#include "VirtualMachineDetect.h"//-----------------------------------------

1. #include "VirtualMachineDetect.h"
2.  
3. //----------------------------------------------------------------------
4. bool VMwareDetect()
5. {
6. __try
7.     {
8.     __asm
9.         {
10.         mov eax, 0x564d5868
11.         mov ecx, 0x0A
12.         mov edx, 0x5658
13.         in eax, dx
14.         }
15.     return true;
16.     }
17. __except(EXCEPTION_EXECUTE_HANDLER)
18.     {
19.     return false;
20.     }
21. }
22. //----------------------------------------------------------------------
23. bool VirtualPCDetect()
24. {
25. __try
26.     {
27.     __asm
28.         {
29.         xor ebx, ebx
30.         mov eax, 1
31.         __emit(0x0F)
32.         __emit(0x3F)
33.         __emit(0x07)
34.         __emit(0x0B)     
35.         }
36.     return true;
37.     }
38. __except(EXCEPTION_EXECUTE_HANDLER)
39.     {
40.      return false;
41.     }
42. }
43. //----------------------------------------------------------------------
44. bool VMwareWindowDetect()
45. {
46. HWND VMwareWindow = NULL;
47. VMwareWindow = FindWindowA("VMSwitchUserControlClass",NULL);
48. if(VMwareWindow != NULL)
49.     {
50.     return true;
51.     }
52. return false;
53. }
54. //----------------------------------------------------------------------
55. bool VirtualBoxWindowDetect()
56. {
57. HWND VBoxWindow = NULL;
58. VBoxWindow = FindWindowA("VBoxTrayToolWndClass",NULL);
59. if(VBoxWindow != NULL)
60.     {
61.     return true;
62.     }
63. return false;
64. }
65. //----------------------------------------------------------------------
66. bool VMwareBIOSDetect()
67. {
68. HKEY rKey;
69. wchar_t RegKey[256];
70. wchar_t RegVMware[] = {L"VMware Virtual Platform"};
71. DWORD RegPath = sizeof(RegKey);
72.  
73. RegOpenKeyEx(HKEY_LOCAL_MACHINE,
74.              L"HARDWARE\\DESCRIPTION\\System\\BIOS",
75.              0,
76.              KEY_QUERY_VALUE,
77.              &rKey);
78.  
79. RegQueryValueEx(rKey,
80.                 L"SystemProductName",
81.                 NULL,
82.                 NULL,
83.                 (BYTE*)RegKey,
84.                 &RegPath);
85.  
86. RegCloseKey(rKey);
87.  
88. if (memcmp(RegKey, RegVMware, 48) == 0)
89.     {  
90.     return true;
91.     }
92. return false;
93. }
94. //----------------------------------------------------------------------
95. bool VirtualBoxBIOSDetect()
96. {
97. HKEY rKey;
98. wchar_t RegKey[256];
99. wchar_t RegVBox[] = {L"Oracle VM VirtualBox"};
100. DWORD RegPath = sizeof(RegKey);
101.  
102. RegOpenKeyEx(HKEY_LOCAL_MACHINE,
103.              L"HARDWARE\\DESCRIPTION\\System",
104.              0,
105.              KEY_QUERY_VALUE,
106.              &rKey);
107.  
108. RegQueryValueEx(rKey,
109.                 L"VideoBiosVersion",
110.                 NULL,
111.                 NULL,
112.                 (BYTE*)RegKey,
113.                 &RegPath);
114.  
115. RegCloseKey(rKey);
116.  
117. if (memcmp(RegKey, RegVBox, 40) == 0)
118.     {
119.     return true;
120.     }
121. return false;
122. }
123. //----------------------------------------------------------------------
124. bool ParallelsRegDetect()
125. {
126. HKEY rKey;
127.  
