• 87 Vote(s) - 2.56 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Delphi Anti Virtual PC/VMware
Virtual PC:
function running_inside_vpc: boolean; assembler;
push ebp

mov ecx, offset @@exception_handler
mov ebp, esp

push ebx
push ecx
push dword ptr fs:[0]
mov dword ptr fs:[0], esp

mov ebx, 0 // flag
mov eax, 1 // VPC function number

// call VPC
db 00Fh, 03Fh, 007h, 00Bh

mov eax, dword ptr ss:[esp]
mov dword ptr fs:[0], eax
add esp, 8

test ebx, ebx
setz al
lea esp, dword ptr ss:[ebp-4]
mov ebx, dword ptr ss:[esp]
mov ebp, dword ptr ss:[esp+4]
add esp, 8
jmp @@ret
mov ecx, [esp+0Ch]
mov dword ptr [ecx+0A4h], -1 // EBX = -1 -> not running, ebx = 0 -> running
add dword ptr [ecx+0B8h], 4 // -> skip past the detection code
xor eax, eax // exception is handled

// Simple VMware check on i386
// Note: There are plenty ways to detect VMware. This short version bases
// on the fact that VMware intercepts IN instructions to port 0x5658 with
// an magic value of 0x564D5868 in EAX. However, this is *NOT* officially
// documented (used by VMware tools to communicate with the host via VM).
// Because this might change in future versions - you should look out for
// additional checks (e.g. hardware device IDs, BIOS informations, etc.).
// Newer VMware BIOS has valid SMBIOS informations (you might use my BIOS
// Helper unit to dump the ROM-BIOS (http://www.bendlins.de/nico/delphi).

function IsVMwarePresent(): LongBool; stdcall; // platform;
Result := False;
mov eax, 564D5868h
mov ebx, 00000000h
mov ecx, 0000000Ah
mov edx, 00005658h
in eax, dx
cmp ebx, 564D5868h
jne @@exit
mov Result, True
Result := False;
وب سایت تحلیل ارز و دلار
برای دریافت قیمت ها اخبار اقتصادی دلار و ارز حتما وارد کانال تلگرام شوید .

Possibly Related Threads...
Thread Author Replies Views Last Post
  [Delphi] Simple Code Virtualization (Virtual Machine / Emulator) Amin_Mansouri 1 4,179 03-15-2013، 01:35 AM
Last Post: Saeed7007
  Anti Norman Online SandBox Amin_Mansouri 0 3,279 10-18-2011، 03:39 AM
Last Post: Amin_Mansouri
  [UNIT] SAD (Simple Anti Debug) Magic_h2001 Amin_Mansouri 0 3,550 10-18-2011، 01:25 AM
Last Post: Amin_Mansouri
  DELPHI OutputDebugStringA Anti Emulator ShellCode Amin_Mansouri 0 3,312 10-17-2011، 11:00 PM
Last Post: Amin_Mansouri
  [Snip] Another anti debugger procedure Amin_Mansouri 0 3,267 10-17-2011، 08:19 PM
Last Post: Amin_Mansouri
  [DELPHI]detect debuggers Amin_Mansouri 0 3,440 10-16-2011، 09:25 PM
Last Post: Amin_Mansouri
  [DELPHI]Anti JoeBox, CwSandbox, Anubis Amin_Mansouri 0 3,348 10-16-2011، 09:25 PM
Last Post: Amin_Mansouri
  [DELPHI]detect vm by krippler Amin_Mansouri 0 3,433 10-16-2011، 08:23 PM
Last Post: Amin_Mansouri
  [DELPHI]Anti ThreatExpert Amin_Mansouri 0 2,965 10-16-2011، 08:20 PM
Last Post: Amin_Mansouri
  AntiEmulators delphi Amin_Mansouri 0 3,205 10-15-2011، 09:57 PM
Last Post: Amin_Mansouri

Forum Jump:

Users browsing this thread: 1 Guest(s)