waliedassar

Detect VirtualBox (Bios Brand & Bios Version Trick)

Oct 5th, 2012
1,603
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com (@waleedassar)
  2. //Reading "SMBiosData" to extract Bios Brand and Bios Version strings from registry.
  3. //If the Bios Brand string is "innotek GmbH" or Bios Version is "VirtualBox", then it is a sign that we are running in VirtualBox.
  4. //You can also use WMI to extract the same info.
  5. #include "stdafx.h"
  6. #include "windows.h"
  7. #include "stdio.h"
  8.  
  9.  
  10. void AllToUpper(char* str,unsigned long len)
  11. {
  12.     for(unsigned long c=0;c<len;c++)
  13.     {
  14.         if(str[c]>='a' && str[c]<='z')
  15.         {
  16.             str[c]-=32;
  17.         }
  18.     }
  19. }
  20.  
  21. unsigned char* ScanDataForString(unsigned char* data,unsigned long data_length,unsigned char* string2)
  22. {
  23.     unsigned long string_length=strlen((char*)string2);
  24.     for(unsigned long i=0;i<=(data_length-string_length);i++)
  25.     {
  26.         if(strncmp((char*)(&data[i]),(char*)string2,string_length)==0) return &data[i];
  27.     }
  28.     return 0;
  29. }
  30.  
  31. int main(int argc, char* argv[])
  32. {
  33.     HKEY hk=0;
  34.     int ret=RegOpenKeyEx(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Services\\mssmbios\\data",0,KEY_ALL_ACCESS,&hk);
  35.     if(ret==ERROR_SUCCESS)
  36.     {
  37.         unsigned long type=0;
  38.         unsigned long length=0;
  39.         ret=RegQueryValueEx(hk,"SMBiosData",0,&type,0,&length);
  40.         if(ret==ERROR_SUCCESS)
  41.         {
  42.             if(length)
  43.             {
  44.                 char* p=(char*)LocalAlloc(LMEM_ZEROINIT,length);
  45.                 if(p)
  46.                 {
  47.                     ret=RegQueryValueEx(hk,"SMBiosData",0,&type,(unsigned char*)p,&length);
  48.                     if(ret==ERROR_SUCCESS)
  49.                     {
  50.                           AllToUpper(p,length);
  51.                           unsigned char* x1=ScanDataForString((unsigned char*)p,length,(unsigned char*)"INNOTEK GMBH");
  52.                           unsigned char* x2=ScanDataForString((unsigned char*)p,length,(unsigned char*)"VIRTUALBOX");
  53.                           unsigned char* x3=ScanDataForString((unsigned char*)p,length,(unsigned char*)"SUN MICROSYSTEMS");
  54.                           unsigned char* x4=ScanDataForString((unsigned char*)p,length,(unsigned char*)"VIRTUAL MACHINE");
  55.                           unsigned char* x5=ScanDataForString((unsigned char*)p,length,(unsigned char*)"VBOXVER");
  56.                           if(x1 || x2 || x3 || x4 || x5)
  57.                           {
  58.                               printf("VirtualBox detected\r\n");
  59.                               printf("Some Strings found:\r\n");
  60.                               if(x1) printf("%s\r\n",x1);
  61.                               if(x2) printf("%s\r\n",x2);
  62.                               if(x3) printf("%s\r\n",x3);
  63.                               if(x4) printf("%s\r\n",x4);
  64.                               if(x5) printf("%s\r\n",x5);
  65.                           }
  66.                     }
  67.                     LocalFree(p);
  68.                 }
  69.             }
  70.         }
  71.         RegCloseKey(hk);
  72.     }
  73.     return 0;
  74. }
RAW Paste Data