API tools faq
paste
Advertisement
Madmouse

Detecting vmware POC, part of a series im doing

Madmouse
Feb 14th, 2015
441
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.19 KB | None | 0 0
raw download clone embed print report
  1. /// GNU version
  2. // ------------------------------------------------------------------------------
  3. // THE BEER-WARE LICENSE (Revision 43):
  4. // <aaronryool@gmail.com> wrote this file. As long as you retain this notice you
  5. // can do whatever you want with this stuff. If we meet some day, and you think
  6. // this stuff is worth it, you can buy me a beer in return
  7. // ------------------------------------------------------------------------------
  8.  
  9. #include <unistd.h>
  10. #include <signal.h>
  11. main(a);
  12. __sighandler_t handler(int sig)
  13. {
  14.     switch(sig)
  15.     {
  16.         case SIGSEGV:
  17.             main(0xc0de);
  18.         break;
  19.     }
  20. }
  21.  
  22. unsigned vmware(void)
  23. {
  24. asm(
  25.     ".intel_syntax noprefix\n"
  26.     "mov eax, 0x564d5868\n"
  27.     "mov cl, 0xa\n"
  28.     "mov dx, 0x5658\n"
  29.     "in eax, dx\n"
  30.     "cmp ebx, 0\n"
  31.     "jne matrix\n"
  32.     "xor eax, eax\n"
  33.     "ret\n"
  34.     "matrix:\n"
  35.     "mov eax, 1\n");
  36. }
  37.  
  38.  
  39.  
  40. main(a)
  41. {
  42.     if(a==0xc0de) goto stage2;
  43.     signal(SIGSEGV, &handler);
  44.    
  45.     if(vmware()) goto matrix;
  46.  
  47. stage2:
  48.     puts("Isn't real life boring?");
  49.     exit(0);
  50.  
  51. matrix:
  52.     puts("The Matrix haz you Neo...");
  53.     exit(1);
  54. }
  55.  
  56.  
  57.  
  58. /// Windblowz version for completeness sake
  59. // ------------------------------------------------------------------------------
  60. // THE BEER-WARE LICENSE (Revision 43):
  61. // <aaronryool@gmail.com> wrote this file. As long as you retain this notice you
  62. // can do whatever you want with this stuff. If we meet some day, and you think
  63. // this stuff is worth it, you can buy me a beer in return
  64. // ------------------------------------------------------------------------------
  65.  
  66. #include <iostream>
  67. #include <windows.h>
  68.  
  69. unsigned vmware(void)
  70. {
  71. __asm{
  72.     mov eax, 0x564d5868
  73.     mov cl, 0xa
  74.     mov dx, 0x5658
  75.     in eax, dx
  76.     cmp ebx, 0
  77.     jne matrix
  78.     xor eax, eax
  79.     ret
  80.     matrix:
  81.     mov eax, 1};
  82. }
  83.  
  84. int seh_filter(unsigned code, struct _EXCEPTION_POINTERS* ep)
  85. {
  86.     return EXCEPTION_EXECUTE_HANDLER;
  87. }
  88.  
  89. int _tmain(int a, _TCHAR* argv[])
  90. {
  91.     __try
  92.     {
  93.         if(vmware()) goto matrix;
  94.     }
  95.     __except(seh_filter(GetExceptionCode(), GetExceptionInformation()))
  96.     {
  97.             goto stage2;
  98.     }
  99.  
  100. stage2:
  101.     std::cout << "Isn't real life boring?"<<std::endl;
  102.     exit(0);
  103.  
  104. matrix:
  105.     std::cout << "The Matrix haz you Neo..."<<std::endl;
  106.     exit(1);
  107. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!