ايران ويج

نسخه‌ی کامل: شناسایی ماشین مجازی (VMWare)
شما در حال مشاهده‌ی نسخه‌ی متنی این صفحه می‌باشید. مشاهده‌ی نسخه‌ی کامل با قالب بندی مناسب.
با این کد می توانید بفمید که آیا برنامه در یک ماشین مجازی اجرا می شود یا نه

کد:
#COMPILE EXE
#REGISTER NONE
#INCLUDE "win32api.inc"

TYPE seh
dwprevlink AS DWORD
dwcurrenthandler AS DWORD
dwsafeoffset AS DWORD
dwprevesp AS DWORD
dwprevebp AS DWORD
END TYPE

FUNCTION seh_handler CDECL(BYVAL ptexcept AS exception_record PTR,BYVAL ptframe AS seh PTR,BYVAL ptcontext AS context PTR, BYVAL pdwdispatch AS DWORD) AS LONG
@ptcontext.regeip = @ptcontext.regeip + 13 '// set eip to a known safe offset
END FUNCTION

FUNCTION vmwaredetect() AS LONG
#REGISTER NONE
FUNCTION = 0
LOCAL lebp AS LONG, lesp AS LONG, tseh AS seh
'// setup the seh.
! push dword fs:[0]
tseh.dwcurrenthandler = CODEPTR(seh_handler)
tseh.dwsafeoffset = CODEPTR(except)
! lea esi, tseh
! mov fs:[0], esi
! mov lesp, esp
! mov lebp, ebp
tseh.dwprevesp = lesp
tseh.dwprevebp = lebp
'// call the vmware backdoor to see if its there.
'// if its not there, our seh will save us from crashing.
! mov ecx, &h0a
! mov eax, "vmxh"
! mov dx, "vx"
! in eax, dx
! cmp ebx, "vmxh"
! je vmwarefound
! jmp except
vmwarefound:
FUNCTION = 1
except:
! pop dword fs:[0]
END FUNCTION

FUNCTION PBMAIN() AS LONG
IF vmwaredetect = 1 THEN
MSGBOX "We Are In VMWare Now"
ELSE
MSGBOX "We Aren't In VMWare Now"
END IF
END FUNCTION