waliedassar

VirtualBox VS. Hardware Breakpoints

Oct 21st, 2012
256
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com (@waleedassar)
  2. // Code to test whether VirtualBox (With VTX/AMD-V turned off) supports hardware breakpoints
  3. #include "stdafx.h"
  4. #include <stdio.h>
  5. #include <windows.h>
  6.  
  7. #define CONTEXT_ALL 0x1003F;
  8.  
  9. unsigned char probe=0x100;
  10.  
  11. int __cdecl Handler(EXCEPTION_RECORD* pRec,void* est,unsigned char* pContext,void* disp)
  12. {
  13.     if(pRec->ExceptionCode==0xC0000005)
  14.     {
  15.         *(unsigned long*)pContext=CONTEXT_ALL;
  16.         //Set debug registers here
  17.         *(unsigned long*)(pContext+0x4)=(unsigned long)(&probe);
  18.         *(unsigned long*)(pContext+0x18)=0x032101;
  19.         (*(unsigned long*)(pContext+0xB8))+=0x6;
  20.         return ExceptionContinueExecution;
  21.     }
  22.     if(pRec->ExceptionCode==EXCEPTION_SINGLE_STEP)
  23.     {
  24.         MessageBox(0,"Expected behavior","waliedassar",0);
  25.         ExitProcess(0);
  26.     }
  27.     return ExceptionContinueSearch;
  28. }
  29.  
  30. int main()
  31. {
  32.     __asm
  33.     {
  34.         push offset Handler
  35.         push dword ptr fs:[0x0]
  36.         mov dword ptr fs:[0x0],esp
  37.         xor eax,eax
  38.         mov dword ptr[eax],0x1  ;;triggers an AV
  39.         nop
  40.         nop
  41.         nop
  42.         nop
  43.         nop
  44.     }
  45.     unsigned char x=probe;
  46.     MessageBox(0,"VirtualBox(Intel-VTX/AMD-V Turned off) detected","waliedassar",0);
  47.     return 0;
  48. }
RAW Paste Data