128. if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
129.                 L"HARDWARE\\ACPI\\DSDT\\PRLS__\\PRLSACPI",
130.                 0,
131.                 KEY_QUERY_VALUE,
132.                 &rKey) == ERROR_SUCCESS)
133.     {
134.     RegCloseKey(rKey);
135.     return true;
136.     }
137. return false;
138. }
139. //----------------------------------------------------------------------
140. bool VirtualBoxProcessDetect()
141. {
142. wchar_t VBoxProcessName[] = {L"VBoxTray.exe"};
143. PROCESSENTRY32 pe;
144. HANDLE hSnapShot;
145. hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
146. ZeroMemory (&pe, sizeof(PROCESSENTRY32W));
147. pe.dwSize = sizeof(PROCESSENTRY32W);
148. Process32First(hSnapShot, &pe);
149. do
150. {
151. if (memcmp(pe.szExeFile, VBoxProcessName, 24) == 0)
152.     {
153.      CloseHandle(hSnapShot);
154.      return true;
155.     }  
156. }
157. while (Process32Next(hSnapShot, &pe));
158. CloseHandle(hSnapShot);
159. return false;
160. }
161. //----------------------------------------------------------------------
162. bool VirtualPCProcessDetect()
163. {
164. wchar_t VirtualPCProcessName[] = {L"vmusrvc.exe"};
165. PROCESSENTRY32 pe;
166. HANDLE hSnapShot;
167. hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
168. ZeroMemory (&pe, sizeof(PROCESSENTRY32W));
169. pe.dwSize = sizeof(PROCESSENTRY32W);
170. Process32First(hSnapShot, &pe);
171. do
172. {
173. if (memcmp(pe.szExeFile, VirtualPCProcessName, 22) == 0)
174.     {
175.      CloseHandle(hSnapShot);
176.      return true;
177.     }  
178. }
179. while (Process32Next(hSnapShot, &pe));
180. CloseHandle(hSnapShot);
181. return false;
182. }
183. //----------------------------------------------------------------------
184. bool VMwareProcessDetect()
185. {
186. wchar_t VMwareProcessName[] = {L"vmtoolsd.exe"};
187. PROCESSENTRY32 pe;
188. HANDLE hSnapShot;
189. hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
190. ZeroMemory (&pe, sizeof(PROCESSENTRY32W));
191. pe.dwSize = sizeof(PROCESSENTRY32W);
192. Process32First(hSnapShot, &pe);
193. do
194. {
195. if (memcmp(pe.szExeFile, VMwareProcessName, 24) == 0)
196.     {
197.      CloseHandle(hSnapShot);
198.      return true;
199.     }  
200. }
201. while (Process32Next(hSnapShot, &pe));
202. CloseHandle(hSnapShot);
203. return false;
204. }
205. //----------------------------------------------------------------------
206. bool VirtualBoxDevObjDetect()
207. {
208. if ((CreateFile(L"\\\\.\\VBoxMiniRdrDN",0,0,0,OPEN_EXISTING,0,0) !=
209.     INVALID_HANDLE_VALUE)||
210.     (CreateFile(L"\\\\.\\VBoxGuest",0,0,0,OPEN_EXISTING,0,0) !=
211.     INVALID_HANDLE_VALUE))
212.     {
213.     return true;
214.     }
215. else
216.     {
