• ¡Welcome to Square Theme!
  • This news are in header template.
  • Please ignore this message.
مهمان عزیز خوش‌آمدید. ورود عضــویت


امتیاز موضوع:
  • 49 رای - 2.76 میانگین
  • 1
  • 2
  • 3
  • 4
  • 5
Title: AntiVmWare
حالت خطی
#1
The virtual machine system VMware uses a “backdoor
communication port” to be able to pass data between the host
and the guest operating system. This communication port is
used to read and write clipboard information, drag and drop
between host and guest operating system, and allow file
sharing between the two running systems. Communication on
this port occurs by using two privileged x86 instructions, “IN”
and “OUT”. These two instructions cannot normally be run
from an unprivileged vantage point and would generate an
exception; however when running under VMware, the
emulation layer has implemented these particular instructions
differently allowing them to be executed from an unprivileged
vantage point. As such we can use these methods to detect if
we are in a VMware virtual environment.
In the inline assembly below we setup a call to the “IN”
instruction by pushing a number of static values onto the stack.
The first parameter of interest is the static string ‘VMXh’.
This string is the “magic” value that must be present for the
virtual machine to know that the request is legitimate. The
value 10 is the particular VMware backdoor function that we
wish to execute, while the value ‘VX’ is the default port that
the VMware backdoor IO listens for. Finally we execute the
“IN” call and analyze the return value. If the return value is
zero, and we have reached our exception handler, we know
that we are not running in a virtual session. If the return value
is non zero and we do not reach out exception handler we are
running inside of VMware
کد:
Function AntiVMware():boolean;
begin
try
  asm
   push edx;
   push ecx;
   push ebx;
   mov eax, 'VMXh';
   mov ebx, 0; // This can be any value except MAGIC
   mov ecx, 10; // "CODE" to get the VMware Version
   mov edx, 'VX'; // Port Number
   in eax, dx; // Read port
   //On return EAX returns the VERSION
   cmp ebx, 'VMXh'; // is it VMware
   setz Result; //Set flag state
   pop ebx;
   pop ecx;
   pop edx;
  end;
except
  Result:= False;
end;
end;



[code]

if AntiVMware then
  MessageBox(0, 'VMware Instance Detected', 'VMware Detected', +MB_OK +MB_ICONINFORMATION)
  else
  MessageBox(0, 'No VMware Instance Detected', 'No VMware Detected', +MB_OK +MB_ICONINFORMATION);

با سورس بالا میتونید از اجرا شدن برنامه در محیط vm جلوگیری کنید.

بر روی این نسخه هم تست شده و جواب داده

VM WARE 7.1.0
گروه دور همی پارسی کدرز
https://t.me/joinchat/GxVRww3ykLynHFsdCvb7eg
 
پاسخ
  


پیام‌های این موضوع
AntiVmWare - توسط Amin_Mansouri - 10-18-2011، 03:43 AM
RE: AntiVmWare - توسط Saeed7007 - 03-15-2013، 01:34 AM
RE: AntiVmWare - توسط Amin_Mansouri - 03-15-2013، 10:39 AM
RE: AntiVmWare - توسط Saeed7007 - 03-15-2013، 02:48 PM
RE: AntiVmWare - توسط Amin_Mansouri - 03-17-2013، 08:46 PM
RE: AntiVmWare - توسط Kei armin - 03-17-2013، 09:51 PM
RE: AntiVmWare - توسط Amin_Mansouri - 03-17-2013، 10:15 PM

پرش به انجمن:


Browsing: 1 مهمان