waliedassar

Detect VirtualPC (The "x0Fx3F" TRICK)

Oct 8th, 2012
1,091
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com (@waleedassar)
  2. //If running inside VirtualPC, the Illegal Instruction exception will be swallowed and no exception is raised.
  3. // In this code "\x0f\x3F\x07\x0B" is used, other "\x0F\x3F\xXX\xXX" are also working.
  4. //For more: http://pastebin.com/VDDRcmdL
  5. #include "stdafx.h"
  6. #include "windows.h"
  7. #include "stdio.h"
  8.  
  9. bool x=false;
  10.  
  11. int __cdecl Handler(EXCEPTION_RECORD* pRec,void* est,unsigned char* pContext,void* disp)
  12. {
  13.       x=true;
  14.       (*(unsigned long*)(pContext+0xB8))+=4;
  15.       return ExceptionContinueExecution;
  16. }
  17.  
  18. int main(int argc, char* argv[])
  19. {
  20.     __asm
  21.     {
  22.         push offset Handler
  23.         push dword ptr fs:[0x0]
  24.         mov dword ptr fs:[0x0],esp
  25.         __emit 0Fh
  26.         __emit 3Fh
  27.         __emit 07h
  28.         __emit 0Bh
  29.     }
  30.     if(x==false)
  31.     {
  32.         MessageBox(0,"VirtualPC detected","waliedassar",0);
  33.         ExitProcess(0);
  34.     }
  35.  
  36.     __asm
  37.     {
  38.         pop dword ptr fs:[0x0]
  39.         pop eax
  40.     }
  41.     return 0;
  42. }
RAW Paste Data