waliedassar

Detect VirtualBox (Bios Brand & Bios Version) - WMI Code

Oct 5th, 2012
924
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com (@waleedassar)
  2. //Reading "SMBiosData" to extract Bios Brand and Bios Version strings via WMI COM access. If the Bios Brand string is //"innotek GmbH" or Bios Version is "VirtualBox", then it is a sign that we are running in VirtualBox.
  3.  
  4. #include "stdafx.h"
  5. #include <comdef.h>
  6. #include <Wbemidl.h>
  7. #include "stdio.h"
  8.  
  9. #pragma comment(lib, "wbemuuid.lib")
  10.  
  11.  
  12. void AllToUpper(unsigned char* str,unsigned long len)
  13. {
  14.     for(unsigned long c=0;c<len;c++)
  15.     {
  16.         if(str[c]>='a' && str[c]<='z')
  17.         {
  18.             str[c]-=32;
  19.         }
  20.     }
  21. }
  22.  
  23. unsigned char* ScanDataForString(unsigned char* data,unsigned long data_length,unsigned char* string2)
  24. {
  25.     unsigned long string_length=(unsigned long)strlen((char*)string2);
  26.     for(unsigned long i=0;i<=(data_length-string_length);i++)
  27.     {
  28.         if(strncmp((char*)(&data[i]),(char*)string2,string_length)==0) return &data[i];
  29.     }
  30.     return 0;
  31. }
  32. int main(int argc, _TCHAR* argv[])
  33. {
  34.     BSTR rootwmi=SysAllocString(L"root\\wmi");
  35.     BSTR tables=SysAllocString(L"MSSmBios_RawSMBiosTables");
  36.     BSTR biosdata=SysAllocString(L"SMBiosData");
  37.  
  38.     HRESULT hr=CoInitializeEx(0, COINIT_MULTITHREADED);
  39.     if(!SUCCEEDED(hr)) return 0;
  40.     IWbemLocator* pLoc=0;
  41.     hr=CoCreateInstance(CLSID_WbemLocator,0,CLSCTX_INPROC_SERVER,IID_IWbemLocator,(void**)&pLoc);
  42.     if(!SUCCEEDED(hr))
  43.     {
  44.         CoUninitialize();
  45.         return 0;
  46.     }
  47.     IWbemServices* pSvc=0;
  48.     hr=pLoc->ConnectServer(rootwmi,0 ,0 ,0 ,0,0,0,&pSvc);
  49.     if(!SUCCEEDED(hr))
  50.     {
  51.         pLoc->Release();    
  52.         CoUninitialize();
  53.         return 0;
  54.     }
  55.     hr=CoSetProxyBlanket(pSvc,RPC_C_AUTHN_WINNT,RPC_C_AUTHZ_NONE,0,RPC_C_AUTHN_LEVEL_CALL,RPC_C_IMP_LEVEL_IMPERSONATE,0,EOAC_NONE);
  56.     if(!SUCCEEDED(hr))
  57.     {
  58.         pSvc->Release();
  59.         pLoc->Release();    
  60.         CoUninitialize();
  61.         return 0;
  62.     }
  63.  
  64.     IEnumWbemClassObject* pEnum=0;
  65.     hr=pSvc->CreateInstanceEnum(tables,0,0, &pEnum);
  66.     if(!SUCCEEDED(hr))
  67.     {
  68.         pSvc->Release();
  69.         pLoc->Release();    
  70.         CoUninitialize();
  71.         return 0;
  72.     }
  73.  
  74.     IWbemClassObject* pInstance=0;
  75.     unsigned long Count=0;
  76.     hr=pEnum->Next(WBEM_INFINITE,1,&pInstance,&Count);
  77.     if(SUCCEEDED(hr))
  78.     {      
  79.          VARIANT BiosData;
  80.          VariantInit(&BiosData);
  81.          CIMTYPE type;
  82.          hr=pInstance->Get(biosdata,0,&BiosData,&type,NULL);
  83.          if(SUCCEEDED(hr))
  84.          {
  85.                      SAFEARRAY* p_array = NULL;
  86.                      p_array = V_ARRAY(&BiosData);
  87.                      unsigned char* p_data=(unsigned char *)p_array->pvData;
  88.                      unsigned long length=p_array->rgsabound[0].cElements;
  89.                      AllToUpper(p_data,length);
  90.                      unsigned char* x1=ScanDataForString((unsigned char*)p_data,length,(unsigned char*)"INNOTEK GMBH");
  91.                      unsigned char* x2=ScanDataForString((unsigned char*)p_data,length,(unsigned char*)"VIRTUALBOX");
  92.                      unsigned char* x3=ScanDataForString((unsigned char*)p_data,length,(unsigned char*)"SUN MICROSYSTEMS");
  93.                      unsigned char* x4=ScanDataForString((unsigned char*)p_data,length,(unsigned char*)"VIRTUAL MACHINE");
  94.                      unsigned char* x5=ScanDataForString((unsigned char*)p_data,length,(unsigned char*)"VBOXVER");
  95.                      if(x1 || x2 || x3 || x4 || x5)
  96.                      {
  97.                               printf("VirtualBox detected\r\n");
  98.                               printf("Some Strings found:\r\n");
  99.                               if(x1) printf("%s\r\n",x1);
  100.                               if(x2) printf("%s\r\n",x2);
  101.                               if(x3) printf("%s\r\n",x3);
  102.                               if(x4) printf("%s\r\n",x4);
  103.                               if(x5) printf("%s\r\n",x5);
  104.                     }
  105.          }
  106.          VariantClear(&BiosData);
  107.          pInstance->Release();
  108.     }
  109.     pSvc->Release();
  110.     pLoc->Release();    
  111.     CoUninitialize();
  112.     ExitProcess(0);
  113.     return 0;
  114. }
RAW Paste Data