Exetools  

Go Back   Exetools > General > General Discussion

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 12-05-2004, 23:48
taos's Avatar
taos taos is offline
The Art Of Silence
 
Join Date: Aug 2004
Location: In front of my screen
Posts: 573
Rept. Given: 65
Rept. Rcvd 44 Times in 18 Posts
Thanks Given: 61
Thanks Rcvd at 78 Times in 33 Posts
taos Reputation: 44
Post Detect VirtualPC or VMWARE [ASM]

[NASM compiler]
VirtualPC:
push ebp
mov ecx, offset @@exception_handler
mov ebp, esp
push ebx
push ecx
push dword ptr fs:[0]
mov dword ptr fs:[0], esp
mov ebx, 0 ; flag
mov eax, 1 ; VPC function number
; call VPC
db 00Fh, 03Fh, 007h, 00Bh
mov eax, dword ptr ss:[esp]
mov dword ptr fs:[0], eax
add esp, 8
test ebx, ebx
setz al
lea esp, dword ptr ss:[ebp-4]
mov ebx, dword ptr ss:[esp]
mov ebp, dword ptr ss:[esp+4]
add esp, 8
jmp @@ret
@@exception_handler:
mov ecx, [esp+0Ch]
mov dword ptr [ecx+0A4h], -1 ; EBX = -1 -> not running, ebx = 0 -> running
add dword ptr [ecx+0B8h], 4 ; -> skip past the detection code
xor eax, eax ; exception is handled
ret
@@ret:


VMWare:
mov eax, 564D5868h
mov ebx, 00000000h
mov ecx, 0000000Ah
mov edx, 00005658h
in eax, dx
cmp ebx, 564D5868h
jne @@exit
mov Result, True
@@exit:
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Detect It Easy 2.0 hors Community Tools 15 08-01-2020 23:39
Detect It Easy 0.73 Dreamer Community Tools 85 11-03-2019 23:08


All times are GMT +8. The time now is 22:15.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )