lord_viper
مدیر کل انجمن
ارسالها: 3,949
موضوعها: 352
تاریخ عضویت: بهمن ۱۳۸۴
تشکرها : 5193
( 9875 تشکر در 2650 ارسال )
|
شناسایی وجود Vmware, VirtualPc, VirtualBox , Qemu
کد: //-----------------------------------------------------------------------------
// Object: detect Vmware, VirtualBox, VirtualPc and Qemu by comparing
// virtual disk model description
//----------------------------------------------------------------------------
#include <windows.h>
#include <stdio.h>
#include "Drive.h"
// Code was originally written by Lynn McGuire
// http://www.winsim.com/diskid32/winio/diskid32.cpp
// Virtual Harddisk Model Desciptions have to be in uppercase
PCHAR pVirtualDriveModelNames[] = {"VBOX HARDDRIVE",
"QEMU HARDDISK",
"VMWARE VIRTUAL IDE HARD DRIVE",
"VIRTUAL HD"};
//-----------------------------------------------------------------------------
// Name: GetFirstPhysicalDriveModelNames
// Object: get model name of the first found physical drive
// Parameters :
// in :
// out :
// return : model description on success or NULL
// caller have to free mem on success!
//-----------------------------------------------------------------------------
PSTR GetFirstPhysicalDriveModelNames()
{
HANDLE hDrive;
DWORD dwBytesReturned = 0;
DWORD dwCnt;
BYTE bIDInCmd = 0;
SENDCMDINPARAMS Scip;
BYTE pIDOutCmd[sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1];
PIDSECTOR pIdSector;
GETVERSIONOUTPARAMS VersionParams;
PSTR pszModel = malloc(sizeof(pIdSector->sModelNumber));
// Open first physical drive
hDrive = CreateFileA("\\\\.\\PhysicalDrive0",
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
0,
NULL);
if (hDrive == INVALID_HANDLE_VALUE)
{
printf ("Unable to open physical drive 0, error code: 0x%lX\n", GetLastError ());
goto Error;
}
memset (&VersionParams, 0, sizeof(VersionParams));
// Get the version and co, of previousliy opened physical drive driver
if (!DeviceIoControl(hDrive,
DFP_GET_VERSION,
NULL,
0,
&VersionParams,
sizeof(VersionParams),
&dwBytesReturned,
NULL))
{
printf ("DFP_GET_VERSION failed error code: 0x%lX\n", GetLastError ());
goto Error;
}
// Is there bit map of IDE devices?
if (VersionParams.bIDEDeviceMap > 0)
{
// Get ID sector and decide if its a ATAPI or ATA disk
bIDInCmd = (VersionParams.bIDEDeviceMap & 0x10) ? IDE_ATAPI_IDENTIFY : IDE_ATA_IDENTIFY;
memset (&Scip, 0, sizeof(Scip));
memset (pIDOutCmd, 0, sizeof(pIDOutCmd));
// Set up data structures for IDENTIFY command
Scip.cBufferSize = IDENTIFY_BUFFER_SIZE;
Scip.irDriveRegs.bFeaturesReg = 0;
Scip.irDriveRegs.bSectorCountReg = 1;
Scip.irDriveRegs.bSectorNumberReg = 1;
Scip.irDriveRegs.bCylLowReg = 0;
Scip.irDriveRegs.bCylHighReg = 0;
// Compute the drive number
Scip.irDriveRegs.bDriveHeadReg = 0xA0 | (1 << 4);
// The command can either be IDE identify or ATAPI identify
Scip.irDriveRegs.bCommandReg = bIDInCmd;
Scip.bDriveNumber = 0;
Scip.cBufferSize = IDENTIFY_BUFFER_SIZE;
// Get drive data
if(!DeviceIoControl(hDrive,
DFP_RECEIVE_DRIVE_DATA,
(LPVOID) &Scip,
sizeof(SENDCMDINPARAMS) - 1,
(LPVOID) pIDOutCmd,
sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1,
&dwBytesReturned,
NULL))
{
printf ("DFP_RECEIVE_DRIVE_DATA failed error code: 0x%lX\n", GetLastError ());
goto Error;
}
// Point to IDSECTOR
pIdSector = (PIDSECTOR)((PSENDCMDOUTPARAMS)pIDOutCmd)->bBuffer;
// Exchange every two bytes of sModelNumber
for(dwCnt = 0; dwCnt < sizeof(pIdSector->sModelNumber); dwCnt+=2)
{
pszModel[dwCnt+1] = pIdSector->sModelNumber[dwCnt];
pszModel[dwCnt] = pIdSector->sModelNumber[dwCnt+1];
}
// Add ending
pszModel[dwCnt] = '\0';
return CharUpperA(pszModel);
}
Error:
free(pszModel);
if(hDrive)
CloseHandle(hDrive);
return NULL;
}
//-----------------------------------------------------------------------------
// Name: PrintSandboxed
// Object: print a message through CreateFile which will be analysed by the
// sandbox and will appear in the report file
// Parameters :
// in : PSTR pszMsg : print message
// out :
// return :
//-----------------------------------------------------------------------------
void PrintSandboxed(PSTR pszMsg)
{
HANDLE hFile;
hFile = CreateFileA(pszMsg, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL);
if(hFile != INVALID_HANDLE_VALUE)
CloseHandle(hFile);
}
int main()
{
DWORD dwCnt;
PSTR pszModel = GetFirstPhysicalDriveModelNames();
printf(pszModel);
// Compare each model name
for(dwCnt = 0; dwCnt < sizeof(pVirtualDriveModelNames)/sizeof(PSTR); ++dwCnt)
{
if(strstr(pszModel,pVirtualDriveModelNames[dwCnt]))
{
PrintSandboxed("Found virtual machine or emulator");
goto CleanUp;
}
}
PrintSandboxed("We are running on a real system");
CleanUp:
// GetFirstPhysicalDriveModelNames
free(pszModel);
return 0;
}
|
|