217.     return false;
218.     }
219. }
220. //----------------------------------------------------------------------
221. bool VirtualPCDevObjDetect()
222. {
223. if (CreateFile(L"\\\\.\\VMDRV",0,0,0,OPEN_EXISTING,0,0) !=
224.     INVALID_HANDLE_VALUE)
225.     {
226.     return true;
227.     }
228. else
229.     {
230.     return false;
231.     }
232. }
233. //----------------------------------------------------------------------
234. bool VirtualBoxCPUIDDetect()
235. {
236. DWORD ID_1, ID_2, ID_3;
237. _asm
238.     {
239.     mov eax, 0x1
240.     cpuid
241.     mov eax, 0x40000000
242.     cpuid
243.     mov ID_1, ebx
244.     mov ID_2, ecx
245.     mov ID_3, edx
246.     }
247. if ((ID_1 == 0x00000340)&&(ID_2 == 0x00000340))
248.     {
249.     return true;
250.     }
251. else
252.     {
253.     return false;
254.     }
255. }
256. //----------------------------------------------------------------------
257. bool VMwareCPUIDDetect()
258. {
259. DWORD ID_1, ID_2, ID_3;
260. _asm
261.     {
262.     mov eax, 0x1
263.     cpuid
264.     mov eax, 0x40000000
265.     cpuid
266.     mov ID_1, ebx
267.     mov ID_2, ecx
268.     mov ID_3, edx
269.     }
270. if ((ID_1 == 0x61774d56)&&(ID_2 == 0x4d566572)&&(ID_3 == 0x65726177))
271.     {
272.     return true;
273.     }
274. else
275.     {
276.     return false;
277.     }
278. }
279. //----------------------------------------------------------------------
280. bool ParallelsCPUIDDetect()
281. {
282. DWORD ID_1, ID_2, ID_3;
283. _asm
284.     {
285.     mov eax, 0x1
286.     cpuid
287.     mov eax, 0x40000000
288.     cpuid
289.     mov ID_1, ebx
290.     mov ID_2, ecx
291.     mov ID_3, edx
292.     }
293. if ((ID_1 == 0x70726c20)&&(ID_2 == 0x68797065)&&(ID_3 == 0x72762020))
294.     {
295.     return true;
296.     }
297. else
298.     {
299.     return false;
300.     }
301. }
302. //----------------------------------------------------------------------
303. bool VirtualPCMACDetect()
304. {
305. PIP_ADAPTER_INFO AdapterInfo = NULL;
306. DWORD OutBufLen;
307. GetAdaptersInfo(AdapterInfo, &OutBufLen);
308. AdapterInfo = (PIP_ADAPTER_INFO) new(char[OutBufLen]);
309. GetAdaptersInfo(AdapterInfo, &OutBufLen);
310. if (((BYTE)AdapterInfo->Address[0] == 0x00) &&
311.     ((BYTE)AdapterInfo->Address[1] == 0x03) &&
312.     ((BYTE)AdapterInfo->Address[2] == 0xff) ||
313.     ((BYTE)AdapterInfo->Address[0] == 0x00) &&
314.     ((BYTE)AdapterInfo->Address[1] == 0x12) &&
315.     ((BYTE)AdapterInfo->Address[2] == 0x5a) ||
316.     ((BYTE)AdapterInfo->Address[0] == 0x00) &&
317.     ((BYTE)AdapterInfo->Address[1] == 0x1d) &&
318.     ((BYTE)AdapterInfo->Address[2] == 0xd8) ||
319.     ((BYTE)AdapterInfo->Address[0] == 0x00) &&
