//******************************************************************************
// Unit : ANTIS
// Autor : Fakedo0r .:[PD-TEAM]:.
// Fecha : 04.04.2012
// Modificacion: 12.08.2012
// Creditos : Cobein
// Descripcion : Detecta [VirtualPC / VMWare / VirtualBox / Anubis]
// Detecta [Sandboxie / ThreatExpert / CWSandbox / JoeBox]
// Uso : Anti_End;
//******************************************************************************
Unit UNT_ANTIS;
//******************************************************************************
// DECLARACION DE CLASES
//******************************************************************************
Interface
Uses
Windows, ShlObj, Messages, SysUtils;
//******************************************************************************
// DECLARACION DE FUNCIONES / PROCEDIMIENTOS
//******************************************************************************
Function IsVirtualPCPresent: Bool;
Function IsInSandbox: Bool;
Function Anti_End: Bool;
//******************************************************************************
// FUNCIONES / PROCEDIMIENTOS
//******************************************************************************
Implementation
//******************************************************************************
//<--- [VirtualPC / VMWare / VirtualBox / Anubis] --->
//******************************************************************************
Function IsVirtualPCPresent: Bool;
Const
sArrVM: Array [0 .. 3] Of String = (\'VIRTUAL\', \'VMWARE\', \'VBOX\', \'QEMU\');
Var
hlKey: HKEY;
sBuffer: String;
sPathName: String;
I: Integer;
iRegType: Integer;
iDataSize: Integer;
Begin
IsVirtualPCPresent := False;
iRegType := 1;
sPathName := \'SYSTEM\\ControlSet001\\Services\\Disk\\Enum\';
If RegOpenKeyEx($80000002, PChar(sPathName), 0, $20019, hlKey) = 0 Then
If RegQueryValueEx(hlKey, \'0\', 0, @iRegType, Nil, @iDataSize) = 0 Then
Begin
SetLength(sBuffer, iDataSize);
RegQueryValueEx(hlKey, \'0\', 0, @iRegType,
PByte(PChar(sBuffer)), @iDataSize);
For I := 0 To 3 Do
If AnsiPos(UpperCase(sArrVM[I]), UpperCase(Trim(sBuffer))) > 0 Then
IsVirtualPCPresent := True;
End;
RegCloseKey(hlKey);
End;
//******************************************************************************
//<--- SANDBOX [Sandboxie / ThreatExpert / CWSandbox / JoeBox] --->
//******************************************************************************
Function IsInSandbox: Bool;
Const
sArrSB: Array [0 .. 1] Of String = (\'76487-644-3177037-23510\',
\'55274-640-2673064-23950\');
sArrDll: Array [0 .. 1] Of String = (\'sbiedll.dll\', \'dbghelp.dll\');
Var
hlKey: HKEY;
sBuffer: String;
sPathName: String;
I: Integer;
hDll: Integer;
iRegType: Integer;
iDataSize: Integer;
hSnapShot: Integer;
Begin
IsInSandbox := False;
iRegType := 1;
sPathName := \'Software\\Microsoft\\Windows\\CurrentVersion\':
hDll := LoadLibrary(Pchar(sArrDll[0]));
If hDll <> 0 Then
IsInSandbox := True;
FreeLibrary(hDll);
hDll := LoadLibrary(Pchar(sArrDll[1]));
If hDll <> 0 Then
IsInSandbox := True;
FreeLibrary(hDll);
If RegOpenKeyEx($80000002, PChar(sPathName), 0, $20019, hlKey) = 0 Then
If RegQueryValueEx(hlKey, \'ProductId\', 0, @iRegType, Nil,
@iDataSize) = 0 Then
Begin
SetLength(sBuffer, iDataSize);
RegQueryValueEx(hlKey, \'ProductId\', 0, @iRegType,
PByte(PChar(sBuffer)), @iDataSize);
For i := 0 To 2 Do
If AnsiPos(sArrSB[i], Trim(sBuffer)) > 0 Then
IsInSandbox := True;
End;
RegCloseKey(hlKey);
End;
//******************************************************************************
//<--- LLAMADA MAIN --->
//******************************************************************************
Function Anti_End: Bool;
Begin
Anti_End := False;
If IsVirtualPCPresent = True Or IsInSandbox = True Then
ExitProcess(0);
End;
End.