API tools faq
paste
Advertisement
waliedassar

Detect XP In VirtualPC 2007 (Resume Flag Trick)

waliedassar
Oct 21st, 2012
2,005
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 2.02 KB | None | 0 0
raw download clone embed print report
  1. //http://waleedassar.blogspot.com
  2. //http://www.twitter.com/waleedassar
  3. //Use this code to detect if Windows XP is running inside Virtual PC 2007
  4. #include "stdafx.h"
  5. #include "windows.h"
  6. #include "stdio.h"
  7.  
  8. #define CONTEXT_ALL 0x1003F
  9.  
  10. int dummy(int);
  11. unsigned long gf=0;
  12. int __cdecl Handler(EXCEPTION_RECORD* pRec,void* est,unsigned char* pContext,void* disp)
  13. {
  14.     if(pRec->ExceptionCode==0xC0000096)  //Privileged instruction
  15.     {
  16.         //---------------------Installing the trick--------------------------------------
  17.         *(unsigned long*)(pContext)=CONTEXT_ALL;/*CONTEXT_DEBUG_REGISTERS|CONTEXT_FULL*/
  18.         *(unsigned long*)(pContext+0x4)=(unsigned long)(&dummy);
  19.         *(unsigned long*)(pContext+0x8)=(unsigned long)(&dummy);
  20.         *(unsigned long*)(pContext+0xC)=(unsigned long)(&dummy);
  21.         *(unsigned long*)(pContext+0x10)=(unsigned long)(&dummy);
  22.         *(unsigned long*)(pContext+0x14)=0;
  23.         *(unsigned long*)(pContext+0x18)=0x155; //Enable the four DRx On-Execute
  24.         //---------------------------------------------------------------------------------
  25.         (*(unsigned long*)(pContext+0xB8))++;
  26.         return ExceptionContinueExecution;
  27.     }
  28.     else if(pRec->ExceptionCode==EXCEPTION_SINGLE_STEP)
  29.     {
  30.         if(gf==1)
  31.         {
  32.                MessageBox(0,"Expected behavior (XP)","waliedassar",0);
  33.                ExitProcess(0);
  34.         }
  35.         gf++;
  36.         (*(unsigned long*)(pContext+0xC0))|=0x00010000; //Set the RF (Resume Flag)
  37.         return ExceptionContinueExecution;
  38.     }
  39.     return ExceptionContinueSearch;
  40. }
  41.  
  42. int dummy(int x)
  43. {
  44.     x+=0x100;
  45.     return x;
  46. }
  47.  
  48. int main(int shitArg)
  49. {
  50.     unsigned long ver_=GetVersion();
  51.     unsigned long major=ver_&0xFF;
  52.     unsigned long minor=(ver_>>0x8)&0xFF;
  53.     if(major==0x05 & minor==0x01) //Windows XP
  54.     {
  55.         unsigned long x=0;
  56.         __asm
  57.         {
  58.            push offset Handler
  59.            push dword ptr fs:[0x0]
  60.            mov dword ptr fs:[0x0],esp
  61.            STI; Triggers an exception(privileged instruction)
  62.         }
  63.         dummy(0xFF);
  64.         __asm
  65.         {
  66.             pop dword ptr fs:[0x0]
  67.             pop ebx
  68.         }
  69.         MessageBox(0,"Virtual PC 2007 detected (XP)","waliedassar",0);
  70.     }
  71.     return 0;
  72. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!