Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Imports System.Runtime.InteropServices
- Imports System.Security.AccessControl
- Imports Microsoft.Win32
- ''' <summary>
- ''' gigajew@hf
- ''' </summary>
- Public Module AntiTesting
- <DllImport("kernel32.dll", BestFitMapping:=True, CallingConvention:=CallingConvention.Winapi, CharSet:=CharSet.Ansi, SetLastError:=True)>
- Public Function GetModuleHandle(<MarshalAs(UnmanagedType.LPStr)> ByVal moduleName As String) As IntPtr
- End Function
- <DllImport("kernel32.dll", BestFitMapping:=True, CallingConvention:=CallingConvention.Winapi, CharSet:=CharSet.Ansi, SetLastError:=True)>
- Public Function LoadLibrary(<MarshalAs(UnmanagedType.LPStr)> ByVal moduleName As String) As IntPtr
- End Function
- ''' <summary>
- ''' Application entrypoint
- ''' </summary>
- ''' <returns></returns>
- Public Function Main() As Integer
- If (Debugger.IsAttached) Then
- Return -1
- End If
- If (IsVirtualized()) Then
- Return -2
- End If
- Return 0
- End Function
- ''' <summary>
- ''' Detects whether the process is being virtualized
- ''' </summary>
- Public Function IsVirtualized() As Boolean
- Try
- Using hklm As RegistryKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Default)
- Using vbox As RegistryKey = hklm.OpenSubKey("HARDWARE\ACPI\DSDT\VBOX__", RegistryKeyPermissionCheck.ReadSubTree, RegistryRights.ReadKey)
- vbox.Close()
- End Using
- hklm.Close()
- End Using
- Return True
- Catch
- End Try
- If (LoadLibrary("VBoxHook.dll") <> IntPtr.Zero) Then
- Return True
- End If
- If (LoadLibrary("dbghlp.dll") <> IntPtr.Zero) Then
- Return True
- End If
- If (GetModuleHandle("SbieDll.dll") <> IntPtr.Zero) Then
- Return True
- End If
- Return False
- End Function
- End Module
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement