}},
-            {VM::HYPERVISOR_HOOK, {100, VM::hypervisor_hook}},
-            {VM::POPF, {100, VM::popf}},
-            {VM::INTERRUPT_SHADOW, {100, VM::interrupt_shadow}},
-            {VM::MSR, {100, VM::msr}},
             {VM::EDID, {100, VM::edid}},
+            {VM::MSR, {100, VM::msr}},
             {VM::VIRTUAL_PROCESSORS, {100, VM::virtual_processors}},
             {VM::WINE, {100, VM::wine}},
             {VM::DBVM, {150, VM::dbvm}},
+            {VM::UD, {100, VM::ud}},
             {VM::IVSHMEM, {100, VM::ivshmem}},
             {VM::DRIVERS, {100, VM::drivers}},
+            {VM::HYPERVISOR_QUERY, {100, VM::hypervisor_query}},
             {VM::HANDLES, {100, VM::device_handles}},
             {VM::KERNEL_OBJECTS, {100, VM::kernel_objects}},
+            {VM::DLL, {50, VM::dll}},
             {VM::AUDIO, {25, VM::audio}},
             {VM::DISPLAY, {25, VM::display}},
-            {VM::DLL, {50, VM::dll}},
-            {VM::UD, {100, VM::ud}},
             {VM::VMWARE_BACKDOOR, {100, VM::vmware_backdoor}},
             {VM::VIRTUAL_REGISTRY, {90, VM::virtual_registry}},
             {VM::MUTEX, {100, VM::mutex}},