View Single Post
  #1  
Old 12-05-2004, 23:48
taos's Avatar
taos taos is offline
The Art Of Silence
 
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 133 Times in 36 Posts
taos Reputation: 54
Post Detect VirtualPC or VMWARE [ASM]

[NASM compiler]
VirtualPC:
push ebp
mov ecx, offset @@exception_handler
mov ebp, esp
push ebx
push ecx
push dword ptr fs:[0]
mov dword ptr fs:[0], esp
mov ebx, 0 ; flag
mov eax, 1 ; VPC function number
; call VPC
db 00Fh, 03Fh, 007h, 00Bh
mov eax, dword ptr ss:[esp]
mov dword ptr fs:[0], eax
add esp, 8
test ebx, ebx
setz al
lea esp, dword ptr ss:[ebp-4]
mov ebx, dword ptr ss:[esp]
mov ebp, dword ptr ss:[esp+4]
add esp, 8
jmp @@ret
@@exception_handler:
mov ecx, [esp+0Ch]
mov dword ptr [ecx+0A4h], -1 ; EBX = -1 -> not running, ebx = 0 -> running
add dword ptr [ecx+0B8h], 4 ; -> skip past the detection code
xor eax, eax ; exception is handled
ret
@@ret:


VMWare:
mov eax, 564D5868h
mov ebx, 00000000h
mov ecx, 0000000Ah
mov edx, 00005658h
in eax, dx
cmp ebx, 564D5868h
jne @@exit
mov Result, True
@@exit:
Reply With Quote