320.     ((BYTE)AdapterInfo->Address[1] == 0x15) &&
321.     ((BYTE)AdapterInfo->Address[2] == 0x5d) ||
322.     ((BYTE)AdapterInfo->Address[0] == 0x00) &&
323.     ((BYTE)AdapterInfo->Address[1] == 0x22) &&
324.     ((BYTE)AdapterInfo->Address[2] == 0x48) ||
325.     ((BYTE)AdapterInfo->Address[0] == 0x00) &&
326.     ((BYTE)AdapterInfo->Address[1] == 0x0d) &&
327.     ((BYTE)AdapterInfo->Address[2] == 0x3a) ||
328.     ((BYTE)AdapterInfo->Address[0] == 0x00) &&
329.     ((BYTE)AdapterInfo->Address[1] == 0x17) &&
330.     ((BYTE)AdapterInfo->Address[2] == 0xfa) ||
331.     ((BYTE)AdapterInfo->Address[0] == 0x00) &&
332.     ((BYTE)AdapterInfo->Address[1] == 0x25) &&
333.     ((BYTE)AdapterInfo->Address[2] == 0xae) ||
334.     ((BYTE)AdapterInfo->Address[0] == 0x00) &&
335.     ((BYTE)AdapterInfo->Address[1] == 0x50) &&
336.     ((BYTE)AdapterInfo->Address[2] == 0xf2) ||
337.     ((BYTE)AdapterInfo->Address[0] == 0x28) &&
338.     ((BYTE)AdapterInfo->Address[1] == 0x18) &&
339.     ((BYTE)AdapterInfo->Address[2] == 0x78) ||
340.     ((BYTE)AdapterInfo->Address[0] == 0x60) &&
341.     ((BYTE)AdapterInfo->Address[1] == 0x45) &&
342.     ((BYTE)AdapterInfo->Address[2] == 0xbd) ||
343.     ((BYTE)AdapterInfo->Address[0] == 0x7c) &&
344.     ((BYTE)AdapterInfo->Address[1] == 0x1e) &&
345.     ((BYTE)AdapterInfo->Address[2] == 0x52) ||
346.     ((BYTE)AdapterInfo->Address[0] == 0x7c) &&
347.     ((BYTE)AdapterInfo->Address[1] == 0xed) &&
348.     ((BYTE)AdapterInfo->Address[2] == 0x8d) ||
349.     ((BYTE)AdapterInfo->Address[0] == 0xdc) &&
350.     ((BYTE)AdapterInfo->Address[1] == 0xb4) &&
351.     ((BYTE)AdapterInfo->Address[2] == 0xc4))
352.     {
353.     delete(AdapterInfo);
354.     return true;
355.     }
356. else
357.     {
358.     delete(AdapterInfo);
359.     return false;
360.     }      
361. }
362. //----------------------------------------------------------------------
363. bool VirtualBoxMACDetect()
364. {
365. PIP_ADAPTER_INFO AdapterInfo = NULL;
366. DWORD OutBufLen;
367. GetAdaptersInfo(AdapterInfo, &OutBufLen);
368. AdapterInfo = (PIP_ADAPTER_INFO) new(char[OutBufLen]);
369. GetAdaptersInfo(AdapterInfo, &OutBufLen);
370. if (((BYTE)AdapterInfo->Address[0] == 0x08) &&
371.     ((BYTE)AdapterInfo->Address[1] == 0x00) &&
372.     ((BYTE)AdapterInfo->Address[2] == 0x27) ||
373.     ((BYTE)AdapterInfo->Address[0] == 0x08) &&
374.     ((BYTE)AdapterInfo->Address[1] == 0x00) &&
375.     ((BYTE)AdapterInfo->Address[2] == 0x20))
376.     {
377.     delete(AdapterInfo);
378.     return true;
379.     }
380. else
381.     {
382.     delete(AdapterInfo);
383.     return false;
384.     }      
385. }
386. //----------------------------------------------------------------------
387.  
