waliedassar

VirtualBox VS. Hardware Breakpoints

Oct 21st, 2012
245
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com (@waleedassar)
  2. // Code to test whether VirtualBox (With VTX/AMD-V turned off) supports hardware breakpoints
  3. #include "stdafx.h"
  4. #include <stdio.h>
  5. #include <windows.h>
  6.  
  7. #define CONTEXT_ALL 0x1003F;
  8.  
  9. unsigned char probe=0x100;
  10.  
  11. int __cdecl Handler(EXCEPTION_RECORD* pRec,void* est,unsigned char* pContext,void* disp)
  12. {
  13.     if(pRec->ExceptionCode==0xC0000005)
  14.     {
  15.         *(unsigned long*)pContext=CONTEXT_ALL;
  16.         //Set debug registers here
  17.         *(unsigned long*)(pContext+0x4)=(unsigned long)(&probe);
  18.         *(unsigned long*)(pContext+0x18)=0x032101;
  19.         (*(unsigned long*)(pContext+0xB8))+=0x6;
  20.         return ExceptionContinueExecution;
  21.     }
  22.     if(pRec->ExceptionCode==EXCEPTION_SINGLE_STEP)
  23.     {
  24.         MessageBox(0,"Expected behavior","waliedassar",0);
  25.         ExitProcess(0);
  26.     }
  27.     return ExceptionContinueSearch;
  28. }
  29.  
  30. int main()
  31. {
  32.     __asm
  33.     {
  34.         push offset Handler
  35.         push dword ptr fs:[0x0]
  36.         mov dword ptr fs:[0x0],esp
  37.         xor eax,eax
  38.         mov dword ptr[eax],0x1  ;;triggers an AV
  39.         nop
  40.         nop
  41.         nop
  42.         nop
  43.         nop
  44.     }
  45.     unsigned char x=probe;
  46.     MessageBox(0,"VirtualBox(Intel-VTX/AMD-V Turned off) detected","waliedassar",0);
  47.     return 0;
  48. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×