#1
|
||||
|
||||
Detect VirtualPC or VMWARE [ASM]
[NASM compiler]
VirtualPC: push ebp mov ecx, offset @@exception_handler mov ebp, esp push ebx push ecx push dword ptr fs:[0] mov dword ptr fs:[0], esp mov ebx, 0 ; flag mov eax, 1 ; VPC function number ; call VPC db 00Fh, 03Fh, 007h, 00Bh mov eax, dword ptr ss:[esp] mov dword ptr fs:[0], eax add esp, 8 test ebx, ebx setz al lea esp, dword ptr ss:[ebp-4] mov ebx, dword ptr ss:[esp] mov ebp, dword ptr ss:[esp+4] add esp, 8 jmp @@ret @@exception_handler: mov ecx, [esp+0Ch] mov dword ptr [ecx+0A4h], -1 ; EBX = -1 -> not running, ebx = 0 -> running add dword ptr [ecx+0B8h], 4 ; -> skip past the detection code xor eax, eax ; exception is handled ret @@ret: VMWare: mov eax, 564D5868h mov ebx, 00000000h mov ecx, 0000000Ah mov edx, 00005658h in eax, dx cmp ebx, 564D5868h jne @@exit mov Result, True @@exit: |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Detect It Easy 2.0 | hors | Community Tools | 30 | 12-29-2023 05:32 |
Detect It Easy 0.73 | Dreamer | Community Tools | 85 | 11-03-2019 23:08 |