388. bool VMwareMACDetect()
389. {
390. PIP_ADAPTER_INFO AdapterInfo = NULL;
391. DWORD OutBufLen;
392. GetAdaptersInfo(AdapterInfo, &OutBufLen);
393. AdapterInfo = (PIP_ADAPTER_INFO) new(char[OutBufLen]);
394. GetAdaptersInfo(AdapterInfo, &OutBufLen);
395. if (((BYTE)AdapterInfo->Address[0] == 0x00) &&
396.     ((BYTE)AdapterInfo->Address[1] == 0x05) &&
397.     ((BYTE)AdapterInfo->Address[2] == 0x69) ||
398.     ((BYTE)AdapterInfo->Address[0] == 0x00) &&
399.     ((BYTE)AdapterInfo->Address[1] == 0x0c) &&
400.     ((BYTE)AdapterInfo->Address[2] == 0x29) ||
401.     ((BYTE)AdapterInfo->Address[0] == 0x00) &&
402.     ((BYTE)AdapterInfo->Address[1] == 0x1c) &&
403.     ((BYTE)AdapterInfo->Address[2] == 0x14) ||
404.     ((BYTE)AdapterInfo->Address[0] == 0x00) &&
405.     ((BYTE)AdapterInfo->Address[1] == 0x50) &&
406.     ((BYTE)AdapterInfo->Address[2] == 0x56))
407.     {
408.     delete(AdapterInfo);
409.     return true;
410.     }
411. else
412.     {
413.     delete(AdapterInfo);
414.     return false;
415.     }      
416. }
417. //----------------------------------------------------------------------
418. bool ParallelsMACDetect()
419. {
420. PIP_ADAPTER_INFO AdapterInfo = NULL;
421. DWORD OutBufLen;
422. GetAdaptersInfo(AdapterInfo, &OutBufLen);
423. AdapterInfo = (PIP_ADAPTER_INFO) new(char[OutBufLen]);
424. GetAdaptersInfo(AdapterInfo, &OutBufLen);
425. if (((BYTE)AdapterInfo->Address[0] == 0x00) &&
426.     ((BYTE)AdapterInfo->Address[1] == 0x1c) &&
427.     ((BYTE)AdapterInfo->Address[2] == 0x42))
428.     {
429.     delete(AdapterInfo);
430.     return true;
431.     }
432. else
433.     {
434.     delete(AdapterInfo);
435.     return false;
436.     }      
437. }
438. //----------------------------------------------------------------------
439. bool VirtualMachineIDDiskDetect(char* IDDisk)
440. {
441. HKEY rKey;
442. char RegKey[4096];
443. DWORD RegPath = sizeof(RegKey);
444. DWORD Type = REG_SZ;
445.  
446. RegOpenKeyExA(HKEY_LOCAL_MACHINE,
447.              "SYSTEM\\CurrentControlSet\\Services\\Disk\\Enum",
448.              0,
449.              KEY_QUERY_VALUE,
450.              &rKey);
451.  
452. RegQueryValueExA(rKey,
453.                 "0",
454.                 NULL,
455.                 &Type,
456.                 (LPBYTE)RegKey,
457.                 &RegPath);
458.  
459. RegCloseKey(rKey);
460.  
461. if (strstr(RegKey, IDDisk) != 0)
462.     {
463.     return true;
464.     }
465. return false;
466. }
467. //----------------------------------------------------------------------
468. bool ParallelsVideoCardDetect()
469. {
470. HKEY rKey;
471.  
472. if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
473.                 L"SYSTEM\\CurrentControlSet\\Enum\\PCI\\VEN_1AB8&DEV_4005&SUBSYS_04001AB8&REV_00",
474.                 0,
475.                 KEY_QUERY_VALUE,
476.                 &rKey) == ERROR_SUCCESS)
477.     {
478.     RegCloseKey(rKey);
479.     return true;
480.     }
481. return false;
482. }
483. //----------------------------------------------------------------------
484. bool VirtualBoxVideoCardDetect()
485. {
486. HKEY rKey;
487.  
488. if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
489.                 L"SYSTEM\\CurrentControlSet\\Enum\\PCI\\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00",
490.                 0,
491.                 KEY_QUERY_VALUE,
492.                 &rKey) == ERROR_SUCCESS)
493.     {
494.     RegCloseKey(rKey);
495.     return true;
496.     }
497. return false;
498. }
499. //----------------------------------------------------------------------
500. bool VirtualPCVideoCardDetect()
501. {
502. HKEY rKey;
503.  
504. if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
505.                 L"SYSTEM\\CurrentControlSet\\Enum\\PCI\\VEN_5333&DEV_8811&SUBSYS_00000000&REV_00",
506.                 0,
507.                 KEY_QUERY_VALUE,
508.                 &rKey) == ERROR_SUCCESS)
509.     {
510.     RegCloseKey(rKey);
511.     return true;
512.     }
513. return false;
514. }
515. //----------------------------------------------------------------------