waliedassar

Detect VirtualBox (Bios Brand & Bios Version) - WMI Code

Oct 5th, 2012
1,061
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com (@waleedassar)
  2. //Reading "SMBiosData" to extract Bios Brand and Bios Version strings via WMI COM access. If the Bios Brand string is //"innotek GmbH" or Bios Version is "VirtualBox", then it is a sign that we are running in VirtualBox.
  3.  
  4. #include "stdafx.h"
  5. #include <comdef.h>
  6. #include <Wbemidl.h>
  7. #include "stdio.h"
  8.  
  9. #pragma comment(lib, "wbemuuid.lib")
  10.  
  11.  
  12. void AllToUpper(unsigned char* str,unsigned long len)
  13. {
  14.     for(unsigned long c=0;c<len;c++)
  15.     {
  16.         if(str[c]>='a' && str[c]<='z')
  17.         {
  18.             str[c]-=32;
  19.         }
  20.     }
  21. }
  22.  
  23. unsigned char* ScanDataForString(unsigned char* data,unsigned long data_length,unsigned char* string2)
  24. {
  25.     unsigned long string_length=(unsigned long)strlen((char*)string2);
  26.     for(unsigned long i=0;i<=(data_length-string_length);i++)
  27.     {
  28.         if(strncmp((char*)(&data[i]),(char*)string2,string_length)==0) return &data[i];
  29.     }
  30.     return 0;
  31. }
  32. int main(int argc, _TCHAR* argv[])
  33. {
  34.     BSTR rootwmi=SysAllocString(L"root\\wmi");
  35.     BSTR tables=SysAllocString(L"MSSmBios_RawSMBiosTables");
  36.     BSTR biosdata=SysAllocString(L"SMBiosData");
  37.  
  38.     HRESULT hr=CoInitializeEx(0, COINIT_MULTITHREADED);
  39.     if(!SUCCEEDED(hr)) return 0;
  40.     IWbemLocator* pLoc=0;
  41.     hr=CoCreateInstance(CLSID_WbemLocator,0,CLSCTX_INPROC_SERVER,IID_IWbemLocator,(void**)&pLoc);
  42.     if(!SUCCEEDED(hr))
  43.     {
  44.         CoUninitialize();
  45.         return 0;
  46.     }
  47.     IWbemServices* pSvc=0;
  48.     hr=pLoc->ConnectServer(rootwmi,0 ,0 ,0 ,0,0,0,&pSvc);
  49.     if(!SUCCEEDED(hr))
  50.     {
  51.         pLoc->Release();    
  52.         CoUninitialize();
  53.         return 0;
  54.     }
  55.     hr=CoSetProxyBlanket(pSvc,RPC_C_AUTHN_WINNT,RPC_C_AUTHZ_NONE,0,RPC_C_AUTHN_LEVEL_CALL,RPC_C_IMP_LEVEL_IMPERSONATE,0,EOAC_NONE);
  56.     if(!SUCCEEDED(hr))
  57.     {
  58.         pSvc->Release();
  59.         pLoc->Release();    
  60.         CoUninitialize();
  61.         return 0;
  62.     }
  63.  
  64.     IEnumWbemClassObject* pEnum=0;
  65.     hr=pSvc->CreateInstanceEnum(tables,0,0, &pEnum);
  66.     if(!SUCCEEDED(hr))
  67.     {
  68.         pSvc->Release();
  69.         pLoc->Release();    
  70.         CoUninitialize();
  71.         return 0;
  72.     }
  73.  
  74.     IWbemClassObject* pInstance=0;
  75.     unsigned long Count=0;
  76.     hr=pEnum->Next(WBEM_INFINITE,1,&pInstance,&Count);
  77.     if(SUCCEEDED(hr))
  78.     {      
  79.          VARIANT BiosData;
  80.          VariantInit(&BiosData);
  81.          CIMTYPE type;
  82.          hr=pInstance->Get(biosdata,0,&BiosData,&type,NULL);
  83.          if(SUCCEEDED(hr))
  84.          {
  85.                      SAFEARRAY* p_array = NULL;
  86.                      p_array = V_ARRAY(&BiosData);
  87.                      unsigned char* p_data=(unsigned char *)p_array->pvData;
  88.                      unsigned long length=p_array->rgsabound[0].cElements;
  89.                      AllToUpper(p_data,length);
  90.                      unsigned char* x1=ScanDataForString((unsigned char*)p_data,length,(unsigned char*)"INNOTEK GMBH");
  91.                      unsigned char* x2=ScanDataForString((unsigned char*)p_data,length,(unsigned char*)"VIRTUALBOX");
  92.                      unsigned char* x3=ScanDataForString((unsigned char*)p_data,length,(unsigned char*)"SUN MICROSYSTEMS");
  93.                      unsigned char* x4=ScanDataForString((unsigned char*)p_data,length,(unsigned char*)"VIRTUAL MACHINE");
  94.                      unsigned char* x5=ScanDataForString((unsigned char*)p_data,length,(unsigned char*)"VBOXVER");
  95.                      if(x1 || x2 || x3 || x4 || x5)
  96.                      {
  97.                               printf("VirtualBox detected\r\n");
  98.                               printf("Some Strings found:\r\n");
  99.                               if(x1) printf("%s\r\n",x1);
  100.                               if(x2) printf("%s\r\n",x2);
  101.                               if(x3) printf("%s\r\n",x3);
  102.                               if(x4) printf("%s\r\n",x4);
  103.                               if(x5) printf("%s\r\n",x5);
  104.                     }
  105.          }
  106.          VariantClear(&BiosData);
  107.          pInstance->Release();
  108.     }
  109.     pSvc->Release();
  110.     pLoc->Release();    
  111.     CoUninitialize();
  112.     ExitProcess(0);
  113.     return 0;
  114. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×