waliedassar

Detect VirtualBox (Cadmus Mac Address TRICK)

Oct 7th, 2012
2,374
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com (@waleedassar)
  2. //VirtualBox Adapters (Host and Guests) always have their MAC addresses in the form of 08-00-27-??-??-??. This range was originally assigned to Cadmus Computer Systems.
  3. //This might show false positive results, but has not been witnessed so far.
  4. #include "stdafx.h"
  5. #include "winsock2.h"
  6. #include "iphlpapi.h"
  7. #include "ws2tcpip.h"
  8. #include "windows.h"
  9. #include "stdio.h"
  10.  
  11.  
  12. int main(int argc, char* argv[])
  13. {
  14.     WSADATA WSD;
  15.     if(!WSAStartup(MAKEWORD(2,2),&WSD))
  16.     {
  17.         unsigned long tot_size=0;
  18.         int ret=GetAdaptersAddresses(AF_UNSPEC,GAA_FLAG_INCLUDE_PREFIX,0,0,&tot_size);
  19.         if(ret==ERROR_BUFFER_OVERFLOW)
  20.         {
  21.             IP_ADAPTER_ADDRESSES* px=(IP_ADAPTER_ADDRESSES*)LocalAlloc(LMEM_ZEROINIT,tot_size);
  22.             if(px)
  23.             {
  24.                 ret=GetAdaptersAddresses(AF_UNSPEC,GAA_FLAG_INCLUDE_PREFIX,0,px,&tot_size);
  25.                 IP_ADAPTER_ADDRESSES* pxx=px;
  26.                 //Traverse a singly-linked list
  27.                 for(pxx;pxx;pxx=pxx->Next)
  28.                 {
  29.                     if(pxx->PhysicalAddressLength==0x6)
  30.                     {
  31.                         if(wcsicmp(pxx->FriendlyName,L"VirtualBox Host-Only Network"))  //We don't want to detect the HOST OS
  32.                         {
  33.                             char xx[0x6]={0};
  34.                             memcpy(xx,pxx->PhysicalAddress,0x6);
  35.                             if(xx[0]==0x08&& xx[1]==0x00 && xx[2]==0x27) //Cadmus Computer Systems Mac address
  36.                             {
  37.                                 MessageBox(0,L"VirtualBox detected",L"waliedassar",0);
  38.                             }
  39.                         }
  40.                     }
  41.                 }
  42.                 LocalFree(px);
  43.             }
  44.         }
  45.         WSACleanup();
  46.     }
  47.     ExitProcess(0);
  48.     return 0;
  49. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×