شناسایی ماشین مجازی (VMWare)

[yeketaz]

با این کد می توانید بفمید که آیا برنامه در یک ماشین مجازی اجرا می شود یا نه

کد:

#COMPILE EXE
#REGISTER NONE
#INCLUDE "win32api.inc"

TYPE seh
dwprevlink AS DWORD
dwcurrenthandler AS DWORD
dwsafeoffset AS DWORD
dwprevesp AS DWORD
dwprevebp AS DWORD
END TYPE

FUNCTION seh_handler CDECL(BYVAL ptexcept AS exception_record PTR,BYVAL ptframe AS seh PTR,BYVAL ptcontext AS context PTR, BYVAL pdwdispatch AS DWORD) AS LONG
@ptcontext.regeip = @ptcontext.regeip + 13 '// set eip to a known safe offset
END FUNCTION

FUNCTION vmwaredetect() AS LONG
#REGISTER NONE
FUNCTION = 0
LOCAL lebp AS LONG, lesp AS LONG, tseh AS seh
'// setup the seh.
! push dword fs:[0]
tseh.dwcurrenthandler = CODEPTR(seh_handler)
tseh.dwsafeoffset = CODEPTR(except)
! lea esi, tseh
! mov fs:[0], esi
! mov lesp, esp
! mov lebp, ebp
tseh.dwprevesp = lesp
tseh.dwprevebp = lebp
'// call the vmware backdoor to see if its there.
'// if its not there, our seh will save us from crashing.
! mov ecx, &h0a
! mov eax, "vmxh"
! mov dx, "vx"
! in eax, dx
! cmp ebx, "vmxh"
! je vmwarefound
! jmp except
vmwarefound:
FUNCTION = 1
except:
! pop dword fs:[0]
END FUNCTION

FUNCTION PBMAIN() AS LONG
IF vmwaredetect = 1 THEN
MSGBOX "We Are In VMWare Now"
ELSE
MSGBOX "We Aren't In VMWare Now"
END IF
END FUNCTION