waliedassar

Detect VirtualPC (The "x0Fx3F" TRICK)

Oct 8th, 2012
1,182
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com (@waleedassar)
  2. //If running inside VirtualPC, the Illegal Instruction exception will be swallowed and no exception is raised.
  3. // In this code "\x0f\x3F\x07\x0B" is used, other "\x0F\x3F\xXX\xXX" are also working.
  4. //For more: http://pastebin.com/VDDRcmdL
  5. #include "stdafx.h"
  6. #include "windows.h"
  7. #include "stdio.h"
  8.  
  9. bool x=false;
  10.  
  11. int __cdecl Handler(EXCEPTION_RECORD* pRec,void* est,unsigned char* pContext,void* disp)
  12. {
  13.       x=true;
  14.       (*(unsigned long*)(pContext+0xB8))+=4;
  15.       return ExceptionContinueExecution;
  16. }
  17.  
  18. int main(int argc, char* argv[])
  19. {
  20.     __asm
  21.     {
  22.         push offset Handler
  23.         push dword ptr fs:[0x0]
  24.         mov dword ptr fs:[0x0],esp
  25.         __emit 0Fh
  26.         __emit 3Fh
  27.         __emit 07h
  28.         __emit 0Bh
  29.     }
  30.     if(x==false)
  31.     {
  32.         MessageBox(0,"VirtualPC detected","waliedassar",0);
  33.         ExitProcess(0);
  34.     }
  35.  
  36.     __asm
  37.     {
  38.         pop dword ptr fs:[0x0]
  39.         pop eax
  40.     }
  41.     return 0;
  42. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×